ErrorLog /var/log/apache2/<%= @name %>-error.log
<% if @ssl_enabled -%>
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
RedirectPermanent / https://<%= @name %>/
</VirtualHost>
# Enable SSL
#
SSLEngine on
+<% if @ssl_certificate -%>
+ SSLCertificateFile /etc/ssl/certs/<%= @ssl_certificate %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_certificate %>.key
+<% end -%>
+<% if @ssl_certificate -%>
+ SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_certificate_chain %>.pem
+<% end -%>
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
+ RewriteRule ^readme\.html$ [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
+
Options -Indexes
+ AllowOverride AuthConfig
+
+ Require all granted
</Directory>
<Files <%= @directory %>/wp-config.php>
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
<Directory <%= @directory %>/uploads>
</Directory>
<Directory ~ "\.svn">
- Order allow,deny
- Deny from all
+ Require all denied
</Directory>
<Directory ~ "\.git">
- Order allow,deny
- Deny from all
+ Require all denied
</Directory>
+ <Files ~ "\.(txt|md)$">
+ Require all denied
+ </Files>
+
<Files ~ "~$">
- Order allow,deny
- Deny from all
+ Require all denied
</Files>
</VirtualHost>
projects / chef.git / blobdiff