# WARNING: uses Apache 2.4 syntax (instead of deprecated Order and Allow directives)
# {{sitename}} non-secure
ServerName {{domain}}
## ServerAlias server
ServerAdmin webmaster@localhost
# Redirect to secure vhost (Match all paths except for ones that should stay as HTTP)
## RedirectMatch permanent ^/(?!\.well-known)(.*) https://www.{{domain}}/$1
## # -- FCGID and PHP user segregation --
## SuexecUserGroup {{sitename}} {{sitename}}
## FcgidWrapper /srv/web/{{sitename}}/libexec/php.fcgi
# -- Access --
# (Needed for Let's Encrypt)
DocumentRoot /srv/web/{{subdir}}/docroot
Require all granted
Options FollowSymLinks MultiViews
## Options +Indexes
AllowOverride None
## AllowOverrideList {{which}}
#
# The following lines prevent files with an extension of .inc from being
# viewed by Web clients.
#
Require all denied
# -- Logging --
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
## LogLevel warn
LogLevel notice
## ErrorLog ${APACHE_LOG_DIR}/{{sitename}}/error.log
## CustomLog ${APACHE_LOG_DIR}/{{sitename}}/access.log combined
# {{sitename}} secure
ServerName {{domain}}
## ServerAlias server
ServerAdmin webmaster@localhost
# -- Access --
DocumentRoot /srv/web/{{subdir}}/docroot
Require all granted
Options FollowSymLinks MultiViews
## Options +Indexes
AllowOverride None
## AllowOverrideList {{which}}
#
# The following lines prevent files with an extension of .inc from being
# viewed by Web clients.
#
Require all denied
# -- Logging --
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
## LogLevel warn
LogLevel notice
# If using custom logs for this site, don't forget to create
# /var/log/apache2/{{sitename}}/ and set up log rotation
## ErrorLog ${APACHE_LOG_DIR}/{{sitename}}/error.log
## CustomLog ${APACHE_LOG_DIR}/{{sitename}}/access.log combined
# -- SSL --
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
## SSLCertificateFile /etc/ssl/certs/{{sitename}}.crt
## SSLCertificateKeyFile /etc/ssl/private/{{sitename}}.key
SSLCertificateFile /etc/letsencrypt/live/www.{{domain}}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.{{domain}}/privkey.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
## SSLCertificateChainFile /etc/ssl/certs/{{intermediate}}.crt
# vim: set filetype=apache tabstop=4 shiftwidth=4 :
# Local Variables:
# tab-width: 4
# end: