vhost.conf.master 17.2 KB
Newer Older
1
<tmpl_hook name='apache2_vhost:header'>
2
3

<Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}>
4
		AllowOverride None
5
		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
6
		Require all denied
7
		<tmpl_else>
8
9
		Order Deny,Allow
		Deny from all
10
		</tmpl_if>
11
12
</Directory>

13
<tmpl_loop name='vhosts'>
tbrehm's avatar
tbrehm committed
14
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
15
<tmpl_hook name='apache2_vhost:vhost_header'>
16
<tmpl_if name='php' op='==' value='suphp'>
17
		DocumentRoot <tmpl_var name='web_document_root'>
18
</tmpl_else>
19
20
21
	<tmpl_if name='php' op='==' value='cgi'>
		DocumentRoot <tmpl_var name='web_document_root'>
	</tmpl_else>
22
23
24
		<tmpl_if name='php' op='==' value='php-fpm'>
		DocumentRoot <tmpl_var name='web_document_root'>
		</tmpl_else>
25
26
27
28
29
			<tmpl_if name='php' op='==' value='hhvm'>
			DocumentRoot <tmpl_var name='web_document_root'>
			</tmpl_else>
			DocumentRoot <tmpl_var name='web_document_root_www'>
			</tmpl_if>
30
		</tmpl_if>
31
	</tmpl_if>
32
33
</tmpl_if>

34
		ServerName <tmpl_var name='domain'>
35
<tmpl_if name='alias'>
36
		<tmpl_var name='alias'>
37
</tmpl_if>
38
		ServerAdmin webmaster@<tmpl_var name='domain'>
39

40
		ErrorLog /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log
41

42
<tmpl_if name='errordocs'>
43
44
45
46
47
48
49
50
51
		Alias /error/ "<tmpl_var name='web_document_root_www'>/error/"
		ErrorDocument 400 /error/400.html
		ErrorDocument 401 /error/401.html
		ErrorDocument 403 /error/403.html
		ErrorDocument 404 /error/404.html
		ErrorDocument 405 /error/405.html
		ErrorDocument 500 /error/500.html
		ErrorDocument 502 /error/502.html
		ErrorDocument 503 /error/503.html
52
</tmpl_if>
tbrehm's avatar
tbrehm committed
53

54
		<IfModule mod_ssl.c>
tbrehm's avatar
tbrehm committed
55
<tmpl_if name='ssl_enabled'>
56
57
		SSLEngine on
		SSLProtocol All -SSLv2 -SSLv3
58
		# SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
59
		SSLHonorCipherOrder     on
60
61
62
		# <IfModule mod_headers.c>
		# Header always add Strict-Transport-Security "max-age=15768000"
		# </IfModule>
63
64
		SSLCertificateFile <tmpl_var name='ssl_crt_file'>
		SSLCertificateKeyFile <tmpl_var name='ssl_key_file'>
tbrehm's avatar
tbrehm committed
65
<tmpl_if name='has_bundle_cert'>
66
		<tmpl_if name='apache_version' op='<' value='2.4.8' format='version'>
67
		SSLCertificateChainFile <tmpl_var name='ssl_bundle_file'>
68
		</tmpl_if>
69
70
71
72
73
		<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
		SSLUseStapling on
		SSLStaplingResponderTimeout 5
		SSLStaplingReturnResponderErrors off
		</tmpl_if>
74
</tmpl_if>
tbrehm's avatar
tbrehm committed
75
</tmpl_if>
76
		</IfModule>
77

78
		<Directory {tmpl_var name='web_document_root_www'}>
79
80
81
82
				# Clear PHP settings of this website
				<FilesMatch ".+\.ph(p[345]?|t|tml)$">
						SetHandler None
				</FilesMatch>
83
				Options +FollowSymLinks
84
				AllowOverride <tmpl_var name='allow_override'>
85
				<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
86
				Require all granted
87
				<tmpl_else>
88
89
				Order allow,deny
				Allow from all
90
				</tmpl_if>
91
<tmpl_if name='ssi' op='==' value='y'>
92
93
94
95
96

				# ssi enabled
				AddType text/html .shtml
				AddOutputFilter INCLUDES .shtml
				Options +Includes
97
98
</tmpl_if>
<tmpl_if name='php' op='==' value='no'>
99
				<Files ~ '.php[s3-6]{0,1}$'>
100
						<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
101
						Require all denied
102
						<tmpl_else>
103
104
105
						Order allow,deny
						Deny from all
						Allow from none
106
						</tmpl_if>
107
				</Files>
108
</tmpl_if>
109
110
		</Directory>
		<Directory {tmpl_var name='web_document_root'}>
111
112
113
114
				# Clear PHP settings of this website
				<FilesMatch ".+\.ph(p[345]?|t|tml)$">
						SetHandler None
				</FilesMatch>
115
				Options +FollowSymLinks
116
				AllowOverride <tmpl_var name='allow_override'>
117
				<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
118
				Require all granted
119
				<tmpl_else>
120
121
				Order allow,deny
				Allow from all
122
				</tmpl_if>
123
<tmpl_if name='ssi' op='==' value='y'>
124
125
126
127
128

