2022-10-11 09:19:02 +02:00
|
|
|
<VirtualHost *:80>
|
2022-10-21 09:02:35 +02:00
|
|
|
ServerName {{ item.vhost_name }}
|
|
|
|
|
ServerAdmin {{ item.webadmin | default('webmaster@' + item.vhost_name) }}
|
|
|
|
|
{% if item.vhost_aliases is defined %}
|
|
|
|
|
ServerAlias {{ item.vhost_aliases }}
|
|
|
|
|
{% endif %}
|
2022-10-11 09:19:02 +02:00
|
|
|
|
|
|
|
|
## Logging
|
2022-10-21 09:02:35 +02:00
|
|
|
ErrorLog "/var/log/apache2/{{ item.vhost_name }}_error_ssl.log"
|
2022-10-11 09:19:02 +02:00
|
|
|
ServerSignature Off
|
2022-10-21 09:02:35 +02:00
|
|
|
CustomLog "/var/log/apache2/{{ item.vhost_name }}_access_ssl.log" combined
|
2022-10-11 09:19:02 +02:00
|
|
|
ErrorDocument 404 https://susurrando.com/notfound.php
|
|
|
|
|
ErrorDocument 500 https://susurrando.com/error500.php
|
|
|
|
|
ErrorDocument 503 https://susurrando.com/error503.php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
|
|
|
|
|
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
|
|
|
|
|
|
|
|
|
|
# Where the stylesheets (config files) reside
|
|
|
|
|
Alias /nagios4/stylesheets /etc/nagios4/stylesheets
|
|
|
|
|
|
|
|
|
|
# Where the HTML pages live
|
|
|
|
|
Alias /nagios4 /usr/share/nagios4/htdocs
|
|
|
|
|
|
|
|
|
|
<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
|
|
|
|
|
Options +FollowSymLinks
|
|
|
|
|
DirectoryIndex index.php index.html
|
|
|
|
|
AllowOverride None
|
|
|
|
|
<IfVersion >= 2.3>
|
|
|
|
|
<RequireAll>
|
|
|
|
|
Require all granted
|
|
|
|
|
AuthName "Nagios Access"
|
|
|
|
|
AuthType Basic
|
|
|
|
|
AuthUserFile {{ auth_user_file }}
|
|
|
|
|
Require valid-user
|
|
|
|
|
</RequireAll>
|
|
|
|
|
</IfVersion>
|
|
|
|
|
<IfVersion < 2.3>
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
AuthName "Nagios Access"
|
|
|
|
|
AuthType Basic
|
|
|
|
|
AuthUserFile {{ auth_user_file }}
|
|
|
|
|
Require valid-user
|
|
|
|
|
</IfVersion>
|
|
|
|
|
</DirectoryMatch>
|
|
|
|
|
|
|
|
|
|
<Directory /usr/share/nagios4/htdocs>
|
|
|
|
|
Options +ExecCGI
|
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
|
|
# PNP4Nagios
|
|
|
|
|
Alias /pnp4nagios "/usr/local/pnp4nagios/share"
|
|
|
|
|
|
|
|
|
|
<Directory "/usr/local/pnp4nagios/share">
|
|
|
|
|
AllowOverride None
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
#
|
|
|
|
|
# Use the same value as defined in nagios.conf
|
|
|
|
|
#
|
|
|
|
|
AuthName "Nagios Access"
|
|
|
|
|
AuthType Basic
|
|
|
|
|
AuthUserFile {{ auth_user_file }}
|
|
|
|
|
Require valid-user
|
|
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
# Turn on URL rewriting
|
|
|
|
|
RewriteEngine On
|
|
|
|
|
Options +symLinksIfOwnerMatch
|
|
|
|
|
# Installation directory
|
|
|
|
|
RewriteBase /pnp4nagios/
|
|
|
|
|
# Protect application and system files from being viewed
|
|
|
|
|
RewriteRule "^(?:application|modules|system)/" - [F]
|
|
|
|
|
# Allow any files or directories that exist to be displayed directly
|
|
|
|
|
RewriteCond "%{REQUEST_FILENAME}" !-f
|
|
|
|
|
RewriteCond "%{REQUEST_FILENAME}" !-d
|
|
|
|
|
# Rewrite all other URLs to index.php/URL
|
|
|
|
|
RewriteRule "^.*$" "index.php/$0" [PT]
|
|
|
|
|
</IfModule>
|
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
|
|
# HighCharts
|
|
|
|
|
Alias /highcharts "/usr/local/highcharts"
|
|
|
|
|
<Directory "/usr/local/highcharts">
|
|
|
|
|
Options None
|
|
|
|
|
AllowOverride None
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
## Only for apache 2.4 ##
|
|
|
|
|
# Require all granted
|
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
2022-10-21 09:02:35 +02:00
|
|
|
ServerName {{ item.vhost_name }}
|
|
|
|
|
ServerAdmin {{ item.webadmin }}
|
2022-10-11 09:19:02 +02:00
|
|
|
|
|
|
|
|
## Logging
|
2022-10-21 09:02:35 +02:00
|
|
|
ErrorLog "/var/log/apache2/{{ item.vhost_name }}_ssl_error_ssl.log"
|
2022-10-11 09:19:02 +02:00
|
|
|
ServerSignature Off
|
2022-10-21 09:02:35 +02:00
|
|
|
CustomLog "/var/log/apache2/{{ item.vhost_name }}_ssl_access_ssl.log" combined
|
2022-10-11 09:19:02 +02:00
|
|
|
ErrorDocument 404 https://susurrando.com/notfound.php
|
|
|
|
|
ErrorDocument 500 https://susurrando.com/error500.php
|
|
|
|
|
ErrorDocument 503 https://susurrando.com/error503.php
|
|
|
|
|
## Rewrite rules
|
|
|
|
|
RewriteEngine On
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## SSL directives
|
|
|
|
|
SSLEngine on
|
2022-10-21 09:25:50 +02:00
|
|
|
SSLCertificateFile "{{ item.ssl_certificate_file }}"
|
|
|
|
|
SSLCertificateKeyFile "{{ item.ssl_certificate_file }}"
|
2022-10-21 09:02:35 +02:00
|
|
|
{% if item.ssl_certificate_chain_file is defined %}
|
|
|
|
|
SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}"
|
|
|
|
|
{% endif %}
|
2022-10-11 09:19:02 +02:00
|
|
|
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
|
|
|
|
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
|
|
|
|
|
|
|
|
|
|
## Custom fragment
|
|
|
|
|
|
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
|
|
|
SSLProxyEngine On
|
|
|
|
|
SSLProxyCheckPeerCN on
|
|
|
|
|
SSLProxyCheckPeerExpire on
|
2022-10-21 09:02:35 +02:00
|
|
|
ProxyPass / http://{{ item.vhost_name }}/
|
|
|
|
|
ProxyPassReverse / http://{{ item.vhost_name }}/
|
2022-10-11 09:19:02 +02:00
|
|
|
</VirtualHost>
|
