Created
March 28, 2011 11:18
-
-
Save oloflarsson/890304 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SSLEngine on | |
| SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | |
| SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | |
| <FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
| SSLOptions +StdEnvVars | |
| </FilesMatch> | |
| <Directory /usr/lib/cgi-bin> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| BrowserMatch "MSIE [2-6]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| # MSIE 7 and newer should be able to use keepalive | |
| BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the file where I define my macros | |
| ####################################################### | |
| #-----------------------------------------------------# | |
| # EVERYDAY SITE TEMPLATES | |
| #-----------------------------------------------------# | |
| ####################################################### | |
| # ====================================== | |
| # MACRO "VHostSimple" | |
| # ====================================== | |
| # $user - the name of the user (group is assumed to be the same) | |
| # $domain - the ServerName | |
| # $usealias - "no" | "yes". Should we use the alias? | |
| # $alias - an alias we will eventually use | |
| # $logmode - "none" | "errors" | "full" | |
| <Macro VHostSimple $user $domain $usealias $alias $logmode> | |
| <VirtualHost *:80> | |
| Use VHostSimpleInner $user $domain $usealias $alias $logmode | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| Use VHostSimpleInner $user $domain $usealias $alias $logmode | |
| Use MacroDefaultSSL | |
| </VirtualHost> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "VHostSimpleInner" | |
| # ====================================== | |
| # What is same regardless of SSL | |
| <Macro VHostSimpleInner $user $domain $usealias $alias $logmode> | |
| ServerName $domain | |
| Use MacroIfeq_usealias_$usealias $alias | |
| Use VHostSimpleIfeq_logmode_$logmode $user $domain | |
| DocumentRoot /home/$user/files/websites/$domain/base/ | |
| <Directory "/home/$user/files/websites/$domain/base/" > | |
| Order allow,deny | |
| allow from all | |
| AllowOverride All | |
| </Directory> | |
| <IfModule mpm_itk_module> | |
| AssignUserId $user $user | |
| </IfModule> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "VHostSimpleIfeq_logmode_XXXXX" | |
| # ====================================== | |
| # "none" | "errors" | "full" | |
| <Macro VHostSimpleIfeq_logmode_full $user $domain> | |
| CustomLog /home/$user/files/websites/$domain/logs/access.log common | |
| ErrorLog /home/$user/files/websites/$domain/logs/error.log | |
| LogLevel warn | |
| </Macro> | |
| <Macro VHostSimpleIfeq_logmode_errors $user $domain> | |
| ErrorLog /home/$user/files/websites/$domain/logs/error.log | |
| LogLevel warn | |
| </Macro> | |
| <Macro VHostSimpleIfeq_logmode_none $user $domain> | |
| # Do nothing | |
| <IfModule herpaderpderp-$user-$domain> | |
| Include /etc/apache2/herpaderpderp | |
| </IfModule> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "VHostLocalProxy" | |
| # ====================================== | |
| # $port - the port | |
| # $domain - the ServerName | |
| # $usealias - "no" | "yes". Should we use the alias? | |
| # $alias - an alias we will eventually use | |
| # $log - "yes" | "no" | |
| <Macro VHostLocalProxy $port $domain $usealias $alias $log> | |
| <VirtualHost *:80> | |
| ServerName $domain | |
| Use MacroIfeq_usealias_$usealias $alias | |
| Use VHostLocalProxyIfeq_log_$log $port $domain | |
| ProxyRequests Off | |
| <Proxy *> | |
| Order deny,allow | |
| Allow from all | |
| </Proxy> | |
| ProxyPreserveHost on | |
| ProxyPass / http://localhost:$port/ | |
| </VirtualHost> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "VHostLocalProxyIfeq_log_XXXXX" | |
| # ====================================== | |
| # "yes" | "no" | |
| <Macro VHostLocalProxyIfeq_log_yes $port $domain> | |
| CustomLog /var/log/apache2/proxy$port_$domain_access.log common | |
| ErrorLog /var/log/apache2/proxy$port_$domain_error.log | |
| LogLevel warn | |
| </Macro> | |
| <Macro VHostLocalProxyIfeq_log_no $port $domain> | |
| # Do nothing | |
| <IfModule herpaderpderp-$port-$domain> | |
| Include /etc/apache2/herpaderpderp | |
| </IfModule> | |
| </Macro> | |
| ####################################################### | |
| #-----------------------------------------------------# | |
| # STANDALONE UTILITY SUBPARTS | |
| #-----------------------------------------------------# | |
| ####################################################### | |
| # ====================================== | |
| # MACRO "MacroDefaultSSL" | |
| # ====================================== | |
| <Macro MacroDefaultSSL> | |
| SSLEngine on | |
| SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | |
| SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | |
| <FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
| SSLOptions +StdEnvVars | |
| </FilesMatch> | |
| <Directory /usr/lib/cgi-bin> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| BrowserMatch "MSIE [2-6]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| # MSIE 7 and newer should be able to use keepalive | |
| BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | |
| </Macro> | |
| # ====================================== | |
| # MACRO "MacroIfeq_usealias_XXXXX" | |
| # ====================================== | |
| <Macro MacroIfeq_usealias_no $alias> | |
| # Do nothing | |
| <IfModule herpaderpderp-$alias> | |
