Created
June 22, 2015 16:21
-
-
Save gOOvER/a80e2b1b7735a731e463 to your computer and use it in GitHub Desktop.
Revisions
-
gOOvER created this gist
Jun 22, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,454 @@ <Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}> AllowOverride None <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all denied <tmpl_else> Order Deny,Allow Deny from all </tmpl_if> </Directory> <tmpl_loop name="vhosts"> <VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}> <tmpl_if name='php' op='==' value='suphp'> DocumentRoot <tmpl_var name='web_document_root'> </tmpl_else> <tmpl_if name='php' op='==' value='cgi'> DocumentRoot <tmpl_var name='web_document_root'> </tmpl_else> <tmpl_if name='php' op='==' value='php-fpm'> DocumentRoot <tmpl_var name='web_document_root'> </tmpl_else> <tmpl_if name='php' op='==' value='hhvm'> DocumentRoot <tmpl_var name='web_document_root'> </tmpl_else> DocumentRoot <tmpl_var name='web_document_root_www'> </tmpl_if> </tmpl_if> </tmpl_if> </tmpl_if> ServerName <tmpl_var name='domain'> <tmpl_if name='alias'> <tmpl_var name='alias'> </tmpl_if> ServerAdmin webmaster@<tmpl_var name='domain'> ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log <tmpl_if name='errordocs'> Alias /error/ "<tmpl_var name='web_document_root_www'>/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html </tmpl_if> <IfModule mod_ssl.c> <tmpl_if name='ssl_enabled'> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on <IfModule mod_headers.c> Header always add Strict-Transport-Security "max-age=15768000" </IfModule> SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.crt SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.key <tmpl_if name='has_bundle_cert'> <tmpl_if name='apache_version' op='<' value='2.4.8' format='version'> SSLCertificateChainFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='ssl_domain'>.bundle </tmpl_if> <tmpl_if name='apache_version' op='>=' value='2.4' format='version'> SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off </tmpl_if> </tmpl_if> </tmpl_if> </IfModule> <Directory {tmpl_var name='web_document_root_www'}> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride <tmpl_var name='allow_override'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> <tmpl_if name='ssi' op='==' value='y'> # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </tmpl_if> <tmpl_if name='php' op='==' value='no'> <Files ~ '.php[s3-6]{0,1}$'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all denied <tmpl_else> Order allow,deny Deny from all Allow from none </tmpl_if> </Files> </tmpl_if> </Directory> <Directory {tmpl_var name='web_document_root'}> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride <tmpl_var name='allow_override'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> <tmpl_if name='ssi' op='==' value='y'> # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </tmpl_if> <tmpl_if name='php' op='==' value='no'> <Files ~ '.php[s3-6]{0,1}$'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all denied <tmpl_else> Order allow,deny Deny from all Allow from none </tmpl_if> </Files> </tmpl_if> </Directory> <tmpl_if name='ruby' op='==' value='y'> <IfModule mod_ruby.c> <Directory {tmpl_var name='web_document_root_www'}> Options +ExecCGI </Directory> RubyRequire apache/ruby-run #RubySafeLevel 0 AddType text/html .rb AddType text/html .rbx <Files *.rb> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> <Files *.rbx> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> </IfModule> </tmpl_if> <tmpl_if name='perl' op='==' value='y'> <IfModule mod_perl.c> PerlModule ModPerl::Registry PerlModule Apache2::Reload <Directory {tmpl_var name='web_document_root_www'}> PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> <Directory {tmpl_var name='web_document_root'}> PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> <Files *.pl> SetHandler perl-script </Files> </IfModule> </tmpl_if> <tmpl_if name='python' op='==' value='y'> <IfModule mod_python.c> <Directory {tmpl_var name='web_document_root_www'}> <FilesMatch "\.py$"> SetHandler mod_python </FilesMatch> PythonHandler mod_python.publisher PythonDebug On </Directory> </IfModule> </tmpl_if> <tmpl_if name='cgi' op='==' value='y'> # cgi enabled <Directory {tmpl_var name='document_root'}/cgi-bin> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> ScriptAlias /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/ <FilesMatch "\.(cgi|pl)$"> SetHandler cgi-script </FilesMatch> </tmpl_if> <tmpl_if name='suexec' op='==' value='y'> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'> </IfModule> </tmpl_if> <tmpl_if name='php' op='==' value='mod'> # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 SetEnv TMP <tmpl_var name='document_root'>/tmp SetEnv TMPDIR <tmpl_var name='document_root'>/tmp SetEnv TEMP <tmpl_var name='document_root'>/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>" php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp php_admin_value session.save_path <tmpl_var name='document_root'>/tmp # PHPIniDir <tmpl_var name='custom_php_ini_dir'> <tmpl_if name='security_level' op='==' value='20'> php_admin_value open_basedir <tmpl_var name='php_open_basedir'> </tmpl_if> </tmpl_if> <tmpl_if name='php' op='==' value='suphp'> # suphp enabled <Directory {tmpl_var name='web_document_root'}> <IfModule mod_suphp.c> suPHP_Engine on # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'> <tmpl_if name='has_custom_php_ini'> suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'> </tmpl_if> <FilesMatch "\.php[345]?