Merge remote-tracking branch 'github/pull/528'

[chef.git] / cookbooks / forum / templates / default / apache.erb

diff --git a/cookbooks/forum/templates/default/apache.erb b/cookbooks/forum/templates/default/apache.erb
index d84b0196779a277db1618eb737263384cb801aaa..5235ee1f8378ed57298626f62c8be9c26e4b541e 100644 (file)
--- a/cookbooks/forum/templates/default/apache.erb
+++ b/cookbooks/forum/templates/default/apache.erb
@@ -8,6 +8,21 @@
        CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
+       RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+       RedirectPermanent / https://forum.openstreetmap.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+       ServerAlias forum.osm.org
+       ServerAdmin webmaster@openstreetmap.org
+
+       SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key
+
+       CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
+       ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
+
        RedirectPermanent / https://forum.openstreetmap.org/
 </VirtualHost>
 
@@ -16,24 +31,30 @@
        ServerAdmin webmaster@openstreetmap.org
 
        SSLEngine on
+       SSLCertificateFile /etc/ssl/certs/forum.openstreetmap.org.pem
+       SSLCertificateKeyFile /etc/ssl/private/forum.openstreetmap.org.key
 
        CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
        DocumentRoot /srv/forum.openstreetmap.org/html
 
-        php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/
-        php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
-        php_value upload_max_filesize 70M
-        php_value post_max_size 100M
+       <FilesMatch ".+\.ph(ar|p|tml)$">
+               SetHandler "proxy:unix:/run/php/php-forum.openstreetmap.org-fpm.sock|fcgi://127.0.0.1"
+       </FilesMatch>
 </VirtualHost>
 
 <Directory /srv/forum.openstreetmap.org/html>
-           RewriteEngine on
+       RewriteEngine on
+       RewriteRule ^config\.php$ - [F,L]
+
+       Options -Indexes
 
-           RewriteRule ^config\.php$ - [F,L]
+       Require all granted
 </Directory>
 
 <Directory /srv/forum.openstreetmap.org/html/img>
-        php_admin_flag engine off
+       <FilesMatch ".+\.ph(ar|p|tml)$">
+               SetHandler None
+       </FilesMatch>
 </Directory>