Removed broken logo upload. Needs to be reimplemented from scratch.

Till Brehm

2016-04-20 fe39f6bd20cba56b78e5e80ef4b6d47c8a2e4917

 server/conf/vhost.conf.master

@@ -1,3 +1,4 @@
<tmpl_hook name='apache2_vhost:header'>

<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
      AllowOverride None
@@ -9,8 +10,9 @@
      </tmpl_if>
</Directory>

<tmpl_loop name="vhosts">
<tmpl_loop name='vhosts'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
<tmpl_hook name='apache2_vhost:vhost_header'>
<tmpl_if name='php' op='==' value='suphp'>
      DocumentRoot <tmpl_var name='web_document_root'>
</tmpl_else>
@@ -51,12 +53,23 @@

      <IfModule mod_ssl.c>
<tmpl_if name='ssl_enabled'>
   SSLEngine on
      SSLEngine on
      SSLProtocol All -SSLv2 -SSLv3
      SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
      SSLHonorCipherOrder     on
      <IfModule mod_headers.c>
      Header always add Strict-Transport-Security "max-age=15768000"
      </IfModule>
      SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt
      SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key
<tmpl_if name='has_bundle_cert'>
      <tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>
      SSLCertificateChainFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle
      </tmpl_if>
      <tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
      SSLUseStapling on
      SSLStaplingResponderTimeout 5
      SSLStaplingReturnResponderErrors off
      </tmpl_if>
</tmpl_if>
</tmpl_if>
@@ -203,6 +216,9 @@
<tmpl_if name='php' op='==' value='mod'>
      # mod_php enabled
      AddType application/x-httpd-php .php .php3 .php4 .php5
      SetEnv TMP <tmpl_var name='document_root'>/tmp
      SetEnv TMPDIR <tmpl_var name='document_root'>/tmp
      SetEnv TEMP <tmpl_var name='document_root'>/tmp
      php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
      php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
      php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
@@ -231,9 +247,16 @@
      # php as cgi enabled
      ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
      Action php5-cgi /php5-cgi
      <FilesMatch "\.php[345]?$">
         SetHandler php5-cgi
      </FilesMatch>
      <Directory {tmpl_var name='web_document_root_www'}>
         <FilesMatch "\.php[345]?$">
            SetHandler php5-cgi
         </FilesMatch>
      </Directory>
      <Directory {tmpl_var name='web_document_root'}>
         <FilesMatch "\.php[345]?$">
            SetHandler php5-cgi
         </FilesMatch>
      </Directory>
      <Directory {tmpl_var name='cgi_starter_path'}>
         <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
         Require all granted
@@ -263,7 +286,7 @@
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            DefaultMaxClassProcessCount 10
            IPCConnectTimeout 3
            IPCCommTimeout 600
            BusyTimeout 3600
@@ -328,6 +351,9 @@
            Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
<tmpl_if name='use_tcp'>
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization
                <IfModule mod_proxy_fcgi.c>
         ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
                </IfModule>
</tmpl_if>
<tmpl_if name='use_socket'>
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization
@@ -369,25 +395,41 @@

<tmpl_if name="rewrite_enabled">
      RewriteEngine on
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
      RewriteEngine on
      RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
      RewriteRule ^ - [END]
</tmpl_if>
<tmpl_if name='seo_redirect_enabled'>
      RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,L]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,NE,L]
</tmpl_if>
<tmpl_loop name="alias_seo_redirects">
      RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,L]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
      RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,NE,L]
</tmpl_loop>
<tmpl_loop name="redirects">
      RewriteCond %{HTTP_HOST}   <tmpl_var name='rewrite_domain'>$ [NC]
      <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
<tmpl_if name="rewrite_is_url" op="==" value="n">
      RewriteCond %{REQUEST_URI} !^/webdav/
      RewriteCond %{REQUEST_URI} !^/php5-fcgi/
      RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
</tmpl_if>
      
      RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_if name='rewrite_type' value=''><tmpl_if name="rewrite_is_url" op="==" value="n">[PT]</tmpl_if></tmpl_else><tmpl_var name='rewrite_type'></tmpl_if>
      RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
   
</tmpl_loop>
<tmpl_if name='ssl_enabled'>
<tmpl_else>
<tmpl_if name='rewrite_to_https' op='==' value='y'>
        RewriteCond %{HTTPS} off
        <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/</tmpl_if>
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</tmpl_if>
</tmpl_if>
</tmpl_if>

      # add support for apache mpm_itk
@@ -414,5 +456,17 @@
      </IfModule>

<tmpl_var name='apache_directives'>
<tmpl_hook name='apache2_vhost:vhost_footer'>
</VirtualHost>

<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
        SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>
</tmpl_if>

</tmpl_loop>

<tmpl_hook name='apache2_vhost:footer'>