ServerName photos.theschleiers.com
ServerAdmin webmaster@theschleiers.com
Define PORT_SSL 36403
Define PORT_HTTP 36365
Define PORT_GALLERY 36366
Listen 127.0.0.1:${PORT_SSL}
Define SERVERHOME /home/schleierdav/sites/theschleiers.com/photos
DocumentRoot "${SERVERHOME}/html"
ErrorLog "${SERVERHOME}/logs/errors"
LoadModule alias_module lib/httpd/mod_alias.so
Alias "/.well-known/acme-challenge/" "${SERVERHOME}/letsencrypt/"
LoadModule mpm_prefork_module lib/httpd/mod_mpm_prefork.so
PidFile "${SERVERHOME}/service/apache.pid"
LoadModule log_config_module lib/httpd/mod_log_config.so
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_for_proxied_site
CustomLog "${SERVERHOME}/logs/access" combined_for_proxied_site env=!INTERNAL_DUMMY_CONNECTION
LoadModule remoteip_module lib/httpd/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1
RemoteIPProxyProtocol on
ServerName photos.theschleiers.com
ServerAlias xn--9dbazj1ce.xn--8dbkaamj9ee.com
ServerAlias fotos.dieschleier.de
LoadModule auth_basic_module lib/httpd/mod_auth_basic.so
LoadModule authn_core_module lib/httpd/mod_authn_core.so
LoadModule authn_file_module lib/httpd/mod_authn_file.so
LoadModule authz_core_module lib/httpd/mod_authz_core.so
LoadModule authz_user_module lib/httpd/mod_authz_user.so
Require user reberber
AuthName "Schleier Raw Photos"
AuthType Basic
AuthBasicProvider file
AuthUserFile "${SERVERHOME}/conf/users"
Require user veiled
Require all granted
LoadModule dav_module lib/httpd/mod_dav.so
LoadModule dav_fs_module lib/httpd/mod_dav_fs.so
DavLockDB "${SERVERHOME}/service/davlock"
Dav on
LoadModule proxy_module lib/httpd/mod_proxy.so
LoadModule proxy_http_module lib/httpd/mod_proxy_http.so
LoadModule rewrite_module lib/httpd/mod_rewrite.so
ProxyTimeout 293
RewriteEngine on
RewriteCond %{ENV:SPEAK_DAV_TO_ME} !=YES
RewriteCond %{ENV:LETSENCRYPT_CHALLENGE} !=YES
RewriteRule ^/(.*)$ http://127.0.0.1:${PORT_GALLERY}/$1 [P,L]
LoadModule setenvif_module lib/httpd/mod_setenvif.so
SetEnvIf User-Agent ^WebDAV.*$ \
SPEAK_DAV_TO_ME=YES
SetEnvIf User-Agent ^Apache/.* .*internal dummy connection.*$ \
INTERNAL_DUMMY_CONNECTION
SetEnvIf Request_URI "^/\.well-known/acme-challenge/.*$" \
LETSENCRYPT_CHALLENGE=YES
LoadModule ssl_module lib/httpd/mod_ssl.so
SSLEngine on
SSLCertificateFile "/home/schleierdav/sites/theschleiers.com/photos/letsencrypt/cert/letsencrypt_combined.pem"
SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4"
LoadModule unixd_module lib/httpd/mod_unixd.so
Listen 127.0.0.1:${PORT_HTTP}
ServerName photos.theschleiers.com
Redirect permanent "/" "https://photos.theschleiers.com/"
# XXX allow acme-challenge in these ones
ServerName xn--9dbazj1ce.xn--8dbkaamj9ee.com
Redirect permanent "/" "https://xn--9dbazj1ce.xn--8dbkaamj9ee.com/"
ServerName fotos.dieschleier.de
Redirect permanent "/" "https://fotos.dieschleier.de/"