# The main sucs website
DocumentRoot "/var/www/sucssite/htdocs"
ServerAdmin admin@sucs.org
ServerName sucs.org
ServerAlias www.sucs.org
ServerAlias sucs.swan.ac.uk
ServerAlias www.sucs.swan.ac.uk
ServerAlias compsoc.swan.ac.uk
ServerAlias www.compsoc.swan.ac.uk
Include /etc/apache2/conf.sucs.d/userdir.conf
ErrorLog /var/log/apache2/sucssite_error.log
CustomLog /var/log/apache2/sucssite_access.log combined
LogLevel warn
AllowOverride All
XBitHack On
Order allow,deny
Allow from all
Options +MultiViews
RewriteEngine On
# Ensure requests are for our preferred domains
# Disabled by ~imranh 08/04/2015
# We want people to do to sucs.org becuase we have a ssl cert for that
# Keep stuff thats come in via *.swan.ac.uk in .ac.uk
#RewriteCond %{HTTP_HOST} ^www.sucs.swan.ac.uk [NC,OR]
#RewriteCond %{HTTP_HOST} ^compsoc.swan.ac.uk [NC,OR]
#RewriteCond %{HTTP_HOST} ^www.compsoc.swan.ac.uk [NC]
#RewriteRule ^(.*)$ http://sucs.swan.ac.uk/$1 [R=301,L]
#(web)mail.sucs.org to sucs.org/webmail
RewriteCond %{HTTP_HOST} ^mail.sucs.org [NC,OR]
RewriteCond %{HTTP_HOST} ^webmail.sucs.org [NC]
RewriteRule ^(.*)$ http://sucs.org/webmail/ [R=301,L]
# Everything else may as well goto sucs.org
RewriteCond %{HTTP_HOST} !^sucs.org [NC]
#RewriteCond %{HTTP_HOST} !^sucs.swan.ac.uk [NC]
RewriteRule ^(.*)$ http://sucs.org/$1 [R=301,L]
# If its not a file or directory pass it to the website script
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index\.php.*
RewriteRule ^(.*)$ index.php/$1 [QSA,L]
#RedirectMatch permanent ^/Community/Forum$ https://sucs.org/Community/Forum/
RedirectMatch permanent ^/webmail$ https://sucs.org/webmail/
DocumentRoot "/var/www/sucssite/htdocs"
ServerAdmin admin@sucs.org
ServerName sucs.org
ServerAlias www.sucs.org
ServerAlias sucs.swan.ac.uk
ServerAlias www.sucs.swan.ac.uk
ServerAlias compsoc.swan.ac.uk
ServerAlias www.compsoc.swan.ac.uk
ErrorLog /var/log/apache2/ssl_error.log
TransferLog /var/log/apache2/ssl_access.log
LogLevel warn
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=604800"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLCertificateFile /usr/local/sucs-pki/certs/sucs.crt
SSLCertificateKeyFile /usr/local/sucs-pki/private/sucs.key
SSLCertificateChainFile /usr/local/sucs-pki/certs/globalsign.crt
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyRequests Off
Order allow,deny
Allow from all
ProxyVia On
SSLProxyEngine on
ProxyPass /svn https://projects.sucs.org/svn
#DAV svn
#SVNParentPath /var/projects/svn
#Redirect / https://projects.sucs.org/
ProxyPassReverse https://projects.sucs.org/svn
Include /etc/apache2/conf.sucs.d/userdir.conf
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
AllowOverride All
XBitHack On
Order allow,deny
Allow from all
Options +MultiViews
RewriteEngine On
# Ensure requests are for our preferred domains
# Disabled by ~imranh 08/04/2015
# We want people to do to sucs.org becuase we have a ssl cert for that
# Keep stuff thats come in via *.swan.ac.uk in .ac.uk
#RewriteCond %{HTTP_HOST} ^www.sucs.swan.ac.uk [NC,OR]
#RewriteCond %{HTTP_HOST} ^compsoc.swan.ac.uk [NC,OR]
#RewriteCond %{HTTP_HOST} ^www.compsoc.swan.ac.uk [NC]
#RewriteRule ^(.*)$ https://sucs.swan.ac.uk/$1 [R=301,L]
#(web)mail.sucs.org to sucs.org/webmail
RewriteCond %{HTTP_HOST} ^mail.sucs.org [NC,OR]
RewriteCond %{HTTP_HOST} ^webmail.sucs.org [NC]
RewriteRule ^(.*)$ https://sucs.org/webmail/$1 [R=301,L]
# Everything else may as well goto sucs.org
RewriteCond %{HTTP_HOST} !^sucs.org [NC]
#RewriteCond %{HTTP_HOST} !^sucs.swan.ac.uk [NC]
RewriteRule ^(.*)$ https://sucs.org/$1 [R=301,L]
# If its not a file or directory pass it to the website script
RewriteCond %{REQUEST_URI} !=/server-status
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index\.php.*
RewriteRule ^(.*)$ index.php/$1 [QSA,L]
# Disabled, Moved to the gitlab VM ~imranh
#Include /etc/apache2/conf.d/projects.conf
# Redirect to squirrelmail install
Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /webmail /var/lib/roundcube
Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /roundcube /var/lib/roundcube
# 2015-03-16 Moved the /cam alias to here from /etc/apache2/conf.d/webcam to stop it becoming an alias on all virtual hosts, commented out the file in the other location. ~rjames93
Alias /cam /var/cam
Order allow,deny
Allow from all
Options Indexes SymLinksIfOwnerMatch
AuthType Basic
AuthName "Staff Only Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://127.0.0.1/dc=sucs,dc=org?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=sucsstaff,ou=Group,dc=sucs,dc=org
Alias /stats/collectd-web /var/www/collectd-web
Options Indexes ExecCGI
AllowOverride All
AddHandler cgi-script .cgi