				# ssi enabled
				AddType text/html .shtml
				AddOutputFilter INCLUDES .shtml
				Options +Includes
129
</tmpl_if>
tbrehm's avatar
tbrehm committed
130
<tmpl_if name='php' op='==' value='no'>
131
				<Files ~ '.php[s3-6]{0,1}$'>
132
					<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
133
					Require all denied
134
					<tmpl_else>
135
136
137
					Order allow,deny
					Deny from all
					Allow from none
138
					</tmpl_if>
139
				</Files>
tbrehm's avatar
tbrehm committed
140
</tmpl_if>
141
		</Directory>
tbrehm's avatar
tbrehm committed
142

143
<tmpl_if name='ruby' op='==' value='y'>
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
		<IfModule mod_ruby.c>
			<Directory {tmpl_var name='web_document_root_www'}>
				Options +ExecCGI
			</Directory>
			RubyRequire apache/ruby-run
			#RubySafeLevel 0
			AddType text/html .rb
			AddType text/html .rbx
			<Files *.rb>
				SetHandler ruby-object
				RubyHandler Apache::RubyRun.instance
			</Files>
			<Files *.rbx>
				SetHandler ruby-object
				RubyHandler Apache::RubyRun.instance
			</Files>
		</IfModule>
161
162
</tmpl_if>

163
164
165
166
167
168
169
170
171
<tmpl_if name='perl' op='==' value='y'>
		<IfModule mod_perl.c>
			PerlModule ModPerl::Registry
			PerlModule Apache2::Reload
			<Directory {tmpl_var name='web_document_root_www'}>
				PerlResponseHandler ModPerl::Registry
				PerlOptions +ParseHeaders
				Options +ExecCGI
			</Directory>
172
173
174
175
176
			<Directory {tmpl_var name='web_document_root'}>
				PerlResponseHandler ModPerl::Registry
				PerlOptions +ParseHeaders
				Options +ExecCGI
			</Directory>
177
178
179
            <Files *.pl>
				SetHandler perl-script
            </Files>
180
181
182
		</IfModule>
</tmpl_if>

183
<tmpl_if name='python' op='==' value='y'>
184
185
		<IfModule mod_python.c>
			<Directory {tmpl_var name='web_document_root_www'}>
186
187
188
				<FilesMatch "\.py$">
					SetHandler mod_python
				</FilesMatch>
189
190
191
192
				PythonHandler mod_python.publisher
				PythonDebug On
			</Directory>
		</IfModule>
193
194
</tmpl_if>

195
<tmpl_if name='cgi' op='==' value='y'>
196
		# cgi enabled
197
	<Directory {tmpl_var name='document_root'}/cgi-bin>
198
			<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
199
			Require all granted
200
			<tmpl_else>
201
202
			Order allow,deny
			Allow from all
203
			</tmpl_if>
204
205
		</Directory>
		ScriptAlias  /cgi-bin/ <tmpl_var name='document_root'>/cgi-bin/
206
207
208
		<FilesMatch "\.(cgi|pl)$">
			SetHandler cgi-script
		</FilesMatch>
209
210
</tmpl_if>
<tmpl_if name='suexec' op='==' value='y'>
211
212
213
214
		# suexec enabled
		<IfModule mod_suexec.c>
			SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
		</IfModule>
215
216
</tmpl_if>
<tmpl_if name='php' op='==' value='mod'>
217
218
		# mod_php enabled
		AddType application/x-httpd-php .php .php3 .php4 .php5
219
220
221
		SetEnv TMP <tmpl_var name='document_root'>/tmp
		SetEnv TMPDIR <tmpl_var name='document_root'>/tmp
		SetEnv TEMP <tmpl_var name='document_root'>/tmp
222
223
224
		php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
		php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
		php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
225
	# PHPIniDir <tmpl_var name='custom_php_ini_dir'>
tbrehm's avatar
tbrehm committed
226
<tmpl_if name='security_level' op='==' value='20'>
227
		php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
tbrehm's avatar
tbrehm committed
228
</tmpl_if>
229
230
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
231
232
		# suphp enabled
		<Directory {tmpl_var name='web_document_root'}>
233
		<IfModule mod_suphp.c>
234
235
			suPHP_Engine on
			# suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
236
237
238
<tmpl_if name='has_custom_php_ini'>
	suPHP_ConfigPath <tmpl_var name='custom_php_ini_dir'>
</tmpl_if>
239
240
241
242
			<FilesMatch "\.php[345]?$">
				SetHandler x-httpd-suphp
			</FilesMatch>
			suPHP_AddHandler x-httpd-suphp
243
		</IfModule>
244
		</Directory>
245
246
</tmpl_if>
<tmpl_if name='php' op='==' value='cgi'>
247
248
249
		# php as cgi enabled
		ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
		Action php5-cgi /php5-cgi
250
251
252
253
254
255
256
257
258
259
		<Directory {tmpl_var name='web_document_root_www'}>
			<FilesMatch "\.php[345]?$">
				SetHandler php5-cgi
			</FilesMatch>
		</Directory>
		<Directory {tmpl_var name='web_document_root'}>
			<FilesMatch "\.php[345]?$">
				SetHandler php5-cgi
			</FilesMatch>
		</Directory>
260
		<Directory {tmpl_var name='cgi_starter_path'}>
261
			<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
262
			Require all granted
263
			<tmpl_else>
264
265
			Order allow,deny
			Allow from all
266
			</tmpl_if>
267
		</Directory>
268
269
</tmpl_if>
<tmpl_if name='php' op='==' value='fast-cgi'>
270
		# php as fast-cgi enabled
tbrehm's avatar
tbrehm committed
271
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
272
		<IfModule mod_fcgid.c>
tbrehm's avatar
tbrehm committed
273
<tmpl_if name='fastcgi_config_syntax' op='==' value='2'>
274
275
276
				FcgidIdleTimeout 300
				FcgidProcessLifeTime 3600
				# FcgidMaxProcesses 1000
277
				FcgidMaxRequestsPerProcess <tmpl_var name='fastcgi_max_requests'>
278
				FcgidMinProcessesPerClass 0
279
				FcgidMaxProcessesPerClass 10
280
				FcgidConnectTimeout 3
281
282
				FcgidIOTimeout 600
				FcgidBusyTimeout 3600
283
				FcgidMaxRequestLen 1073741824
tbrehm's avatar
tbrehm committed
284
<tmpl_else>
285
286
287
288
				IdleTimeout 300
				ProcessLifeTime 3600
				# MaxProcessCount 1000
				DefaultMinClassProcessCount 0
289
				DefaultMaxClassProcessCount 10
290
				IPCConnectTimeout 3
291
292
				IPCCommTimeout 600
				BusyTimeout 3600
tbrehm's avatar
tbrehm committed
293
</tmpl_if>
294
295
		</IfModule>
		<Directory {tmpl_var name='web_document_root_www'}>
296
297
298
				<FilesMatch "\.php[345]?$">
					SetHandler fcgid-script
				</FilesMatch>
299
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
300
301
302
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
303
304
				Options +ExecCGI
				AllowOverride <tmpl_var name='allow_override'>
305
				<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
306
				Require all granted
307
				<tmpl_else>
308
309
				Order allow,deny
				Allow from all
310
				</tmpl_if>
311
312
		</Directory>
		<Directory {tmpl_var name='web_document_root'}>
313
314
315
				<FilesMatch "\.php[345]?$">
					SetHandler fcgid-script
				</FilesMatch>
316
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php
317
318
319
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php3
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php4
				FCGIWrapper <tmpl_var name='fastcgi_starter_path'><tmpl_var name='fastcgi_starter_script'> .php5
320
321
				Options +ExecCGI
				AllowOverride <tmpl_var name='allow_override'>
322
				<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
323
				Require all granted
324
				<tmpl_else>
325
326
				Order allow,deny
				Allow from all
327
				</tmpl_if>
328
		</Directory>
329
</tmpl_if>
330
<tmpl_if name='php' op='==' value='php-fpm'>
331
		<IfModule mod_fastcgi.c>
332
				<Directory {tmpl_var name='document_root'}/cgi-bin>
333
					<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
334
					Require all granted
335
					<tmpl_else>
336
337
					Order allow,deny
					Allow from all
338
					</tmpl_if>
339
			    </Directory>
340
341
342
343
344
345
346
347
348
349
				<Directory {tmpl_var name='web_document_root_www'}>
					<FilesMatch "\.php[345]?$">
						SetHandler php5-fcgi
					</FilesMatch>
				</Directory>
				<Directory {tmpl_var name='web_document_root'}>
					<FilesMatch "\.php[345]?$">
						SetHandler php5-fcgi
					</FilesMatch>
				</Directory>
350
                Action php5-fcgi /php5-fcgi virtual
351
				Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
352
<tmpl_if name='use_tcp'>
353
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization             
354
355
</tmpl_if>
<tmpl_if name='use_socket'>
356
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization
357
</tmpl_if>
358
		</IfModule>
359
360
		<IfModule mod_proxy_fcgi.c>
<tmpl_if name='use_tcp'>
361
362
363
364
365
366
			#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
			<Directory {tmpl_var name='web_document_root'}>
				<FilesMatch "\.php[345]?$">
						SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
				</FilesMatch>
			</Directory>
367
368
</tmpl_if>
<tmpl_if name='use_socket'>
369
370
371
372
373
374
			#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
			<Directory {tmpl_var name='web_document_root'}>
				<FilesMatch "\.php[345]?$">
						SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
				</FilesMatch>
			</Directory>
375
376
</tmpl_if>
			</IfModule>
377
</tmpl_if>
378

