328 lines
10 KiB
Plaintext
328 lines
10 KiB
Plaintext
# VHostHTTP for http only
|
|
# VHostHTTPS for http & https w/ optional http to https redirect
|
|
# VHostHTTPSVarnish for https -> Varnish -> http
|
|
# VHostSubdomainHTTP
|
|
# VHostSubdomainHTTPS
|
|
# VHostSubdomainHTTPSVarnish
|
|
# *only use one of the VHost options above at at time*
|
|
#
|
|
# VMailHTTPS for webmail at mail. subdomain assumes & requires https w/ valid cert
|
|
#
|
|
# RedirectHTTP for http only
|
|
# RedirectHTTPS for http & https
|
|
# *only use one of the Redirect options above at at time*
|
|
#
|
|
# VHostAliasHTTP for http only
|
|
# VHostAliasHTTPS for http & https
|
|
# VHostAliasHTTPSVarnish for http & https
|
|
# *only use one of the Alias options above at at time*
|
|
|
|
|
|
# Optional AliasDomain for accessing VirtualHosts.
|
|
# Uncomment and change example.com to suit your needs.
|
|
#Define AliasDomain example.com
|
|
|
|
# Uncomment to force redirect from http to https for all VirtualHost that have HTTPS enabled
|
|
Define ForceHTTPS
|
|
|
|
# VHostHTTP - HTTP on Port 80
|
|
<Macro VHostHTTP $vhost $username>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
<Macro VHostSubdomainHTTP $vhost $username $subdomain>
|
|
<VirtualHost *:80>
|
|
ServerName $subdomain.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $subdomain.$vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html/$subdomain
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
# VHostHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain
|
|
<Macro VHostHTTPS $vhost $username>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<IfDefine ForceHTTPS>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
</IfDefine>
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
|
|
Alias /stats /srv/www/$vhost/stats
|
|
AddExternalAuth pwauth /usr/sbin/pwauth
|
|
SetExternalAuthMethod pwauth pipe
|
|
<Location /stats>
|
|
AuthType Basic
|
|
AuthName "Usage Statistics for $vhost"
|
|
AuthBasicProvider external
|
|
AuthExternal pwauth
|
|
<RequireAny>
|
|
Require ip 127.0.0.1
|
|
Require user $username
|
|
</RequireAny>
|
|
</Location>
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
# VHostSubdomainHTTPS - HTTPS on Port 443. Inludes Port 80 and ServerAliases for ${AliasDomain} subdomain
|
|
<Macro VHostSubdomainHTTPS $vhost $username $subdomain>
|
|
<VirtualHost *:80>
|
|
ServerName $subdomain.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $subdomain.$vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html/$subdomain
|
|
<IfDefine ForceHTTPS>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
</IfDefine>
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $subdomain.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $subdomain.$vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html/$subdomain
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
# VHostHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80
|
|
<Macro VHostHTTPSVarnish $vhost $username>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
RequestHeader set X-Forwarded-Proto https
|
|
ProxyPreserveHost On
|
|
ProxyPass / http://127.0.0.1:6081/
|
|
ProxyPassReverse / http://127.0.0.1:6081/
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
# VHostSubdomainHTTPSVarnish - HTTPS on Port 443 proxies to Varnish which then connects to Port 80
|
|
<Macro VHostSubdomainHTTPSVarnish $vhost $username $subdomain>
|
|
<VirtualHost *:80>
|
|
ServerName $subdomain.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $subdomain.$vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$vhost/html/$subdomain
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $subdomain.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $subdomain.$vhost.${AliasDomain}
|
|
</IfDefine>
|
|
RequestHeader set X-Forwarded-Proto https
|
|
ProxyPreserveHost On
|
|
ProxyPass / http://127.0.0.1:6081/
|
|
ProxyPassReverse / http://127.0.0.1:6081/
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$subdomain.$vhost.pem
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
# Webmail - HTTP Port 80 Redirects to HTTPS Port 443
|
|
<Macro VMailHTTPS $vhost>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect / https://$vhost
|
|
</If>
|
|
</Location>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $vhost
|
|
DocumentRoot /srv/www/html/roundcube/public_html
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
<Macro RedirectHTTP $vhost $redirect>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "$redirect%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
<Macro RedirectHTTPS $vhost $redirect>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "$redirect%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "$redirect%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$vhost.pem
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
<Macro VHostAliasHTTP $vhost $username $alias>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$alias/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
</Macro>
|
|
|
|
<Macro VHostAliasHTTPS $vhost $username $alias>
|
|
<VirtualHost *:80>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$alias/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<IfDefine ForceHTTPS>
|
|
<Location "/">
|
|
<If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
|
Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
|
</If>
|
|
</Location>
|
|
</IfDefine>
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName $vhost
|
|
ServerAlias www.$vhost
|
|
<IfDefine AliasDomain>
|
|
ServerAlias $vhost.${AliasDomain}
|
|
</IfDefine>
|
|
DocumentRoot /srv/www/$alias/html
|
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
|
RewriteEngine on
|
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
|
</FilesMatch>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/letsencrypt/$alias.pem
|
|
</VirtualHost>
|
|
</Macro>
|