summaryrefslogtreecommitdiff
path: root/templates/site.erb
blob: 20546f5f0817b644e744ea885e1b7edd9f75bbd7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# begin vhost for <%= @title %>
<VirtualHost <%= @listen %>:<%= scope.lookupvar('apache::http_port') %>>
   ServerName <%= @title %>.<%= @hosting_domain %>
<% if @server_alias != false %>   ServerAlias <%= @server_alias %><% end %>
   DocumentRoot <%= @docroot %>
<% if @https_redirect != false or @canonical != false %>
   RewriteEngine On
<% end -%>
<% if @https_redirect != false %>
   # Redirect all HTTP to HTTPS
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
<% if @redirect_match != false %>   RedirectMatch ^/$ <%= @protocol %>://<%= @title %>.<%= @hosting_domain %>/<%= @redirect_match %><% end %>
<% if @redirect != false %>   Redirect <%= @redirect %><% end %>
<% if @aliases != false %><% @aliases.each do |map| -%>
   Alias <%= map %>
<% end -%><% end -%>
<% if @use != false %><% @use.each do |instance| -%>
   Use <%= instance %>
<% end -%><% end -%>
<% if @mpm == true %>
   <IfModule mpm_itk_module>
     AssignUserId <%= @user %> <%= @gid %>
   </IfModule>
<% end %>
<% if @canonical != false %>
   <%- for canonical_exception in @canonical_exceptions -%>
   RewriteCond %{HTTP_HOST}   !=<%= canonical_exception %> [NC]
   <%- end -%>
   RewriteCond %{HTTP_HOST}   !=<%= @canonical %> [NC]
   RewriteCond %{HTTP_HOST}   !=""
   RewriteRule ^/(.*)         <%= @protocol %>://<%= @canonical %>/$1 [L,R=301]
<% end %>
<% if @custom_directives != false -%>
   <%= @custom_directives %>
<% end -%>
<% if @allow_override != false %>
   <Directory <%= @docroot %>>
     AllowOverride <%= @allow_override %>
   </Directory>
<% end -%>
<% if @certbot != false -%>
   # Add Alias For Lets Encrypt WebRoot Authentication Using ACME
   # See https://ubuntu101.co.za/ssl/postfix-and-dovecot-on-ubuntu-with-a-lets-encrypt-ssl-certificate/
   AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/$1
   Alias /.well-known/acme-challenge/ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/
   <Directory "/var/spool/certbot/<%= @name %>/.well-known/acme-challenge/">
     Options None
     AllowOverride None
     ForceType text/plain
     RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
   </Directory>
<% end -%>
</VirtualHost>
# end vhost for <%= @title %>
<% if @ssl == true %>
# begin ssl vhost for <%= @title %>
<VirtualHost <%= @listen %>:<%= scope.lookupvar('apache::https_port') %>>
   # Use HTTP Strict Transport Security to force client to use secure connections only
   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

   ServerName <%= @title %>.<%= @hosting_domain %>
<% if @server_alias != false %>   ServerAlias <%= @server_alias %><% end %>
   DocumentRoot <%= @docroot %>
<% if @redirect_match != false %>   RedirectMatch ^/$ <%= @protocol %>://<%= @title %>.<%= @hosting_domain %>/<%= @redirect_match %><% end %>
<% if @redirect != false %>   Redirect <%= @redirect %><% end %>
<% if @aliases != false %><% aliases.each do |map| -%>
   Alias <%= @map %>
<% end -%><% end -%>
<% if @use != false %><% @use.each do |instance| -%>
   Use <%= instance %>
<% end -%><% end -%>
<% if @custom_directives != false -%>
  <%= @custom_directives %>
<% end -%>
<% if @allow_override != false %>
   <Directory <%= @docroot %>>
     AllowOverride <%= @allow_override %>
   </Directory>
<% end -%>
<% if @mpm == true %>
   <IfModule mpm_itk_module>
     AssignUserId <%= @user %> <%= @gid %>
   </IfModule>
<% end %>
   # SSL Configuration
   SSLEngine on
   SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH
   SSLHonorCipherOrder on
   SSLCompression off
   SSLCertificateFile    /etc/ssl/certs/<%= @title %>.crt
   SSLCertificateKeyFile /etc/ssl/private/<%= @title %>.pem
</VirtualHost>
# end ssl vhost for <%= @title %>
<% end %>