379
380
381
382
383
384
385
386
387
388
<tmpl_if name='php' op='==' value='hhvm'>
		<IfModule mod_fastcgi.c>
				<Directory {tmpl_var name='document_root'}/cgi-bin>
					<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
					Require all granted
					<tmpl_else>
					Order allow,deny
					Allow from all
					</tmpl_if>
			    </Directory>
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
				<Directory {tmpl_var name='web_document_root_www'}>
					<FilesMatch "\.php[345]?$">
						SetHandler hhvm-fcgi
					</FilesMatch>
					<FilesMatch "\.hh$">
						SetHandler hhvm-fcgi
					</FilesMatch>
				</Directory>
				<Directory {tmpl_var name='web_document_root'}>
					<FilesMatch "\.php[345]?$">
						SetHandler hhvm-fcgi
					</FilesMatch>
					<FilesMatch "\.hh$">
						SetHandler hhvm-fcgi
					</FilesMatch>
				</Directory>
405
                Action hhvm-fcgi /hhvm-fcgi virtual
406
407
				Alias /hhvm-fcgi {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/hhvm-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket /var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock -pass-header Authorization
408
409
410
		</IfModule>
</tmpl_if>

411
<tmpl_if name="rewrite_enabled">
412
		RewriteEngine on
Marius Burkard's avatar
Marius Burkard committed
413
414
415
416
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
		RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
		RewriteRule ^ - [END]
</tmpl_if>
Falko Timme's avatar
Falko Timme committed
417
<tmpl_if name='seo_redirect_enabled'>
418
		RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
419
420
421
		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
		</tmpl_if>
422
		RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,NE,L]
Falko Timme's avatar
Falko Timme committed
423
</tmpl_if>
424
425
<tmpl_loop name="alias_seo_redirects">
		RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
426
427
428
		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
		</tmpl_if>
429
		RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,NE,L]
430
</tmpl_loop>
431
<tmpl_loop name="redirects">
432
		RewriteCond %{HTTP_HOST}   <tmpl_var name='rewrite_domain'>$ [NC]
433
434
435
		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
		</tmpl_if>
436
437
<tmpl_if name="rewrite_is_url" op="==" value="n">
		RewriteCond %{REQUEST_URI} !^/webdav/
438
		RewriteCond %{REQUEST_URI} !^/php5-fcgi/
439
440
		RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
</tmpl_if>
441
		
442
		RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
443
	
444
</tmpl_loop>
445
<tmpl_if name='ssl_enabled'>
446
<tmpl_else>
447
448
<tmpl_if name='rewrite_to_https' op='==' value='y'>
        RewriteCond %{HTTPS} off
449
450
        <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
</tmpl_if>
451
452
453
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</tmpl_if>
</tmpl_if>
454
455
</tmpl_if>

456
457
458
459
		# add support for apache mpm_itk
		<IfModule mpm_itk_module>
			AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
		</IfModule>
460

461
462
463
		<IfModule mod_dav_fs.c>
		# Do not execute PHP files in webdav directory
			<Directory {tmpl_var name='document_root'}/webdav>
464
465
466
467
468
				<ifModule mod_security2.c>
					SecRuleRemoveById 960015
					SecRuleRemoveById 960032
				</ifModule>
				<FilesMatch "\.ph(p3?|tml)$">
469
470
471
472
473
474
475
476
477
					SetHandler None
				</FilesMatch>
			</Directory>
			DavLockDB {tmpl_var name='document_root'}/tmp/DavLock
			# DO NOT REMOVE THE COMMENTS!
			# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
			# WEBDAV BEGIN
			# WEBDAV END
		</IfModule>
478

479
<tmpl_var name='apache_directives'>
480
<tmpl_hook name='apache2_vhost:vhost_footer'>
481
</VirtualHost>
482
483
484
485
486
487
488
489
490

<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
        SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>
</tmpl_if>

491
</tmpl_loop>
492

493
<tmpl_hook name='apache2_vhost:footer'>