$"> SetHandler x-httpd-suphp </FilesMatch> suPHP_AddHandler x-httpd-suphp </IfModule> </Directory> </tmpl_if> <tmpl_if name='php' op='==' value='cgi'> # php as cgi enabled ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'> Action php5-cgi /php5-cgi <Directory {tmpl_var name='web_document_root_www'}> <FilesMatch "\.php[345]?$"> SetHandler php5-cgi </FilesMatch> </Directory> <Directory {tmpl_var name='web_document_root'}> <FilesMatch "\.php[345]?$"> SetHandler php5-cgi </FilesMatch> </Directory> <Directory {tmpl_var name='cgi_starter_path'}> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> </tmpl_if> <tmpl_if name='php' op='==' value='fast-cgi'> # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html <IfModule mod_fcgid.c> <tmpl_if name='fastcgi_config_syntax' op='==' value='2'> FcgidIdleTimeout 300 FcgidProcessLifeTime 3600 # FcgidMaxProcesses 1000 FcgidMaxRequestsPerProcess <tmpl_var name='fastcgi_max_requests'> FcgidMinProcessesPerClass 0 FcgidMaxProcessesPerClass 10 FcgidConnectTimeout 3 FcgidIOTimeout 600 FcgidBusyTimeout 3600 FcgidMaxRequestLen 1073741824 <tmpl_else> IdleTimeout 300 ProcessLifeTime 3600 # MaxProcessCount 1000 DefaultMinClassProcessCount 0 DefaultMaxClassProcessCount 100 IPCConnectTimeout 3 IPCCommTimeout 600 BusyTimeout 3600 </tmpl_if> </IfModule> <Directory {tmpl_var name='web_document_root_www'}> <FilesMatch "\.php[345]?$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3 FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4 FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5 Options +ExecCGI AllowOverride <tmpl_var name='allow_override'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> <Directory {tmpl_var name='web_document_root'}> <FilesMatch "\.php[345]?$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3 FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4 FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5 Options +ExecCGI AllowOverride <tmpl_var name='allow_override'> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> </tmpl_if> <tmpl_if name='php' op='==' value='php-fpm'> <IfModule mod_fastcgi.c> <Directory {tmpl_var name='document_root'}/cgi-bin> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> <Directory {tmpl_var name='web_document_root_www'}> <FilesMatch "\.php[345]?$"> SetHandler php5-fcgi </FilesMatch> </Directory> <Directory {tmpl_var name='web_document_root'}> <FilesMatch "\.php[345]?$"> SetHandler php5-fcgi </FilesMatch> </Directory> Action php5-fcgi /php5-fcgi virtual Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} <tmpl_if name='use_tcp'> FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization <IfModule mod_proxy_fcgi.c> ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1 </IfModule> </tmpl_if> <tmpl_if name='use_socket'> FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization </tmpl_if> </IfModule> </tmpl_if> <tmpl_if name='php' op='==' value='hhvm'> <IfModule mod_fastcgi.c> <Directory {tmpl_var name='document_root'}/cgi-bin> <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all granted <tmpl_else> Order allow,deny Allow from all </tmpl_if> </Directory> <Directory {tmpl_var name='web_document_root_www'}> <FilesMatch "\.php[345]?$"> SetHandler hhvm-fcgi </FilesMatch> <FilesMatch "\.hh$"> SetHandler hhvm-fcgi </FilesMatch> </Directory> <Directory {tmpl_var name='web_document_root'}> <FilesMatch "\.php[345]?$"> SetHandler hhvm-fcgi </FilesMatch> <FilesMatch "\.hh$"> SetHandler hhvm-fcgi </FilesMatch> </Directory> Action hhvm-fcgi /hhvm-fcgi virtual Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock -pass-header Authorization </IfModule> </tmpl_if> <tmpl_if name="rewrite_enabled"> RewriteEngine on <tmpl_if name='seo_redirect_enabled'> RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC] RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,L] </tmpl_if> <tmpl_loop name="alias_seo_redirects"> RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC] RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,L] </tmpl_loop> <tmpl_loop name="redirects"> RewriteCond %{HTTP_HOST} <tmpl_var name='rewrite_domain'>$ [NC] <tmpl_if name="rewrite_is_url" op="==" value="n"> RewriteCond %{REQUEST_URI} !^/webdav/ RewriteCond %{REQUEST_URI} !^/php5-fcgi/ RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'> </tmpl_if> RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'> </tmpl_loop> <tmpl_if name='ssl_enabled'> <tmpl_if name='rewrite_to_https' op='==' value='y'> RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </tmpl_if> </tmpl_if> </tmpl_if> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'> </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory {tmpl_var name='document_root'}/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB {tmpl_var name='document_root'}/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> <tmpl_var name='apache_directives'> </VirtualHost> <tmpl_if name='ssl_enabled'> <tmpl_if name='apache_version' op='>=' value='2.4' format='version'> SSLStaplingCache shmcb:/var/run/ocsp(128000) SSLSessionCache shmcb:/var/cache/ssl_gcache_data(5120000) </tmpl_if> </tmpl_if> </tmpl_loop>