ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Cramer
2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2 
 server/conf/vhost.conf.master


@@ -20,7 +20,11 @@


      <tmpl_if name='php' op='==' value='php-fpm'>


      DocumentRoot <tmpl_var name='web_document_root'>


      </tmpl_else>


      DocumentRoot <tmpl_var name='web_document_root_www'>


         <tmpl_if name='php' op='==' value='hhvm'>


         DocumentRoot <tmpl_var name='web_document_root'>


         </tmpl_else>


         DocumentRoot <tmpl_var name='web_document_root_www'>


         </tmpl_if>


      </tmpl_if>


   </tmpl_if>


</tmpl_if>


@@ -47,11 +51,24 @@




      <IfModule mod_ssl.c>


<tmpl_if name='ssl_enabled'>


   SSLEngine on


      SSLEngine on


      SSLProtocol All -SSLv2 -SSLv3


      SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA


      SSLHonorCipherOrder     on


      <IfModule mod_headers.c>


      Header always add Strict-Transport-Security "max-age=15768000"


      </IfModule>


      SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt


      SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key


<tmpl_if name='has_bundle_cert'>


      SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle


      <tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>


      SSLCertificateChainFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle


      </tmpl_if>


      <tmpl_if name='apache_version' op='>=' value='2.4' format='version'>


      SSLUseStapling on


      SSLStaplingResponderTimeout 5


      SSLStaplingReturnResponderErrors off


      </tmpl_if>


</tmpl_if>


</tmpl_if>


      </IfModule>


@@ -197,6 +214,9 @@


<tmpl_if name='php' op='==' value='mod'>


      # mod_php enabled


      AddType application/x-httpd-php .php .php3 .php4 .php5


      SetEnv TMP <tmpl_var name='document_root'>/tmp


      SetEnv TMPDIR <tmpl_var name='document_root'>/tmp


      SetEnv TEMP <tmpl_var name='document_root'>/tmp


      php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"


      php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp


      php_admin_value session.save_path <tmpl_var name='document_root'>/tmp


@@ -325,10 +345,13 @@


                  SetHandler php5-fcgi


               </FilesMatch>


            </Directory>


                Action php5-fcgi /php5-fcgi


                Action php5-fcgi /php5-fcgi virtual


            Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}


<tmpl_if name='use_tcp'>


                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization


                <IfModule mod_proxy_fcgi.c>


         ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1


                </IfModule>


</tmpl_if>


<tmpl_if name='use_socket'>


                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization


@@ -336,15 +359,45 @@


      </IfModule>


</tmpl_if>




<tmpl_if name='php' op='==' value='hhvm'>


      <IfModule mod_fastcgi.c>


            <Directory {tmpl_var name='document_root'}/cgi-bin>


               <tmpl_if name='apache_version' op='>' value='2.2' format='version'>


               Require all granted


               <tmpl_else>


               Order allow,deny


               Allow from all


               </tmpl_if>


             </Directory>


            <Directory {tmpl_var name='web_document_root_www'}>


               <FilesMatch "\.php[345]?$">


                  SetHandler hhvm-fcgi


               </FilesMatch>


               <FilesMatch "\.hh$">


                  SetHandler hhvm-fcgi


               </FilesMatch>


            </Directory>


            <Directory {tmpl_var name='web_document_root'}>


               <FilesMatch "\.php[345]?$">


                  SetHandler hhvm-fcgi


               </FilesMatch>


               <FilesMatch "\.hh$">


                  SetHandler hhvm-fcgi


               </FilesMatch>


            </Directory>


                Action hhvm-fcgi /hhvm-fcgi virtual


            Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}


                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock -pass-header Authorization


      </IfModule>


</tmpl_if>




<tmpl_if name="rewrite_enabled">


      RewriteEngine on


<tmpl_if name='seo_redirect_enabled'>


      RewriteCond %{HTTP_HOST} <tmpl_var name='seo_base_domain'>$ [NC]


      RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]


      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,L]


</tmpl_if>


<tmpl_loop name="alias_seo_redirects">


      RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_base_domain'>$ [NC]


      RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]


      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,L]


</tmpl_loop>


@@ -359,6 +412,12 @@


      RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>


   


</tmpl_loop>


<tmpl_if name='ssl_enabled'>


<tmpl_if name='rewrite_to_https' op='==' value='y'>


        RewriteCond %{HTTPS} off


        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


</tmpl_if>


</tmpl_if>


</tmpl_if>




      # add support for apache mpm_itk


@@ -386,4 +445,4 @@




<tmpl_var name='apache_directives'>


</VirtualHost>


</tmpl_loop>


</tmpl_loop>