Skip to content
Snippets Groups Projects
Normal view Permalink
sucssite-apache-vhost.conf 6.15 KiB
Newer Older
  • Learn to ignore specific revisions
    • Imran Hussain's avatar
    Add the SUCS Site apache config to the vcs.
    Imran Hussain committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 
    # The main sucs website

<VirtualHost 137.44.10.1:80>
	DocumentRoot "/var/www/sucssite/htdocs"
	ServerAdmin admin@sucs.org
	ServerName sucs.org
	ServerAlias www.sucs.org
	ServerAlias sucs.swan.ac.uk
	ServerAlias www.sucs.swan.ac.uk
	ServerAlias compsoc.swan.ac.uk
	ServerAlias www.compsoc.swan.ac.uk

	Include /etc/apache2/conf.sucs.d/userdir.conf

	ErrorLog /var/log/apache2/sucssite_error.log
	CustomLog /var/log/apache2/sucssite_access.log combined
	LogLevel warn

	<Directory "/var/www/sucssite/htdocs">
		AllowOverride All

		XBitHack On

		Order allow,deny
		Allow from all
		

		Options +MultiViews
		<IfModule mod_rewrite.c>
			RewriteEngine On

			# Ensure requests are for our preferred domains

			# Disabled by ~imranh 08/04/2015
			# We want people to do to sucs.org becuase we have a ssl cert for that
			# Keep stuff thats come in via *.swan.ac.uk in .ac.uk
			#RewriteCond %{HTTP_HOST} ^www.sucs.swan.ac.uk [NC,OR]
			#RewriteCond %{HTTP_HOST} ^compsoc.swan.ac.uk [NC,OR]
			#RewriteCond %{HTTP_HOST} ^www.compsoc.swan.ac.uk [NC]
			#RewriteRule ^(.*)$ http://sucs.swan.ac.uk/$1 [R=301,L]

			#(web)mail.sucs.org to sucs.org/webmail
			RewriteCond %{HTTP_HOST} ^mail.sucs.org [NC,OR]
			RewriteCond %{HTTP_HOST} ^webmail.sucs.org [NC]
			RewriteRule ^(.*)$ http://sucs.org/webmail/ [R=301,L]

			# Everything else may as well goto sucs.org
			RewriteCond %{HTTP_HOST} !^sucs.org [NC]
			#RewriteCond %{HTTP_HOST} !^sucs.swan.ac.uk [NC]
			RewriteRule ^(.*)$ http://sucs.org/$1 [R=301,L]

			# If its not a file or directory pass it to the website script
			RewriteCond %{REQUEST_URI} !=/server-status
			RewriteCond %{REQUEST_FILENAME} !-f
			RewriteCond %{REQUEST_FILENAME} !-d
			RewriteCond %{REQUEST_URI} !^/index\.php.*
			RewriteRule ^(.*)$ index.php/$1 [QSA,L]
		</IfModule>
		#RedirectMatch permanent ^/Community/Forum$ https://sucs.org/Community/Forum/
		RedirectMatch permanent ^/webmail$ https://sucs.org/webmail/
	</Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost 137.44.10.1:443>
	DocumentRoot "/var/www/sucssite/htdocs"
	ServerAdmin admin@sucs.org
	ServerName sucs.org
	ServerAlias www.sucs.org
	ServerAlias sucs.swan.ac.uk
	ServerAlias www.sucs.swan.ac.uk
	ServerAlias compsoc.swan.ac.uk
	ServerAlias www.compsoc.swan.ac.uk

	ErrorLog /var/log/apache2/ssl_error.log
	TransferLog /var/log/apache2/ssl_access.log
	LogLevel warn

	SSLEngine on

	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	Header always set Strict-Transport-Security "max-age=604800"
	Header always set X-Frame-Options SAMEORIGIN
	Header always set X-Content-Type-Options nosniff
	SSLCompression off

	SSLCertificateFile /usr/local/sucs-pki/certs/sucs.crt
	SSLCertificateKeyFile /usr/local/sucs-pki/private/sucs.key
	SSLCertificateChainFile /usr/local/sucs-pki/certs/globalsign.crt

	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
	    SSLOptions +StdEnvVars
	</Files>

