ServerName {{ item.vhostname }} ServerAdmin {{ item.webadmin | default('webmaster@' + item.vhostname) }} {% if item.vhost_aliases is defined %} ServerAlias {{ item.vhost_aliases }} {% endif %} ## Logging ErrorLog "/var/log/apache2/{{ item.vhostname }}_error.log" ServerSignature Off CustomLog "/var/log/apache2/{{ item.vhostname }}_access.log" combined ErrorDocument 404 https://susurrando.com/notfound.php ErrorDocument 500 https://susurrando.com/error500.php ErrorDocument 503 https://susurrando.com/error503.php ProxyPass / https://{{ item.vhostname }}/ ProxyPassReverse / https://{{ item.vhostname }}/ ServerName {{ item.vhostname }} ServerAdmin {{ item.webadmin }} ## Logging ErrorLog "/var/log/apache2/{{ item.vhostname }}_ssl_error_ssl.log" ServerSignature Off CustomLog "/var/log/apache2/{{ item.vhostname }}_ssl_access_ssl.log" combined ErrorDocument 404 https://susurrando.com/notfound.php ErrorDocument 500 https://susurrando.com/error500.php ErrorDocument 503 https://susurrando.com/error503.php ## Rewrite rules RewriteEngine On ## SSL directives SSLEngine on SSLCertificateFile "{{ item.ssl_certificate_file }}" SSLCertificateKeyFile "{{ item.ssl_certificate_key_file }}" {% if item.ssl_certificate_chain_file is defined %} SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}" {% endif %} SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ## Custom fragment SSLHonorCipherOrder on Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" SSLProxyEngine On SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4 ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4 # Where the stylesheets (config files) reside Alias /nagios4/stylesheets /etc/nagios4/stylesheets # Where the HTML pages live Alias /nagios4 /usr/share/nagios4/htdocs Options +FollowSymLinks DirectoryIndex index.php index.html AllowOverride None = 2.3> Require all granted AuthName "Nagios Access" AuthType Basic AuthUserFile {{ auth_user_file }} Require valid-user Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile {{ auth_user_file }} Require valid-user Options +ExecCGI # PNP4Nagios Alias /pnp4nagios "/usr/local/pnp4nagios/share" AllowOverride None Order allow,deny Allow from all # # Use the same value as defined in nagios.conf # AuthName "Nagios Access" AuthType Basic AuthUserFile {{ auth_user_file }} Require valid-user # Turn on URL rewriting RewriteEngine On Options +symLinksIfOwnerMatch # Installation directory RewriteBase /pnp4nagios/ # Protect application and system files from being viewed RewriteRule "^(?:application|modules|system)/" - [F] # Allow any files or directories that exist to be displayed directly RewriteCond "%{REQUEST_FILENAME}" !-f RewriteCond "%{REQUEST_FILENAME}" !-d # Rewrite all other URLs to index.php/URL RewriteRule "^.*$" "index.php/$0" [PT] # HighCharts Alias /highcharts "/usr/local/highcharts" Options None AllowOverride None Order allow,deny Allow from all