| Include /etc/apache2/herpaderpderp | |
| </IfModule> | |
| </Macro> | |
| <Macro MacroIfeq_usealias_yes $alias> | |
| ServerAlias $alias | |
| </Macro> | |
| ####################################################### | |
| #-----------------------------------------------------# | |
| # OFTEN USED SPECIALS | |
| #-----------------------------------------------------# | |
| ####################################################### | |
| # ====================================== | |
| # MACRO "MacroDefaultCatchersite" | |
| # ====================================== | |
| <Macro MacroDefaultCatchersite> | |
| <VirtualHost *:80> | |
| Use MacroDefaultCatchersiteInner | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| Use MacroDefaultCatchersiteInner | |
| Use MacroDefaultSSL | |
| </VirtualHost> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "MacroDefaultCatchersiteInner" | |
| # ====================================== | |
| <Macro MacroDefaultCatchersiteInner> | |
| DocumentRoot /var/www/ | |
| <Directory "/var/www/" > | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| AssignUserId www-data www-data | |
| </Macro> | |
| # ====================================== | |
| # MACRO "MacroPHPMyAdmin" | |
| # ====================================== | |
| # $user - the name of the user (group is assumed to be the same) | |
| # $domain - the ServerName | |
| # $usealias - "no" | "yes". Should we use the alias? | |
| # $alias - an alias we will eventually use | |
| # $base - the basefolder for the installation | |
| <Macro MacroPHPMyAdmin $user $domain $usealias $alias $base> | |
| <VirtualHost *:80> | |
| Use MacroPHPMyAdminInner $user $domain $usealias $alias $base | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| Use MacroPHPMyAdminInner $user $domain $usealias $alias $base | |
| Use MacroDefaultSSL | |
| </VirtualHost> | |
| </Macro> | |
| # ====================================== | |
| # MACRO "MacroPHPMyAdminInner" | |
| # ====================================== | |
| # What is same regardless of SSL | |
| <Macro MacroPHPMyAdminInner $user $domain $usealias $alias $base> | |
| ServerName $domain | |
| Use MacroIfeq_usealias_$usealias $alias | |
| DocumentRoot $base/ | |
| <Directory "$base/" > | |
| Order allow,deny | |
| allow from all | |
| AllowOverride All | |
| </Directory> | |
| <Directory "$base/libraries/" > | |
| Order deny,allow | |
| Deny from all | |
| </Directory> | |
| <Directory "$base/setup/" > | |
| Order deny,allow | |
| Deny from all | |
| </Directory> | |
| <IfModule mpm_itk_module> | |
| AssignUserId $user $user | |
| </IfModule> | |
| </Macro> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Start with the catcher | |
| Use MacroDefaultCatchersite | |
| # Then the PHPMyAdmin | |
| Use MacroPHPMyAdmin www-data YOUR.DOMAIN.NAME no alias /usr/share/phpmyadmin | |
| # ====================================== | |
| # MACRO "VHostSimple" | |
| # ====================================== | |
| # $user - the name of the user (group is assumed to be the same) | |
| # $domain - the ServerName | |
| # $usealias - "no" | "yes". Should we use the alias? | |
| # $alias - an alias we will eventually use | |
| # $logmode - "none" | "errors" | "full" | |
| # ====================================== | |
| # MACRO "VHostLocalProxy" | |
| # ====================================== | |
| # $port - the port | |
| # $domain - the ServerName | |
| # $usealias - "no" | "yes". Should we use the alias? | |
| # $alias - an alias we will eventually use | |
| # $log - "yes" | "no" | |
| #Use VHostSimple USERNAME THAT.DOMAIN.NAME YES/NO ALIAS LOGMODE | |
| #Use VHostLocalProxy PORT SOME.DOMAIN.NAME YES/NO ALIAS YES/NO |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Disable access to the entire file system except for the directories that | |
| # are explicitly allowed later. | |
| # | |
| # This currently breaks the configurations that come with some web application | |
| # Debian packages. It will be made the default for the release after lenny. | |
| # | |
| <Directory /> | |
| AllowOverride None | |
| Order Deny,Allow | |
| Deny from all | |
| Options FollowSymLinks | |
| </Directory> | |
| # Changing the following options will not really affect the security of the | |
| # server, but might make attacks slightly more difficult in some cases. | |
| # | |
| # ServerTokens | |
| # This directive configures what you return as the Server HTTP response | |
| # Header. The default is 'Full' which sends information about the OS-Type | |
| # and compiled in modules. | |
| # Set to one of: Full | OS | Minimal | Minor | Major | Prod | |
| # where Full conveys the most information, and Prod the least. | |
| # | |
| ServerTokens Minimal | |
| #ServerTokens OS | |
| #ServerTokens Full | |
| # | |
| # Optionally add a line containing the server version and virtual host | |
| # name to server-generated pages (internal error documents, FTP directory | |
| # listings, mod_status and mod_info output etc., but not CGI generated | |
| # documents or custom error documents). | |
| # Set to "EMail" to also include a mailto: link to the ServerAdmin. | |
| # Set to one of: On | Off | EMail | |
| # | |
| ServerSignature Off | |
| #ServerSignature On | |
| # | |
| # Allow TRACE method | |
| # | |
| # Set to "extended" to also reflect the request body (only for testing and | |
| # diagnostic purposes). | |
| # | |
| # Set to one of: On | Off | extended | |
| # | |
| TraceEnable Off | |
| #TraceEnable On | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment