Create vhosts, users, and document roots

templates/Fedora/34/etc/httpd/conf.d/vhost.conf

@@ -0,0 +1,102 @@
+<Directory "/srv/http">
+    AllowOverride None
+    Require all granted
+</Directory>
+
+{% for item in http_vhost %}
+<Directory "/srv/http/{{ item.fqdn }}">
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+{% endfor %}
+{% for item in http_vhost %}
+{% if item.aliases is defined %}
+{% for item_alias in item.aliases %}
+<VirtualHost *:80>
+  ServerName {{ item_alias }}
+  ServerAdmin webmaster@firedragonenterprises.com
+  DocumentRoot /srv/http/{{ item.fqdn }}
+  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
+</VirtualHost>
+
+{% endfor %}
+{% endif %}
+<VirtualHost *:80>
+  ServerName {{ item.fqdn }}
+  ServerAdmin webmaster@firedragonenterprises.com
+  DocumentRoot /srv/http/{{ item.fqdn }}
+  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
+</VirtualHost>
+
+{% if item.aliases is defined %}
+{% for item_alias in item.aliases %}
+<VirtualHost *:443>
+  SSLEngine on
+  SSLProtocol all -TLSv1.1
+  SSLProxyProtocol all -TLSv1.1
+  SSLHonorCipherOrder on
+  SSLCipherSuite PROFILE=SYSTEM
+  SSLProxyCipherSuite PROFILE=SYSTEM
+  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  ServerName {{ item_alias }}
+  ServerAdmin webmaster@firedragonenterprises.com
+  DocumentRoot /srv/http/{{ item.fqdn }}
+  RedirectMatch permanent "^(?!/\.well-known/acme-challenge/).*" https://{{ item.fqdn }}$0
+  <Location /.ansible>
+    Require all denied
+  </Location>
+  <Location /.config>
+    Require all denied
+  </Location>
+  <Location /.ssh>
+    Require all denied
+  </Location>
+</VirtualHost>
+
+{% endfor %}
+{% endif %}
+<VirtualHost *:443>
+  SSLEngine on
+  SSLProtocol all -TLSv1.1
+  SSLProxyProtocol all -TLSv1.1
+  SSLHonorCipherOrder on
+  SSLCipherSuite PROFILE=SYSTEM
+  SSLProxyCipherSuite PROFILE=SYSTEM
+  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  ServerName {{ item.fqdn }}
+  ServerAdmin webmaster@firedragonenterprises.com
+  DocumentRoot /srv/http/{{ item.fqdn }}
+  Alias /error/ "/var/www/error/"
+{% if item.proxy is defined %}
+  ProxyPass "/.well-known" "!"
+  ProxyPass "/phpMyAdmin" "!"
+  ProxyPass "/phpmyadmin" "!"
+  ProxyPass "/" "{{ item.proxy }}"
+  ProxyPassReverse "/" "{{ item.proxy }}"
+  ProxyTimeout 300
+{% endif %}
+  <Location /.ansible>
+    Require all denied
+  </Location>
+  <Location /.cache>
+    Require all denied
+  </Location>
+  <Location /.config>
+    Require all denied
+  </Location>
+  <Location /.local>
+    Require all denied
+  </Location>
+  <Location /.git>
+    Require all denied
+  </Location>
+  <Location /.ssh>
+    Require all denied
+  </Location>
+</VirtualHost>
+
+{% endfor %}