|
Chris@1601
|
1
|
|
Chris@1601
|
2 # Apache config with SSL and admin auth stubbed in. You must provide
|
|
Chris@1601
|
3 # the key/cert and auth files.
|
|
Chris@1601
|
4
|
|
Chris@1601
|
5 # Note this has been updated for Apache 2.4, which introduced a number
|
|
Chris@1601
|
6 # of (welcome) changes to access control directives.
|
|
Chris@1601
|
7
|
|
Chris@1601
|
8 PerlLoadModule Apache::Authn::SoundSoftware
|
|
Chris@1601
|
9
|
|
Chris@1601
|
10 <VirtualHost *:80>
|
|
Chris@1601
|
11 ServerName code.soundsoftware.ac.uk
|
|
Chris@1601
|
12 ServerAdmin chris.cannam@soundsoftware.ac.uk
|
|
Chris@1601
|
13
|
|
Chris@1601
|
14 DocumentRoot /var/www/code/public
|
|
Chris@1601
|
15 PassengerRestartDir restart_files
|
|
Chris@1601
|
16 PassengerHighPerformance on
|
|
Chris@1601
|
17 PassengerMaxRequests 50000
|
|
Chris@1601
|
18 PassengerStatThrottleRate 5
|
|
Chris@1601
|
19 PassengerFriendlyErrorPages off
|
|
Chris@1601
|
20 RailsSpawnMethod smart
|
|
Chris@1601
|
21 ExpiresDefault "access plus 1 minute"
|
|
Chris@1601
|
22
|
|
Chris@1601
|
23 # Redirect all activity to secure site
|
|
Chris@1601
|
24 Redirect seeother / "https://code.soundsoftware.ac.uk/"
|
|
Chris@1601
|
25
|
|
Chris@1601
|
26 <DirectoryMatch "^/.*/\.svn/">
|
|
Chris@1601
|
27 Require all denied
|
|
Chris@1601
|
28 </DirectoryMatch>
|
|
Chris@1601
|
29
|
|
Chris@1601
|
30 <DirectoryMatch "^/.*/\.hg/">
|
|
Chris@1601
|
31 Require all denied
|
|
Chris@1601
|
32 </DirectoryMatch>
|
|
Chris@1601
|
33
|
|
Chris@1601
|
34 <DirectoryMatch "^/.*/\.git/">
|
|
Chris@1601
|
35 Require all denied
|
|
Chris@1601
|
36 </DirectoryMatch>
|
|
Chris@1601
|
37
|
|
Chris@1601
|
38 <Directory /var/www/code/public>
|
|
Chris@1601
|
39 Options -MultiViews
|
|
Chris@1601
|
40 </Directory>
|
|
Chris@1601
|
41
|
|
Chris@1601
|
42 ErrorLog /var/log/apache2/code-error.log
|
|
Chris@1601
|
43 CustomLog /var/log/apache2/code-access.log vhost_combined
|
|
Chris@1601
|
44
|
|
Chris@1601
|
45 LogLevel warn
|
|
Chris@1601
|
46 ServerSignature Off
|
|
Chris@1601
|
47 </VirtualHost>
|
|
Chris@1601
|
48
|
|
Chris@1605
|
49 <VirtualHost *:443>
|
|
Chris@1601
|
50 ServerName code.soundsoftware.ac.uk
|
|
Chris@1601
|
51 ServerAdmin chris.cannam@soundsoftware.ac.uk
|
|
Chris@1601
|
52
|
|
Chris@1605
|
53 SSLEngine on
|
|
Chris@1605
|
54 SSLCertificateFile /etc/apache2/certs/code.soundsoftware.ac.uk.crt
|
|
Chris@1605
|
55 SSLCertificateKeyFile /etc/apache2/certs/code.soundsoftware.ac.uk.key
|
|
Chris@1605
|
56 SSLCertificateChainFile /etc/apache2/certs/code.soundsoftware.ac.uk.ca-bundle
|
|
Chris@1605
|
57 SSLVerifyClient none
|
|
Chris@1605
|
58 SSLProtocol all -SSLv2 -SSLv3
|
|
Chris@1605
|
59 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
|
|
Chris@1605
|
60
|
|
Chris@1601
|
61 DocumentRoot /var/www/code/public
|
|
Chris@1601
|
62 PassengerRestartDir restart_files
|
|
Chris@1601
|
63 PassengerHighPerformance on
|
|
Chris@1601
|
64 PassengerMaxRequests 50000
|
|
Chris@1601
|
65 PassengerStatThrottleRate 5
|
|
Chris@1601
|
66 PassengerStartTimeout 60
|
|
Chris@1601
|
67 PassengerFriendlyErrorPages off
|
|
Chris@1601
|
68 RailsSpawnMethod smart
|
|
Chris@1601
|
69 ExpiresDefault "access plus 1 minute"
|
|
Chris@1601
|
70
|
|
Chris@1601
|
71 <Location /sys>
|
|
Chris@1601
|
72 AuthType Basic
|
|
Chris@1601
|
73 AuthUserFile "/etc/apache2/auth/user.htpasswd"
|
|
Chris@1601
|
74 AuthName "code.soundsoftware.ac.uk"
|
|
Chris@1601
|
75 Require user user
|
|
Chris@1601
|
76 </Location>
|
|
Chris@1601
|
77
|
|
Chris@1601
|
78 <Location /admin>
|
|
Chris@1601
|
79 AuthType Digest
|
|
Chris@1601
|
80 AuthUserFile "/etc/apache2/auth/admin.htdigest"
|
|
Chris@1601
|
81 AuthName "code.soundsoftware.ac.uk admin interface"
|
|
Chris@1601
|
82 Require user admin
|
|
Chris@1601
|
83 </Location>
|
|
Chris@1601
|
84
|
|
Chris@1601
|
85 <DirectoryMatch "^/.*/\.svn/">
|
|
Chris@1601
|
86 Require all denied
|
|
Chris@1601
|
87 </DirectoryMatch>
|
|
Chris@1601
|
88
|
|
Chris@1601
|
89 <DirectoryMatch "^/.*/\.hg/">
|
|
Chris@1601
|
90 Require all denied
|
|
Chris@1601
|
91 </DirectoryMatch>
|
|
Chris@1601
|
92
|
|
Chris@1601
|
93 <DirectoryMatch "^/.*/\.git/">
|
|
Chris@1601
|
94 Require all denied
|
|
Chris@1601
|
95 </DirectoryMatch>
|
|
Chris@1601
|
96
|
|
Chris@1601
|
97 <Directory /var/www/code/public>
|
|
Chris@1601
|
98 Options -MultiViews
|
|
Chris@1601
|
99 </Directory>
|
|
Chris@1601
|
100
|
|
Chris@1601
|
101 <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
|
|
Chris@1601
|
102 # Avoid other sites embedding our fonts
|
|
Chris@1601
|
103 RewriteEngine on
|
|
Chris@1601
|
104 RewriteCond %{HTTP_REFERER} !^$
|
|
Chris@1601
|
105 RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
|
|
Chris@1601
|
106 RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
|
|
Chris@1601
|
107 </Directory>
|
|
Chris@1601
|
108
|
|
Chris@1601
|
109 ScriptAlias /hg "/var/hg/index.cgi"
|
|
Chris@1601
|
110
|
|
Chris@1601
|
111 <Location /hg>
|
|
Chris@1601
|
112 AuthName "Mercurial"
|
|
Chris@1601
|
113 AuthType Basic
|
|
Chris@1601
|
114 Require valid-user
|
|
Chris@1601
|
115 PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
|
|
Chris@1601
|
116 PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
|
|
Chris@1601
|
117 PerlSetVar HTTPS "on"
|
|
Chris@1601
|
118 SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
|
|
Chris@1601
|
119 SoundSoftwareDbUser "code"
|
|
Chris@1601
|
120 SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
|
|
Chris@1601
|
121 SoundSoftwareRepoPrefix "/var/hg/"
|
|
Chris@1601
|
122 SoundSoftwareSslRequired "on"
|
|
Chris@1601
|
123 Options +ExecCGI
|
|
Chris@1601
|
124 AddHandler cgi-script .cgi
|
|
Chris@1601
|
125 ExpiresDefault now
|
|
Chris@1601
|
126 </Location>
|
|
Chris@1601
|
127
|
|
Chris@1601
|
128 Alias /git "/var/files/git-mirror"
|
|
Chris@1601
|
129
|
|
Chris@1601
|
130 <Directory "/var/files/git-mirror">
|
|
Chris@1601
|
131 Options -Indexes +FollowSymLinks
|
|
Chris@1601
|
132 Require all granted
|
|
Chris@1601
|
133 </Directory>
|
|
Chris@1601
|
134 <Directory ~ "/var/files/git-mirror/.*\.workdir">
|
|
Chris@1601
|
135 Require all denied
|
|
Chris@1601
|
136 </Directory>
|
|
Chris@1601
|
137 <Directory ~ "/var/files/git-mirror/__.*">
|
|
Chris@1601
|
138 Require all denied
|
|
Chris@1601
|
139 </Directory>
|
|
Chris@1601
|
140
|
|
Chris@1601
|
141 ErrorLog /var/log/apache2/code-error.log
|
|
Chris@1601
|
142 CustomLog /var/log/apache2/code-access.log vhost_combined
|
|
Chris@1601
|
143
|
|
Chris@1601
|
144 LogLevel warn
|
|
Chris@1601
|
145 ServerSignature Off
|
|
Chris@1601
|
146
|
|
Chris@1601
|
147 </VirtualHost>
|
|
Chris@1601
|
148
|
