You are here

Apache configuration for in. and repo.altagrade.org

Submitted by Alan Mels on Fri, 02/22/2019 - 08:04

Because two virtual servers block all other connections, but from only AG IP pool:

  1. Deny from all
  2. Allow from 66.160.206.192/26
  3. Allow from 216.218.184.96/27
  4. Allow from 216.218.219.80/28
  5. Allow from 216.218.139.240/29
  6. Allow from 65.49.80.96/27
  7. Allow from 216.218.133.16/28

we need to write specific permission for .well-know directory as otherwise renewing Let's Encrypt certificate fails:

  1. <Directory /home/altaorg/domains/in.altagrade.org/public_html/.well-known>
  2. allow from all
  3. Require all granted
  4. </Directory>
  1. <VirtualHost 65.49.80.99:8080>
  2. SuexecUserGroup "#1002" "#1002"
  3. ServerName in.altagrade.org
  4. ServerAlias www.in.altagrade.org
  5. ServerAlias webmail.in.altagrade.org
  6. ServerAlias admin.in.altagrade.org
  7. ServerAlias altagrade.in
  8. ServerAlias www.altagrade.in
  9. DocumentRoot /home/altaorg/domains/in.altagrade.org/public_html
  10. ErrorLog /var/log/altagrade/in.altagrade.org_error_log
  11. CustomLog /var/log/altagrade/in.altagrade.org_access_log combined
  12. ScriptAlias /cgi-bin/ /home/altaorg/domains/in.altagrade.org/cgi-bin/
  13. DirectoryIndex index.html index.htm index.php index.php4 index.php5
  14. <Directory /home/altaorg/domains/in.altagrade.org/public_html>
  15. Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
  16. Deny from all
  17. Allow from 66.160.206.192/26
  18. Allow from 216.218.184.96/27
  19. Allow from 216.218.219.80/28
  20. Allow from 216.218.139.240/29
  21. Allow from 65.49.80.96/27
  22. Allow from 216.218.133.16/28
  23. AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
  24. Require all granted
  25. AddType application/x-httpd-php .php
  26. AddHandler fcgid-script .php
  27. AddHandler fcgid-script .php5
  28. AddHandler fcgid-script .php7.0
  29. FCGIWrapper /home/altaorg/domains/in.altagrade.org/fcgi-bin/php7.0.fcgi .php
  30. FCGIWrapper /home/altaorg/domains/in.altagrade.org/fcgi-bin/php5.fcgi .php5
  31. FCGIWrapper /home/altaorg/domains/in.altagrade.org/fcgi-bin/php7.0.fcgi .php7.0
  32. </Directory>
  33. <Directory /home/altaorg/domains/in.altagrade.org/public_html/.well-known>
  34. allow from all
  35. Require all granted
  36. </Directory>
  37. <Directory /home/altaorg/domains/in.altagrade.org/cgi-bin>
  38. allow from all
  39. AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
  40. Require all granted
  41. </Directory>
  42. RewriteEngine on
  43. RewriteCond %{HTTP_HOST} =webmail.in.altagrade.org
  44. RewriteRule ^(.*) https://in.altagrade.org:20000/ [R]
  45. RewriteCond %{HTTP_HOST} =admin.in.altagrade.org
  46. RewriteRule ^(.*) https://in.altagrade.org:10000/ [R]
  47. RemoveHandler .php
  48. RemoveHandler .php5
  49. RemoveHandler .php7.0
  50. php_admin_value engine Off
  51. FcgidMaxRequestLen 1073741824
  52. IPCCommTimeout 9999
  53. </VirtualHost>
  54. <VirtualHost 65.49.80.99:8080>
  55. SuexecUserGroup "#1002" "#1002"
  56. ServerName repo.altagrade.org
  57. DocumentRoot /home/altaorg/domains/repo.altagrade.org/public_html
  58. ErrorLog /var/log/altagrade/repo.altagrade.org_error_log
  59. CustomLog /var/log/altagrade/repo.altagrade.org_access_log combined
  60. ScriptAlias /cgi-bin/ /home/altaorg/domains/repo.altagrade.org/cgi-bin/
  61. DirectoryIndex index.html index.htm index.php index.php4 index.php5
  62. <Directory /home/altaorg/domains/repo.altagrade.org/public_html>
  63. Options +Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
  64. Deny from all
  65. Allow from 66.160.206.192/26
  66. Allow from 216.218.184.96/27
  67. Allow from 216.218.219.80/28
  68. Allow from 216.218.139.240/29
  69. Allow from 65.49.80.96/27
  70. Allow from 216.218.133.16/28
  71. AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
  72. Require all granted
  73. AddType application/x-httpd-php .php
  74. AddHandler fcgid-script .php
  75. AddHandler fcgid-script .php5
  76. AddHandler fcgid-script .php7.0
  77. FCGIWrapper /home/altaorg/domains/repo.altagrade.org/fcgi-bin/php7.0.fcgi .php
  78. FCGIWrapper /home/altaorg/domains/repo.altagrade.org/fcgi-bin/php5.fcgi .php5
  79. FCGIWrapper /home/altaorg/domains/repo.altagrade.org/fcgi-bin/php7.0.fcgi .php7.0
  80. </Directory>
  81. <Directory /home/altaorg/domains/repo.altagrade.org/public_html/.well-known>
  82. allow from all
  83. Require all granted
  84. </Directory>
  85. <Directory /home/altaorg/domains/repo.altagrade.org/cgi-bin>
  86. allow from all
  87. AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
  88. Require all granted
  89. </Directory>
  90. RewriteEngine on
  91. RewriteCond %{HTTP_HOST} =webmail.repo.altagrade.org
  92. RewriteRule ^(.*) https://repo.altagrade.org:20000/ [R]
  93. RewriteCond %{HTTP_HOST} =admin.repo.altagrade.org
  94. RewriteRule ^(.*) https://repo.altagrade.org:10000/ [R]
  95. RemoveHandler .php
  96. RemoveHandler .php5
  97. RemoveHandler .php7.0
  98. php_admin_value engine Off
  99. FcgidMaxRequestLen 1073741824
  100. </VirtualHost>