forked from Personal/ansible-deploy-ldap-fusiondirectory
43 lines
1.5 KiB
Django/Jinja
43 lines
1.5 KiB
Django/Jinja
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerName auth.{{ domain }}
|
|
ServerAdmin webmaster@{{ domain }}
|
|
DocumentRoot /usr/share/fusiondirectory/html
|
|
ErrorLog ${APACHE_LOG_DIR}/fd-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/fd-access.log combined
|
|
|
|
<IfModule mod_php5.c>
|
|
<Location />
|
|
php_admin_flag engine on
|
|
php_admin_flag register_globals off
|
|
php_admin_flag allow_call_time_pass_reference off
|
|
php_admin_flag expose_php off
|
|
php_admin_flag zend.ze1_compatibility_mode off
|
|
php_admin_flag register_long_arrays off
|
|
php_admin_value upload_tmp_dir /var/spool/fusiondirectory/
|
|
php_admin_value session.cookie_lifetime 0
|
|
#Include /etc/fusiondirectory/fusiondirectory.secrets
|
|
</Location>
|
|
</IfModule>
|
|
|
|
<Directory /usr/share/fusiondirectory/html/>
|
|
Order Allow,Deny
|
|
# Insert your public IPs here
|
|
{% for ip_address in allowed_ips %}
|
|
Allow from {{ ip_address }}
|
|
{% endfor %}
|
|
</Directory>
|
|
|
|
Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
|
|
<Directory "/var/www/html/">
|
|
AllowOverride None
|
|
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
|
Require method GET POST OPTIONS
|
|
</Directory>
|
|
|
|
SSLCertificateFile /etc/letsencrypt/live/auth.{{ domain }}/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/auth.{{ domain }}/privkey.pem
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
</VirtualHost>
|
|
</IfModule>
|