	<Directory "/var/www/cgi-bin">
	    SSLOptions +StdEnvVars
	</Directory>

	SetEnvIf User-Agent ".*MSIE.*" \
		 nokeepalive ssl-unclean-shutdown \
		 downgrade-1.0 force-response-1.0

	CustomLog /var/log/apache2/ssl_request.log \
		  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	ProxyRequests Off
	<Proxy *>
		Order allow,deny
		Allow from all
	</Proxy>
	ProxyVia On
	SSLProxyEngine on
	ProxyPass /svn https://projects.sucs.org/svn
	<Location /svn >
		#DAV svn
		#SVNParentPath /var/projects/svn
                #Redirect / https://projects.sucs.org/
		ProxyPassReverse https://projects.sucs.org/svn
	</Location>

	Include /etc/apache2/conf.sucs.d/userdir.conf

	<Directory "/var/www/sucssite/htdocs">
		Options Indexes FollowSymLinks Includes ExecCGI MultiViews
		AllowOverride All

		XBitHack On

		Order allow,deny
		Allow from all

		Options +MultiViews
		<IfModule mod_rewrite.c>
			RewriteEngine On

			# Ensure requests are for our preferred domains
			# Disabled by ~imranh 08/04/2015
			# We want people to do to sucs.org becuase we have a ssl cert for that
			# Keep stuff thats come in via *.swan.ac.uk in .ac.uk
			#RewriteCond %{HTTP_HOST} ^www.sucs.swan.ac.uk [NC,OR]
			#RewriteCond %{HTTP_HOST} ^compsoc.swan.ac.uk [NC,OR]
			#RewriteCond %{HTTP_HOST} ^www.compsoc.swan.ac.uk [NC]
			#RewriteRule ^(.*)$ https://sucs.swan.ac.uk/$1 [R=301,L]

			#(web)mail.sucs.org to sucs.org/webmail
			RewriteCond %{HTTP_HOST} ^mail.sucs.org [NC,OR]
			RewriteCond %{HTTP_HOST} ^webmail.sucs.org [NC]
			RewriteRule ^(.*)$ https://sucs.org/webmail/$1 [R=301,L]

			# Everything else may as well goto sucs.org
			RewriteCond %{HTTP_HOST} !^sucs.org [NC]
			#RewriteCond %{HTTP_HOST} !^sucs.swan.ac.uk [NC]
			RewriteRule ^(.*)$ https://sucs.org/$1 [R=301,L]

			# If its not a file or directory pass it to the website script
			RewriteCond %{REQUEST_URI} !=/server-status
			RewriteCond %{REQUEST_FILENAME} !-f
			RewriteCond %{REQUEST_FILENAME} !-d
			RewriteCond %{REQUEST_URI} !^/index\.php.*
			RewriteRule ^(.*)$ index.php/$1 [QSA,L]
		</IfModule>

	</Directory>

	# Disabled, Moved to the gitlab VM ~imranh
	#Include /etc/apache2/conf.d/projects.conf

	# Redirect to squirrelmail install
	Alias /squirrelmail /usr/share/squirrelmail
	Alias /webmail/program/js/tiny_mce/ /usr/share/tinymce/www/
	Alias /webmail /var/lib/roundcube
	Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
	Alias /roundcube /var/lib/roundcube
	
	# 2015-03-16 Moved the /cam alias to here from /etc/apache2/conf.d/webcam to stop it becoming an alias on all virtual hosts, commented out the file in the other location. ~rjames93
	Alias /cam /var/cam
	<Directory "/var/cam">
		        Order allow,deny
		        Allow from all
		        Options Indexes SymLinksIfOwnerMatch
	</Directory>

	<Location /cam>
	        AuthType Basic
	        AuthName "Staff Only Area"
	        AuthBasicProvider ldap
	        AuthLDAPURL "ldap://127.0.0.1/dc=sucs,dc=org?uid"
	        AuthLDAPGroupAttribute memberUid
	        AuthLDAPGroupAttributeIsDN off
	        Require ldap-group cn=sucsstaff,ou=Group,dc=sucs,dc=org
	</Location>

	Alias /stats/collectd-web /var/www/collectd-web
	<Directory /var/www/collectd-web/cgi-bin>
		Options Indexes ExecCGI
                AllowOverride All
                AddHandler cgi-script .cgi
	</Directory>

</VirtualHost>
</IfModule>