Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:cpanel:dev:EA4
ea-apache2-config
ea4_main.default
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ea4_main.default of Package ea-apache2-config
[% USE JSON; SET nginx_is_enabled = file_test('f', '/etc/nginx/ea-nginx/cpanel_localhost_header.json'); IF nginx_is_enabled; SET header_data = JSON.loadfile('/etc/nginx/ea-nginx/cpanel_localhost_header.json'); IF header_data.exists('cPanel-localhost'); SET cpanel_localhost_value = header_data.item('cPanel-localhost'); END; END; %] # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # Direct modifications to the Apache configuration file WILL be lost upon subsequent # regeneration of this configuration file, or an Apache update. # # To have your modifications retained, you should create/edit administrator-specific # include files: # # [% paths.dir_conf_includes %]/pre_main_global.conf # [% paths.dir_conf_includes %]/pre_virtualhost_global.conf # [% paths.dir_conf_includes %]/post_virtualhost_global.conf # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ################################################## ################################################## # # cPanel & WHM controlled Apache configuration # ################################################## ################################################## [%# NOTE: The IF variable.exists() method used throughout this template is to deal with migration from ea3 to ea4. This should allow pre-existing distillation of variables when the user was on EA3 but didn't use the WHM interfaces to update their httpd.conf. The ELSE clause is there to ensure a default is placed into the configuration regardless of previous distillations and will attempt to use the WHM settings where possible. Ideally speaking, the user shouldn't be using previously distilled information since we're moving towards a solution where httpd.conf isn't a database. However, we're not there yet, so the exists() method is used to ensure easier migration. -%] Include "[% paths.dir_base %]/conf.modules.d/*.conf" # Administrator locations for safely altering httpd.conf [% IF file_test('f', paths.dir_conf_includes _ '/pre_main_global.conf') -%] Include "[% paths.dir_conf_includes %]/pre_main_global.conf" [% ELSE -%] # Create "[% paths.dir_conf_includes %]/pre_main_global.conf" if you want to customize httpd.conf. [% END -%] [% IF file_test('f', paths.dir_conf_includes _ '/pre_main_2.conf') -%] # Major Version Specific Include "[% paths.dir_conf_includes %]/pre_main_2.conf" [% END -%] # These are hard-coded values that are required by cPanel & WHM PidFile [% paths.dir_run %]/httpd.pid User nobody Group nobody ExtendedStatus [% IF main.exists('extendedstatus') %][% main.extendedstatus.item.extendedstatus %][% ELSE %]Off[% END %] LogLevel [% IF main.exists('loglevel') %][% main.loglevel.item.loglevel %][% ELSE %]warn[% END %] [%- IF main.exists('symlink_protect') %] SymlinkProtect [% main.symlink_protect.item.symlink_protect %] SymlinkProtectRoot [% paths.dir_docroot %] [% END -%] # You can change this by using WHM, and navigating to the 'Basic WebHost ManagerĀ® Setup' -> 'Contact Information' interface. ServerAdmin [% serveradmin %] # You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface. ServerName [% wildcard_safe(main.servername.item.servername) %] # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface. [% IF main.exists('traceenable') %]TraceEnable [% main.traceenable.item.traceenable %][% END %] [% IF main.exists('serversignature') %]ServerSignature [% main.serversignature.item.serversignature %][% END %] [% IF main.exists('servertokens') %]ServerTokens [% main.servertokens.item.servertokens %][% END %] [% IF main.exists('fileetag') %]FileETag [% main.fileetag.item.fileetag %][% END %] <Directory "/"> [% IF main.exists('optimize_htaccess') && main.optimize_htaccess.item.optimize_htaccess && main.optimize_htaccess.item.optimize_htaccess != "search_full_path" %] AllowOverride None [% ELSE %] AllowOverride All [% END %] Options [% main.directory.options.item.options %] </Directory> [% IF main.exists('startservers') %]StartServers [% main.startservers.item.startservers %][% END %] <IfModule prefork.c> [% IF main.exists('minspareservers') %]MinSpareServers [% main.minspareservers.item.minspareservers %][% END %] [% IF main.exists('maxspareservers') %]MaxSpareServers [% main.maxspareservers.item.maxspareservers %][% END %] </IfModule> [% IF main.exists('serverlimit') %]ServerLimit [% main.serverlimit.item.serverlimit %][% END %] [% IF main.exists('maxclients') %]MaxRequestWorkers [% main.maxclients.item.maxclients %][% END %] [% IF main.exists('maxrequestsperchild') %]MaxConnectionsPerChild [% main.maxrequestsperchild.item.maxrequestsperchild %][% END %] [% IF main.exists('keepalive') %]KeepAlive [% main.keepalive.item.keepalive %][% END %] [% IF main.exists('keepalivetimeout') %]KeepAliveTimeout [% main.keepalivetimeout.item.keepalivetimeout %][% END %] [% IF main.exists('maxkeepaliverequests') %]MaxKeepAliveRequests [% main.maxkeepaliverequests.item.maxkeepaliverequests || 0 %][% END %] [% IF main.exists('timeout') %]Timeout [% main.timeout.item.timeout %][% END %] [% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%] <IfModule rewrite_module> # Global DCV Exclude - Rewrites RewriteEngine on [% FOR pattern = dcv_rewrite_patterns -%] RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %] [% END -%] [% IF all_possible_proxy_subdomains_regex %] # Exclude proxy subdomains as we need rewrites to capture the DCV requests RewriteCond %{HTTP_HOST} !^(?:[% all_possible_proxy_subdomains_regex %])\. [% END -%] RewriteRule ^ - [END] </IfModule> [% SET dcv_location_regex = '(' _ dcv_rewrite_patterns.join('|') _ ')'; %] <LocationMatch "[%- dcv_location_regex -%]"> # Global DCV Exclude - Location Satisfy Any Order Allow,Deny Allow from all </LocationMatch> [% END %] # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface. <IfModule dir_module> DirectoryIndex [% main.directoryindex.item.directoryindex %] </IfModule> # You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface. [%# NOTE: The maxrlimit* settings are currently hard-coded to off in WHM -%] [% IF main.rlimitcpu.item.softrlimitcpu -%] RLimitCPU [% main.rlimitcpu.item.softrlimitcpu %] [% main.rlimitcpu.item.maxrlimitcpu %] [% END -%] [% IF main.rlimitmem.item.softrlimitmem -%] RLimitMEM [% main.rlimitmem.item.softrlimitmem %] [% main.rlimitmem.item.maxrlimitmem %] [% END -%] # This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists <Directory "[% paths.dir_docroot %]"> Options All AllowOverride None Require all granted Header set Cache-Control "no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires 0 </Directory> # Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files <FilesMatch "^(\.ht(access|passwds?)|\.user\.ini|php\.ini)$"> Require all denied </FilesMatch> # PHP error_log protection <Files ~ "^error_log$"> <RequireAll> Require all denied </RequireAll> </Files> <IfModule alias_module> ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi [% IF autodiscover_proxy_subdomains -%] ScriptAliasMatch ^/Autodiscover/Autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi ScriptAliasMatch ^/autodiscover/autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi [% END -%] Alias /bandwidth /usr/local/bandmin/htdocs/ Alias /img-sys /usr/local/cpanel/img-sys/ Alias /java-sys /usr/local/cpanel/java-sys/ [% IF !skipmailman -%] Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/ Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/ [% END -%] Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/ ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/ [% IF !skipmailman -%] ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/ [% END -%] [% IF file_test('f', '/usr/local/cpanel/cgi-sys/scgiwrap') %]ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap[% END %] </IfModule> # This can be configured in the cPanel 'Leech Protection' interface. [% IF file_test('f', '/usr/local/cpanel/bin/leechprotect') -%] <IfModule rewrite_module> RewriteEngine on RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect Mutex file:[% paths.dir_run %] rewrite-map </IfModule> [% END -%] <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddType application/x-tar .tgz AddType text/vnd.wap.wml .wml AddType image/vnd.wap.wbmp .wbmp AddType text/vnd.wap.wmlscript .wmls AddType application/vnd.wap.wmlc .wmlc AddType application/vnd.wap.wmlscriptc .wmlsc # These extensions are used to redirect incoming requests to WHM AddHandler cgi-script .cgi .pl .plx .ppl .perl # This is used for custom error documents AddHandler server-parsed .shtml </IfModule> # You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option. <IfModule status_module> # This is used by the WHM 'Apache Status' application <Location /whm-server-status> SetHandler server-status Order deny,allow Deny from all [% IF options_support.APR_HAVE_IPV6 -%] Allow