sys_vhost.j2 2.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. {% if ansible_controlled is defined and ansible_controlled != "" %}
  2. #
  3. # {{ ansible_controlled }}
  4. #
  5. {% endif %}
  6. # Apache vhost for PHP system checks
  7. <VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}80{% endif %}>
  8. ServerName {{ phpsyscheck_vhostname }}
  9. Include conf-available/letsencrypt.conf
  10. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  11. RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://{{ phpsyscheck_vhostname }}$0
  12. {% else %}
  13. DocumentRoot /etc/phpsyscheck
  14. DirectoryIndex index.php
  15. {% if phpsyscheck_http_auth %}
  16. <Location />
  17. AuthType basic
  18. AuthName "Restricted Access"
  19. AuthUserFile /etc/apache2/auth_admin
  20. <RequireAny>
  21. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  22. Require ip {{ phpsyscheck_http_whitelist_ip | join(' ') }}
  23. {% endif %}
  24. Require valid-user
  25. </RequireAny>
  26. </Location>
  27. {% endif %}
  28. <Directory /etc/phpsyscheck>
  29. Options None
  30. AllowOverride None
  31. Require all granted
  32. </Directory>
  33. {% if with_fpm|bool %}
  34. Include conf-available/fpm-pool.conf
  35. {% endif %}
  36. LogLevel warn
  37. CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
  38. ErrorLog ${APACHE_LOG_DIR}/sys.error.log
  39. {% endif %}
  40. </VirtualHost>
  41. {% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
  42. <VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %}>
  43. ServerName {{ phpsyscheck_vhostname }}
  44. <IfModule http2_module>
  45. Protocols h2 http/1.1
  46. </IfModule>
  47. Include vhost_ssl_auto-{{ phpsyscheck_vhostname }}.conf
  48. DocumentRoot /etc/phpsyscheck
  49. DirectoryIndex index.php
  50. {% if phpsyscheck_http_auth %}
  51. <Location />
  52. AuthType basic
  53. AuthName "Restricted Access"
  54. AuthUserFile /etc/apache2/auth_admin
  55. <RequireAny>
  56. {% if phpsyscheck_http_whitelist_ip|length > 0 %}
  57. Require ip {{ phpsyscheck_http_whitelist_ip | join(' ') }}
  58. {% endif %}
  59. Require valid-user
  60. </RequireAny>
  61. </Location>
  62. {% endif %}
  63. <Directory /etc/phpsyscheck>
  64. Options None
  65. AllowOverride None
  66. Require all granted
  67. </Directory>
  68. <IfModule php7_module>
  69. php_admin_value max_execution_time 240
  70. php_admin_value upload_max_filesize 128M
  71. php_admin_value post_max_size 128M
  72. </IfModule>
  73. {% if with_fpm|bool %}
  74. Include conf-available/fpm-pool.conf
  75. {% endif %}
  76. LogLevel warn
  77. CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
  78. ErrorLog ${APACHE_LOG_DIR}/sys.error.log
  79. </VirtualHost>
  80. {% endif %}