From 868eeb0287088a0488ec234f12fb98dd7ab80bbe Mon Sep 17 00:00:00 2001
From: "ncomputers.org" <contact@ncomputers.org>
Date: Sun, 5 Mar 2017 13:15:04 -0600
Subject: [PATCH 1/2] updated

---
 install/tpl/apache_ispconfig.conf.master |  6 +-
 server/conf/apache_ispconfig.conf.master |  6 +-
 server/conf/vhost.conf.master            | 76 ++++++++++--------------
 3 files changed, 43 insertions(+), 45 deletions(-)
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
index c6a3b651a8..cb2b1bb6b7 100644
--- a/install/tpl/apache_ispconfig.conf.master
+++ b/install/tpl/apache_ispconfig.conf.master
@@ -4,7 +4,11 @@
 ServerTokens ProductOnly
 ServerSignature Off
 
-
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
 
 ################################################
 # ISPConfig Logfile configuration for vlogger
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
index c6a3b651a8..cb2b1bb6b7 100644
--- a/server/conf/apache_ispconfig.conf.master
+++ b/server/conf/apache_ispconfig.conf.master
@@ -4,7 +4,11 @@
 ServerTokens ProductOnly
 ServerSignature Off
 
-
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
 
 ################################################
 # ISPConfig Logfile configuration for vlogger
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index fdea684eaa..f16b2acae8 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -433,48 +433,47 @@
 </tmpl_if>
 
 <tmpl_if name="rewrite_enabled">
-		RewriteEngine on
+	RewriteEngine on
 <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-		RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
-		RewriteRule ^ - [END]
+	RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
+	RewriteRule ^ - [END]
 </tmpl_if>
-<tmpl_if name='seo_redirect_enabled'>
-		RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
-		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-		</tmpl_if>
-		RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>$1 [R=301,NE,L]
-</tmpl_if>
-<tmpl_loop name="alias_seo_redirects">
-		RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
-		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-		</tmpl_if>
-		RewriteRule ^(.*)$ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>$1 [R=301,NE,L]
-</tmpl_loop>
-<tmpl_loop name="redirects">
-		RewriteCond %{HTTP_HOST}   <tmpl_var name='rewrite_domain'>$ [NC]
-		<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-		</tmpl_if>
-<tmpl_if name="rewrite_is_url" op="==" value="n">
-		RewriteCond %{REQUEST_URI} !^/webdav/
-		RewriteCond %{REQUEST_URI} !^/php5-fcgi/
-		RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
-</tmpl_if>
-		
-		RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
-	
-</tmpl_loop>
 <tmpl_if name='ssl_enabled'>
 <tmpl_else>
 <tmpl_if name='rewrite_to_https' op='==' value='y'>
-        RewriteCond %{HTTPS} off
-        <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+	RewriteCond %{HTTPS} off
+<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
+	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+</tmpl_if>
+	RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+</tmpl_if>
 </tmpl_if>
-        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+<tmpl_loop name="redirects">
+	RewriteCond %{HTTP_HOST} <tmpl_var name='rewrite_domain'>$ [NC]
+<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
+	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
 </tmpl_if>
+<tmpl_if name="rewrite_is_url" op="==" value="n">
+	RewriteCond %{REQUEST_URI} !^/webdav/
+	RewriteCond %{REQUEST_URI} !^/php5-fcgi/
+	RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
+</tmpl_if>	
+	RewriteRule /(.*) <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
+</tmpl_loop>
+<tmpl_if name='seo_redirect_enabled'>
+	RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
+	<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
+	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+	</tmpl_if>
+	RewriteRule ^ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='seo_redirect_target_domain'>%{REQUEST_URI} [R=301,NE,L]
 </tmpl_if>
+<tmpl_loop name="alias_seo_redirects">
+	RewriteCond %{HTTP_HOST} <tmpl_var name='alias_seo_redirect_operator'>^<tmpl_var name='alias_seo_redirect_origin_domain'>$ [NC]
+	<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
+	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+	</tmpl_if>
+	RewriteRule ^ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>%{REQUEST_URI} [R=301,NE,L]
+</tmpl_loop>
 </tmpl_if>
 
 		# add support for apache mpm_itk
@@ -503,15 +502,6 @@
 <tmpl_var name='apache_directives'>
 <tmpl_hook name='apache2_vhost:vhost_footer'>
 </VirtualHost>
-
-<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
-<tmpl_if name='ssl_enabled'>
-<IfModule mod_ssl.c>
-        SSLStaplingCache shmcb:/var/run/ocsp(128000)
-</IfModule>
-</tmpl_if>
-</tmpl_if>
-
 </tmpl_loop>
 
 <tmpl_hook name='apache2_vhost:footer'>
-- 
GitLab


From 7231fdd977a887490363c4849dfeb3f1cb7ae056 Mon Sep 17 00:00:00 2001
From: "ncomputers.org" <contact@ncomputers.org>
Date: Sun, 5 Mar 2017 23:37:07 -0600
Subject: [PATCH 2/2] improved order

---
 server/conf/vhost.conf.master | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index f16b2acae8..fd455ab87b 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -438,16 +438,6 @@
 	RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
 	RewriteRule ^ - [END]
 </tmpl_if>
-<tmpl_if name='ssl_enabled'>
-<tmpl_else>
-<tmpl_if name='rewrite_to_https' op='==' value='y'>
-	RewriteCond %{HTTPS} off
-<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-</tmpl_if>
-	RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-</tmpl_if>
-</tmpl_if>
 <tmpl_loop name="redirects">
 	RewriteCond %{HTTP_HOST} <tmpl_var name='rewrite_domain'>$ [NC]
 <tmpl_if name='apache_version' op='<' value='2.4' format='version'>
@@ -474,6 +464,16 @@
 	</tmpl_if>
 	RewriteRule ^ http<tmpl_if name='ssl_enabled'>s</tmpl_if>://<tmpl_var name='alias_seo_redirect_target_domain'>%{REQUEST_URI} [R=301,NE,L]
 </tmpl_loop>
+<tmpl_if name='ssl_enabled'>
+<tmpl_else>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+	RewriteCond %{HTTPS} off
+<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
+	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+</tmpl_if>
+	RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+</tmpl_if>
+</tmpl_if>
 </tmpl_if>
 
 		# add support for apache mpm_itk
-- 
GitLab