from 127.0.0.1 ::1 [% ELSE -%] Allow from 127.0.0.1 [% END -%] <IfModule security2_module> SecRuleEngine Off </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine Off' </IfModule> </Location> [% IF serve_server_status -%] <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from [% allow_server_info_status_from %] </Location> [% END -%] </IfModule> # Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk or mod_passenger are loaded <IfModule userdir_module> UserDir public_html <IfModule ruid2_module> UserDir disabled </IfModule> <IfModule mpm_itk.c> UserDir disabled </IfModule> <IfModule mod_passenger.c> UserDir disabled </IfModule> </IfModule> [% IF nginx_is_enabled && cpanel_localhost_value %] # This allows us to not log requests proxied to Apache from nginx; # That way hits are not double recorded. SetEnvIf cPanel-localhost [% cpanel_localhost_value %] isproxyrequest RequestHeader unset cPanel-localhost <IfModule remoteip_module> RemoteIPHeader X-Forwarded-For-[% cpanel_localhost_value %] RemoteIPInternalProxy [% wildcard_safe(main.servername.item.servername) %] [% FOREACH ip IN ips_in_use -%] [% ip = ip.remove( '^\[' ) -%] [% ip = ip.remove( '\]$' ) -%] RemoteIPInternalProxy [% ip %] [% END -%] RequestHeader unset X-Forwarded-For-[% cpanel_localhost_value %] </IfModule> [% END -%] [% IF enable_piped_logs -%] <IfModule mod_log_config.c> LogFormat "%v:%{local}p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combinedvhost <IfModule logio_module> LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost </IfModule> LogFormat "%v:%{local}p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined LogFormat "%v:%{local}p [% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%h %l %u %t \"%r\" %>s %b[% END %]" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent [%- SET splitlogsextra = '' -%] [%- TRY -%] [%- SET splitlogsconf = load_conf('/var/cpanel/conf/splitlogs.conf') -%] [%- IF splitlogsconf.maxopen.length %][% splitlogsextra = splitlogsextra _ " --maxopen=" _ splitlogsconf.maxopen %][% END -%] [%- IF splitlogsconf.buffer.length %][% splitlogsextra = splitlogsextra _ " --buffer=" _ splitlogsconf.buffer %][% END -%] [%- IF splitlogsconf.sslport.length %] [% splitlogsextra = splitlogsextra _ " --sslport=" _ splitlogsconf.sslport %] [%- ELSIF configured.main_port_ssl.length && configured.main_port_ssl != '443' %] [% splitlogsextra = splitlogsextra _ " --sslport=" _ configured.main_port_ssl %] [% END -%] [%- CATCH -%] [%# noop but catch is required or it dies %] [%- END -%] <IfModule logio_module> CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --suffix=-bytes_log[% splitlogsextra %]" bytesvhost env=!isproxyrequest </IfModule> CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --mainout=[% paths.file_access_log %][% splitlogsextra %]" [% logstyle %] env=!isproxyrequest </IfModule> [% ELSE %] <IfModule log_config_module> [% IF main.exists('logformat_combined') || main.exists('logformat_common') %] LogFormat "[% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined LogFormat "[% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%h %l %u %t \"%r\" %>s %b[% END %]" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent [% ELSIF main.ifmodulemodlogconfigc.logformat.items.length -%] [% FOREACH dir IN main.ifmodulemodlogconfigc.logformat.items -%] LogFormat [% dir.logformat %] [% END -%] [% ELSE -%] LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # NOTE: "combined" and "common" are required by WHM LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined [% END -%] # access_log format can be set in WHM under 'Basic WebHost ManagerĀ® Setup' [% IF main.ifmodulemodlogconfigc.customlog.items.length -%] [% FOREACH dir IN main.ifmodulemodlogconfigc.customlog.items -%] CustomLog [% dir.target %] [% dir.format %] env=!isproxyrequest [% END -%] [% ELSE -%] CustomLog logs/access_log [% logstyle %] env=!isproxyrequest [% END -%] </IfModule> [% END %] [% IF configured.ip_listen -%] # The Listen port can be updated using 'Tweak Settings' -> 'System', # However, if you have any Apache Reserved IPs, then this Tweak setting will # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs) # will be listed here. [% FOREACH ip IN configured.ip_listen -%] Listen [% ip %]:[% configured.main_port %] [% END -%] [% ELSE -%] # WARNING: This is the default value assigned during installation, and should # be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache non-SSL IP/port') Listen [% default_apache_port %] [% END -%] <IfModule ssl_module> # cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration' [% IF main.sslciphersuite.item.sslciphersuite.length %] SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %] [% IF main.sslprotocol.item.sslprotocol.length %] SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %] SSLPassPhraseDialog builtin <IfModule socache_shmcb_module> [% IF supported.stapling -%] SSLUseStapling [% IF main.sslusestapling.item.sslusestapling.length %][% main.sslusestapling.item.sslusestapling %][% ELSE %]On[% END %] SSLStaplingCache shmcb:[% paths.dir_run %]/stapling_cache_shmcb(256000) # Prevent browsers from failing if an OCSP server is temporarily broken. SSLStaplingReturnResponderErrors off SSLStaplingErrorCacheTimeout 60 SSLStaplingFakeTryLater off SSLStaplingResponderTimeout 3 [% END -%] SSLSessionCache shmcb:[% paths.dir_run %]/ssl_gcache_data_shmcb(1024000) </IfModule> <IfModule !socache_shmcb_module> SSLSessionCache dbm:[% paths.dir_run %]/ssl_gcache_data_dbm </IfModule> SSLSessionCacheTimeout 300 Mutex file:[% paths.dir_run %] ssl-cache SSLRandomSeed startup builtin SSLRandomSeed connect builtin [% IF configured.ip_listen_ssl -%] # The Listen port can be updated using 'Tweak Settings' -> 'System', # However, if you have any Apache Reserved IPs, then this Tweak setting will # be ignored. Instead, each IP on your system (excluding Apache Reserved IPs) # will be listed here. [% FOREACH ip IN configured.ip_listen_ssl -%] Listen [% ip %]:[% configured.main_port_ssl %] [% END -%] [% ELSE -%] # WARNING: This is the default value assigned during installation, and should # be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache SSL port') Listen [% default_apache_ssl_port %] [% END -%] AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfModule> Include "[% paths.dir_conf %]/*.conf" [% IF file_test('f', paths.dir_conf_includes _ '/account_suspensions.conf') -%] Include "[% paths.dir_conf_includes %]/account_suspensions.conf" [% END -%] [% IF file_test('f', paths.dir_conf_includes _ '/errordocument.conf') -%] Include "[% paths.dir_conf_includes %]/errordocument.conf" [% END -%] # Administrator locations for safely globally altering all virtualhost configurations [% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_global.conf') -%] Include "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf" [% ELSE -%] # Create "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf" if you want to customize httpd.conf. [% END -%] [% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_2.conf') -%] # Major Version Specific Include "[% paths.dir_conf_includes %]/pre_virtualhost_2.conf" [% END -%] [% IF proxypass_for_proxysubdomains -%] ProxyPass /___proxy_subdomain_ws_cpanel ws://127.0.0.1:2082 max=1 retry=0 ProxyPass /___proxy_subdomain_ws_whm ws://127.0.0.1:2086 max=1 retry=0 ProxyPass /___proxy_subdomain_ws_webmail ws://127.0.0.1:2095 max=1 retry=0 [% END -%] [% IF supports_cpanelwebcall -%] ProxyPass /cpanelwebcall/ http://127.0.0.1:2082/cpanelwebcall/ max=1 retry=0 [% END -%] [% MACRO websocket_proxies (servername) BLOCK -%] [% IF servername.match('^cpanel\\.') -%] RewriteCond %{HTTP_HOST} !=[% servername %] [% END -%] RewriteCond %{HTTP_HOST} ^cpanel\. RewriteCond %{HTTP:Upgrade} websocket [nocase] RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT] [% IF servername.match('^webmail\\.') -%] RewriteCond %{HTTP_HOST} !=[% servername %] [% END -%] RewriteCond %{HTTP_HOST} ^webmail\. RewriteCond %{HTTP:Upgrade} websocket [nocase] RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT] [% IF servername.match('^whm\\.') -%] RewriteCond %{HTTP_HOST} !=[% servername %] [% END -%] RewriteCond %{HTTP_HOST} ^whm\. RewriteCond %{HTTP:Upgrade} websocket [nocase] RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT] [% END -%] ################################################## ################################################## # # Define default vhosts for shared IPs # ################################################## ################################################## [% FOREACH vh IN sharedips -%] <VirtualHost [% vh %]> ServerName [% wildcard_safe(servername) %] DocumentRoot [% paths.dir_docroot %] ServerAdmin [% serveradmin %] [% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%] # Global DCV Rewrite Exclude <IfModule rewrite_module> RewriteOptions Inherit </IfModule> [% END %] [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] <Directory "/"> AllowOverride All </Directory> [% ELSE %] <Directory "[% paths.dir_docroot %]"> AllowOverride All </Directory> [% END %] <IfModule suphp_module> suPHP_UserGroup nobody nobody </IfModule> [%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %] UserDir disabled [%- IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] UserDir enabled [% defaultvhost.userdirprotect %] [%- END -%] [%- END %] </VirtualHost> [% END -%] ################################################## ################################################## # # Define default vhosts for unbound IPs # ################################################## ################################################## <VirtualHost *> ServerName [% wildcard_safe(servername) %] DocumentRoot [% paths.dir_docroot %] ServerAdmin [% serveradmin %] [% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%] # Global DCV Rewrite Exclude <IfModule rewrite_module> RewriteOptions Inherit </IfModule> [% END %] [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] <Directory "/"> AllowOverride All </Directory> [% ELSE %] <Directory "[% paths.dir_docroot %]"> AllowOverride All </Directory> [% END %] <IfModule suphp_module> suPHP_UserGroup nobody nobody </IfModule> [%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %] UserDir disabled [%- IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] UserDir enabled [% defaultvhost.userdirprotect %] [%- END -%] [%- END %] </VirtualHost> ################################################## ################################################## # # Define the virtual host configurtion for user domains # ################################################## ################################################## # BEGIN: HTTP vhosts list [% FOREACH vhost IN vhosts -%] [% IF vhost.custom_vhost_template_ap2 != '' -%] [% INCLUDE $vhost.custom_vhost_template_ap2 -%] [% ELSE -%] [% INCLUDE $includes.vhost -%] [% END -%] [% END -%] # END: HTTP vhosts list # BEGIN: HTTPS vhosts list [% FOREACH vhost IN ssl_vhosts -%] [% IF vhost.custom_vhost_template_ap2 != '' -%] [% INCLUDE $vhost.custom_vhost_template_ap2 -%] [% ELSE -%] [% INCLUDE $includes.ssl_vhost -%] [% END -%] [% END -%] # END: HTTPS vhosts list ################################################## ################################################## # # Define the main cPanel & WHM proxy subdomains # ################################################## ################################################## [% ips_in_use.push("127.0.0.1") -%] [% SET copy_of_ips_in_use = ips_in_use.slice(0) -%] [% WHILE (ip_block = copy_of_ips_in_use.splice(0, 50)) AND ip_block.size -%] [% IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%] [%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%] # [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %] <VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port}" %][% END -%]> ServerName proxy-subdomains-vhost.localhost [% IF autodiscover_proxy_subdomains -%] ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.* [% ELSE -%] ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* [% END -%] DocumentRoot [% paths.dir_docroot %] ServerAdmin [% serveradmin %] <IfModule suphp_module> suPHP_UserGroup nobody nobody </IfModule> <Proxy "*"> <IfModule security2_module> SecRuleEngine Off </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine Off' </IfModule> </Proxy> [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] <Directory "/"> AllowOverride All </Directory> [% ELSE %] <Directory "[% paths.dir_docroot %]"> AllowOverride All </Directory> [% END %] [% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%] UserDir disabled [% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%] UserDir enabled [% defaultvhost.userdirprotect %] [% END -%] [% END -%] [% IF dcv_rewrite_patterns -%] ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi [% END -%] RewriteEngine On [% IF dcv_rewrite_patterns -%] [% FOR pattern = dcv_rewrite_patterns -%] RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %] [% END -%] RewriteRule ^ /.cpanel/dcv [passthrough] [% END -%] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpanel\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT] ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2082/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^webmail\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT] ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^whm\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT] ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2086/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^webdisk\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT] ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2077/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpcalendars\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT] ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpcontacts\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT] ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P] [% END %] [% IF autodiscover_proxy_subdomains %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^autodiscover\. RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autodiscover.cgi [P] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^autoconfig\. RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autoconfig.cgi [P] [% END %] [% IF proxypass_for_proxysubdomains -%] [% websocket_proxies(servername) -%] [% END %] UseCanonicalName Off <IfModule security2_module> SecRuleEngine On </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine On' </IfModule> </VirtualHost> [% END %] [% END -%] [% WHILE (ip_block = ips_in_use.splice(0, 50)) AND ip_block.size -%] [% IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%] [%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%] # [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %] <VirtualHost[% FOREACH server_ip IN ip_block -%] [% "${server_ip}:${configured.main_port_ssl}" %][% END -%]> ServerName [% wildcard_safe(servername) %] [% IF autodiscover_proxy_subdomains %] ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.* [% ELSE %] ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* [% END %] DocumentRoot [% paths.dir_docroot %] ServerAdmin [% serveradmin %] <IfModule suphp_module> suPHP_UserGroup nobody nobody </IfModule> <Proxy "*"> <IfModule security2_module> SecRuleEngine Off </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine Off' </IfModule> </Proxy> [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %] <Directory "/"> AllowOverride All </Directory> [% ELSE %] <Directory "[% paths.dir_docroot %]"> AllowOverride All </Directory> [% END %] [% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%] UserDir disabled [% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%] UserDir enabled [% defaultvhost.userdirprotect %] [% END -%] [% END -%] RewriteEngine On <IfModule ssl_module> SSLEngine on [% IF !ssl_proxy_to_non_ssl -%] SSLProxyEngine On SSLProxyVerify none # Setting to Off for backwards-compatibility # Read for more info: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn SSLProxyCheckPeerCN Off [% IF options_support.split_version.2 >= 5 -%] SSLProxyCheckPeerName Off [% END -%] SSLProxyCheckPeerExpire Off [% END -%] [% IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') %] SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem [% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%] SSLUseStapling Off [% END -%] [% ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%] SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem [% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%] SSLUseStapling Off [% END -%] [% ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%] SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key [% IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%] SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab [% END -%] [% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%] SSLUseStapling Off [% END -%] [% ELSE %] # No service SSL installed for cPanel [% END %] </IfModule> [% SET proxy_prot = ssl_proxy_to_non_ssl ? 'http' : 'https' %] [% SET wsproxy_prot = ssl_proxy_to_non_ssl ? 'ws' : 'wss' %] <IfModule headers_module> RequestHeader set X-HTTPS 1 </IfModule> RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpanel\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT] ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2082 : 2083 %]/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^webmail\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT] ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2095 : 2096 %]/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^whm\. RewriteCond %{HTTP:Upgrade} !websocket [nocase] [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT] ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2086 : 2087 %]/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^webdisk\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT] ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2077 : 2078 %]/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpcontacts\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT] ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P] [% END %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^cpcalendars\. [% IF proxypass_for_proxysubdomains %] RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT] ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0 [% ELSE %] RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P] [% END %] [% IF autodiscover_proxy_subdomains %] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^autodiscover\. RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autodiscover.cgi [P] RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$ RewriteCond %{HTTP_HOST} ^autoconfig\. RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autoconfig.cgi [P] [% END %] [% IF proxypass_for_proxysubdomains -%] [% websocket_proxies(servername) -%] [% END %] UseCanonicalName Off <IfModule security2_module> SecRuleEngine On </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine On' </IfModule> </VirtualHost> [% END -%] [% END -%] # Administrator locations for safely altering virtualhost configuration [% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_global.conf') -%] Include "[% paths.dir_conf_includes %]/post_virtualhost_global.conf" [% ELSE -%] # Create "[% paths.dir_conf_includes %]/post_virtualhost_global.conf" if you want to customize httpd.conf. [% END -%] [% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_2.conf') -%] # Major Version Specific Include "[% paths.dir_conf_includes %]/post_virtualhost_2.conf" [% END -%] ################################################## ################################################## # # Define the Domain Forwarding virtual hosts # ################################################## ################################################## [% IF file_test('f', '/var/cpanel/domainfwdip') -%] <VirtualHost [% domainfwdip %]> ServerName [% wildcard_safe(domainfwdip) %] ServerAdmin root\@localhost DocumentRoot /dev/null ScriptAliasMatch .* /usr/local/cpanel/cgi-sys/domainredirect.cgi </VirtualHost> [% ELSE -%] # Domain forwarding is currently disabled. # You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface. [% END %] ################################################## ################################################## # # Default SSL Hostname Virtual Host # ################################################## ################################################## [%- WHILE (vh_block = sharedips.splice(0, 50)) AND vh_block.size -%] <VirtualHost [% FOREACH vh IN vh_block -%][% parsed_ip(vh) _ ":${configured.main_port_ssl}" %] [% END -%][% IF !sharedips.size %]*:[% configured.main_port_ssl %][% END %]> ServerName [% wildcard_safe(servername) %] DocumentRoot [% paths.dir_docroot %] [%- IF serveradmin -%] ServerAdmin [% serveradmin %] [%- ELSE -%] ServerAdmin webmaster@[% servername %] [%- END -%] <IfModule suphp_module> suPHP_UserGroup nobody nobody </IfModule> [%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%] <Directory "/"> AllowOverride All </Directory> [% ELSE -%] <Directory "[% paths.dir_docroot %]"> AllowOverride All </Directory> [%- END %] [% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%] UserDir disabled [% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%] UserDir enabled [% defaultvhost.userdirprotect %] [%- END -%] [%- END -%] <IfModule ssl_module> SSLEngine on [% IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') %] SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%] SSLUseStapling Off [%- END -%] [%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%] SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%] SSLUseStapling Off [%- END -%] [%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%] SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key [%- IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%] SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab [%- END -%] [%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%] SSLUseStapling Off [%- END -%] [% ELSE %] # No service SSL installed for cPanel [% END %] </IfModule> UseCanonicalName Off <IfModule security2_module> SecRuleEngine On </IfModule> <IfModule security3_module> modsecurity_rules 'SecRuleEngine On' </IfModule> </VirtualHost> [% END -%] # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor