From 85dcf072603c14c68a520eaa289bd76360aa1966 Mon Sep 17 00:00:00 2001 From: Bruno Raoult Date: Mon, 22 Mar 2021 08:53:14 +0100 Subject: [PATCH] bm39.eu domains in unique file and /.well-known becomes global alias --- damia/etc/apache2/mods-available/alias.conf | 6 ++ .../etc/apache2/sites-available/bremond.conf | 12 +-- .../apache2/sites-available/eu.bm39-all.conf | 74 +++++++++++++++++++ damia/etc/apache2/sites-available/faivre.conf | 15 ++-- damia/etc/apache2/sites-enabled/dev.bm39.conf | 1 - .../apache2/sites-enabled/eu.bm39-all.conf | 1 + damia/etc/apache2/sites-enabled/eu.bm39.conf | 1 - damia/etc/apache2/sites-enabled/faivre.conf | 2 +- .../etc/apache2/sites-enabled/test.bm39.conf | 1 - 9 files changed, 91 insertions(+), 22 deletions(-) create mode 100644 damia/etc/apache2/sites-available/eu.bm39-all.conf delete mode 120000 damia/etc/apache2/sites-enabled/dev.bm39.conf create mode 120000 damia/etc/apache2/sites-enabled/eu.bm39-all.conf delete mode 120000 damia/etc/apache2/sites-enabled/eu.bm39.conf delete mode 120000 damia/etc/apache2/sites-enabled/test.bm39.conf diff --git a/damia/etc/apache2/mods-available/alias.conf b/damia/etc/apache2/mods-available/alias.conf index 3583d3b..14273c2 100644 --- a/damia/etc/apache2/mods-available/alias.conf +++ b/damia/etc/apache2/mods-available/alias.conf @@ -19,6 +19,12 @@ Require all granted + Alias /.well-known/ /home/www/.well-known/ + + AllowOverride All + Require all granted + + # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/damia/etc/apache2/sites-available/bremond.conf b/damia/etc/apache2/sites-available/bremond.conf index cd7432f..2c23565 100644 --- a/damia/etc/apache2/sites-available/bremond.conf +++ b/damia/etc/apache2/sites-available/bremond.conf @@ -3,14 +3,12 @@ ServerAlias www.daniel-bremond.faivre.ml DocumentRoot /var/www/html/daniel-bremond #Redirect permanent / https://faivre.ml/ - RedirectMatch permanent ^(?!/\.well-known/acme-challenge/).* https://daniel-bremond.faivre.ml$0 + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] ErrorLog ${APACHE_LOG_DIR}/bremond-error.log CustomLog ${APACHE_LOG_DIR}/bremond-access.log combined - Alias /.well-known/ /home/www/well-known/.well-known/ - - AllowOverride All - Require all granted - + @@ -38,8 +36,6 @@ # SSLCertificateFile directive is needed. SSLCertificateFile /etc/letsencrypt/live/faivre.ml/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/faivre.ml/privkey.pem - SSLCertificateFile /etc/letsencrypt/live/www.faivre.ml/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/www.faivre.ml/privkey.pem # Certificate Authority (CA): # Set the CA certificate verification path where to find CA diff --git a/damia/etc/apache2/sites-available/eu.bm39-all.conf b/damia/etc/apache2/sites-available/eu.bm39-all.conf new file mode 100644 index 0000000..1f605e5 --- /dev/null +++ b/damia/etc/apache2/sites-available/eu.bm39-all.conf @@ -0,0 +1,74 @@ +# all bm39.eu subdomains + + + + ServerName $domain + ServerAlias www.$domain + UseCanonicalName Off + + #DocumentRoot /home/www/eu.bm39/$name + + CustomLog ${APACHE_LOG_DIR}/eu.bm39.$name-access.log combined + ErrorLog ${APACHE_LOG_DIR}/eu.bm39.$name-error.log + + # br, feb 13, 2016. The following hack is necessary to have + # letsencrypt work in "--webroot" mode, as it does not handle + # https redirection + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + + + + ServerName $domain + ServerAlias www.$domain + UseCanonicalName Off + + DocumentRoot /home/www/eu.bm39/$name + + CustomLog ${APACHE_LOG_DIR}/eu.bm39.$name-access.log combined + ErrorLog ${APACHE_LOG_DIR}/eu.bm39.$name-error.log + + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/bm39.eu/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/bm39.eu/privkey.pem + + + SSLRequireSSL On + SSLVerifyClient none + SSLVerifyDepth 1 + SSLOptions +StdEnvVars +StrictRequire + + + RewriteEngine on + + + Options Indexes FollowSymLinks MultiViews + AllowOverride All + Require all granted + # Kesako ? + SSLRenegBufferSize 10486000 + + + # Kesako ? + + Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" + + + # Kesako ? Puisque mod_security2 n'est pas utilisé, je commente. + # + # SecRequestBodyNoFilesLimit 5242880 + # + + + + + +# macros: Each line is +# Use +# with dir: /home/www/eu.bm39/ +Use bm39 root bm39.eu +Use bm39 dev dev.bm39.eu +Use bm39 test test.bm39.eu + +UndefMacro bm39 diff --git a/damia/etc/apache2/sites-available/faivre.conf b/damia/etc/apache2/sites-available/faivre.conf index ab9f66e..7c6fc86 100644 --- a/damia/etc/apache2/sites-available/faivre.conf +++ b/damia/etc/apache2/sites-available/faivre.conf @@ -3,15 +3,12 @@ ServerAlias www.faivre.ml DocumentRoot /var/www/html #Redirect permanent / https://faivre.ml/ - RedirectMatch permanent ^(?!/\.well-known/acme-challenge/).* https://faivre.ml$0 + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] ErrorLog ${APACHE_LOG_DIR}/faivre.ml-error.log CustomLog ${APACHE_LOG_DIR}/faivre.ml-access.log combined - Alias /.well-known/ /home/www/well-known/.well-known/ - - AllowOverride All - Require all granted - - + @@ -38,8 +35,6 @@ # SSLCertificateFile directive is needed. SSLCertificateFile /etc/letsencrypt/live/faivre.ml/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/faivre.ml/privkey.pem - SSLCertificateFile /etc/letsencrypt/live/www.faivre.ml/fullchain.pem - SSLCertificateKeyFile /etc/letsencrypt/live/www.faivre.ml/privkey.pem # Certificate Authority (CA): # Set the CA certificate verification path where to find CA @@ -57,7 +52,7 @@ SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire - + Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted diff --git a/damia/etc/apache2/sites-enabled/dev.bm39.conf b/damia/etc/apache2/sites-enabled/dev.bm39.conf deleted file mode 120000 index 17f4fc0..0000000 --- a/damia/etc/apache2/sites-enabled/dev.bm39.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/dev.bm39.conf \ No newline at end of file diff --git a/damia/etc/apache2/sites-enabled/eu.bm39-all.conf b/damia/etc/apache2/sites-enabled/eu.bm39-all.conf new file mode 120000 index 0000000..7284ee0 --- /dev/null +++ b/damia/etc/apache2/sites-enabled/eu.bm39-all.conf @@ -0,0 +1 @@ +../sites-available/eu.bm39-all.conf \ No newline at end of file diff --git a/damia/etc/apache2/sites-enabled/eu.bm39.conf b/damia/etc/apache2/sites-enabled/eu.bm39.conf deleted file mode 120000 index a781a6f..0000000 --- a/damia/etc/apache2/sites-enabled/eu.bm39.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/eu.bm39.conf \ No newline at end of file diff --git a/damia/etc/apache2/sites-enabled/faivre.conf b/damia/etc/apache2/sites-enabled/faivre.conf index 69baaeb..4706cb9 120000 --- a/damia/etc/apache2/sites-enabled/faivre.conf +++ b/damia/etc/apache2/sites-enabled/faivre.conf @@ -1 +1 @@ -../sites-available/faivre.conf \ No newline at end of file +/etc/apache2/sites-available/faivre.conf \ No newline at end of file diff --git a/damia/etc/apache2/sites-enabled/test.bm39.conf b/damia/etc/apache2/sites-enabled/test.bm39.conf deleted file mode 120000 index 7b23619..0000000 --- a/damia/etc/apache2/sites-enabled/test.bm39.conf +++ /dev/null @@ -1 +0,0 @@ -../sites-available/test.bm39.conf \ No newline at end of file