Complete the renaming of private to private_site

[chef.git] / cookbooks / mediawiki / templates / default / apache.erb

diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index 0bedf21248d758bc8932c006c47e3761c42cf7e9..f41e4ca50e0304663b0138a4c73e7d9d4db1ff6f 100644 (file)
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -1,7 +1,21 @@
 # DO NOT EDIT - This file is being maintained by Chef
 # DO NOT EDIT - This file is being maintained by Chef

-<% @ports.each do |port| -%>

 
 

-<VirtualHost *:<%= port %>>
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+
+<VirtualHost *:443>

   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>
   ServerName <%= @name %>
 <% @aliases.each do |alias_name| -%>
   ServerAlias <%= alias_name %>


@@ -9,25 +23,25 @@
 
   ServerAdmin webmaster@openstreetmap.org
 
 
   ServerAdmin webmaster@openstreetmap.org
 

-<% if port == 443 -%>

   SSLEngine on
   SSLEngine on

+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key

 
   CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-secure-error.log
 
   CustomLog /var/log/apache2/<%= @name %>-secure-access.log combined
   ErrorLog /var/log/apache2/<%= @name %>-secure-error.log

-<% else -%>
-  CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  ErrorLog /var/log/apache2/<%= @name %>-error.log
-<% end -%>

 
   DocumentRoot <%= @directory %>
 
 
   DocumentRoot <%= @directory %>
 

-  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
+  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/dev/null:/tmp/

   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
   #php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"

-  php_value memory_limit 128M
+  php_value memory_limit 368M

   php_value max_execution_time 240
   php_value upload_max_filesize 70M
   php_value post_max_size 100M
 
   php_value max_execution_time 240
   php_value upload_max_filesize 70M
   php_value post_max_size 100M
 

+  RewriteCond %{SERVER_NAME} !=<%= @name %>
+  RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
+

   RedirectMatch 301 ^/$                           /wiki/Main_Page
 
   #Historical Compatibility Links
   RedirectMatch 301 ^/$                           /wiki/Main_Page
 
   #Historical Compatibility Links


@@ -50,6 +64,7 @@
   RewriteCond %{REQUEST_URI} !^/api\.php$
   RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
   RewriteCond %{REQUEST_URI} !^/server-status
   RewriteCond %{REQUEST_URI} !^/api\.php$
   RewriteCond %{REQUEST_URI} !^/opensearch_desc\.php$
   RewriteCond %{REQUEST_URI} !^/server-status

+  RewriteCond %{REQUEST_URI} !^/.well-known/

   RewriteCond %{LA-U:REQUEST_FILENAME} !-f
   RewriteCond %{LA-U:REQUEST_FILENAME} !-d
   RewriteRule ^/(.*) /wiki/$1 [R,L]
   RewriteCond %{LA-U:REQUEST_FILENAME} !-f
   RewriteCond %{LA-U:REQUEST_FILENAME} !-d
   RewriteRule ^/(.*) /wiki/$1 [R,L]


@@ -65,7 +80,7 @@
     Options -ExecCGI -Includes -Indexes
     AllowOverride None
     AddType text/plain .html .htm .shtml
     Options -ExecCGI -Includes -Indexes
     AllowOverride None
     AddType text/plain .html .htm .shtml

-<% if @private -%>
+<% if @private_site -%>

     Require all denied
 <% end -%>
   </Directory>
     Require all denied
 <% end -%>
   </Directory>


@@ -117,4 +132,3 @@
     Require all denied
   </Files>
 </VirtualHost>
     Require all denied
   </Files>
 </VirtualHost>

-<% end -%>