# -------------------------------------------------------------------
# Dit bestand is een samenvoeging van /etc/httpd/conf.d/flex-80.conf,
# ../flex-443.conf en ../custom_httpd.inc
# Breng wijzigingen in directives alleen aan in ../custom_httpd.inc
# Run script /usr/local/bin/make-conf om wijzigigngen door te voeren.
# -------------------------------------------------------------------
# ====================================================================
# Flex-80.conf inclusief eigen directives binnen VirtualHost
# uit /etc/httpd/conf.d/custom_httpd.inc
# ====================================================================
#----------------------------------------------------------------
# WARNING: This file is automatically created by webconfig.
#----------------------------------------------------------------
# Authentication mechanism
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
# -----------------------------------------------#
# Web Site
# -----------------------------------------------#
ServerName makkink.eu
ServerAlias *.makkink.eu
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
# START eigen directives access_logs binnen vHosts
# ----------------------------------------------------------------
CustomLog /var/log/httpd/wandelen_access_log combined env=wandelen
CustomLog /var/log/httpd/nbp_access_log combined env=nbp
CustomLog /var/log/httpd/blog_access_log combined env=blog
# ----------------------------------------------------------------
# EINDE eigen directives binnen vHosts
Options -Indexes +FollowSymLinks -IncludesNOExec
SetHandler "proxy:fcgi://127.0.0.1:9073"
Require all granted
# ====================================================================
# Flex-443.conf inclusief eigen directives binnen VirtualHost
# uit /etc/httpd/conf.d/custom_httpd.inc
# ====================================================================
#----------------------------------------------------------------
# WARNING: This file is automatically created by webconfig.
#----------------------------------------------------------------
# Authentication mechanism
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
# -----------------------------------------------#
# Web Site
# -----------------------------------------------#
ServerName makkink.eu
ServerAlias *.makkink.eu
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
# START eigen directives access_logs binnen vHosts
# ----------------------------------------------------------------
CustomLog /var/log/httpd/wandelen_access_log combined env=wandelen
CustomLog /var/log/httpd/nbp_access_log combined env=nbp
CustomLog /var/log/httpd/blog_access_log combined env=blog
# ----------------------------------------------------------------
# EINDE eigen directives binnen vHosts
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.makkink.eu/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.makkink.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.makkink.eu/chain.pem
# No weak export crypto allowed
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!3DES:!aNULL:!MD5
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# ====================================================================
# Eigen HTTPD Directives buiten de VirtualHosts
# ====================================================================
# Access_Logs: Zet 'env' voor paden 'wandelen', 'nbp' en 'blog' vanuit
# de webroot en geef deze env's een alias (wandelen, nbp en blog)
# --------------------------------------------------------------------
SetEnvIf Request_URI "^/wandelen/" wandelen
CustomLog logs/wandelen_access_log combined env=wandelen
SetEnvIf Request_URI "^/nbp/" nbp
CustomLog logs/nbp_access_log combined env=nbp
SetEnvIf Request_URI "^/blog/" blog
CustomLog logs/blog_access_log combined env=blog
# Het e-mail adres waar problemen met de server naar toe gemaild worden
ServerAdmin ben@makkink.eu
# DirectoryIndex: zet het bestand dat Apache opent als een directory
# wordt gevraagd (is in httpd.conf alleen index.html)
DirectoryIndex index.html index.htm
# Indexering (listing) van bestanden toestaan in download directory
Options +Indexes
# Mapping naar bestanden buiten de webroot met een alias en opties
# Geef toegang voor alleen de hosts op het LAN
Alias /manuals "/usr/share/doc"
Options Indexes
AllowOverride None
Require ip 192.168.1.0/24
# Require all granted
# Forceer domein www.makkink.eu naar HTTPS
# NIET OP TESTSERVER, certificaat is voor www.makkink.eu(homeserver)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.makkink.eu/$1 [R,L]
# Voorbeeld voor een uitzondering van www/makkink.eu/blog
#
# RewriteEngine On
# RewriteCond %{SERVER_PORT} 443
# RewriteRule ^blog/?(.*) http://www.makkink.eu/blog/$1 [R,L]
# RewriteCond %{SERVER_PORT} 80
# RewriteCond %{REQUEST_URI} !^/blog
# RewriteRule ^(.*)$ https://www.makkink.eu/$1 [R,L]
#