# :mode=apacheconf:
#
# @brief Apache 2.4 Configuration for Wordpress
# Assumes WP installed at /var/www/wordpress
#
User www-data
Group www-data
ServerName www.example.com
ServerTokens Minor
Timeout 120
KeepAlive On
MaxKeepAliveRequests 256
KeepAliveTimeout 4
#
# Aliases
LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
#
# @note Need to log the "FROM" IP which gets forwareded from the load balancer
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
# LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost
LogFormat "%v:%p %h/%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost
CustomLog ${APACHE_LOG_DIR}/access.log vhost
#
# Auth Digest
LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
#
# Compress/Deflate Contents
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/html text/plain text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/rss+xml
#
# Find DIR files
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
DirectoryIndex index.php index.html
#
# Environment
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
SetEnv APP_MODE @APP_MODE@
#
# Expires/Caching
LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
ExpiresActive On
ExpiresDefault A0
# Canonical for JS
ExpiresByType application/javascript A14400
ExpiresByType image/gif A14400
ExpiresByType image/gif A14400
ExpiresByType image/jpg A14400
ExpiresByType text/css A14400
# Sometimes this shows up
ExpiresByType text/javascript A14400
#
# Headers
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
Header unset Pragma
Header unset X-Powered-By
#
# Info Module
# LoadModule info_module /usr/lib/apache2/modules/mod_info.so
#
# SetHandler server-info
# Require valid-user
#
#
# Smart MIME handling
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
TypesConfig /etc/mime.types
AddType application/x-gzip .gz .tgz
AddType application/vnd.ms-fontobject .eot
AddType application/font-woff .woff
AddType application/vnd.ms-opentype .otf
AddType image/svg+xml .svg
AddType application/x-font-ttf .ttf
#
# Prefork MPM
LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
PIDFile /var/run/apache2/apache2.pid
MaxClients 256
MaxRequestsPerChild 4096
MaxSpareServers 16
MinSpareServers 4
StartServers 16
#
# Loading PHP
LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
SetHandler application/x-httpd-php
#
# Max/Min Restrictions
LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
RequestReadTimeout header=16-32,minrate=512
RequestReadTimeout body=8,minrate=512
#
# ModRewrite (see .htaccess)
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
# RewriteLog /var/log/apache2/rewrite.log
# RewriteLogLevel 2
#
# SSL
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
SSLSessionCache shmcb:/tmp/apache-ssl-cache.shm(524288)
#
# Status Module
# LoadModule status_module /usr/lib/apache2/modules/mod_status.so
# ExtendedStatus On
# SeeRequestTail On
#
# SetHandler server-status
# Require valid-user
#
#
# Unique ID for Every Request
# LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so
#
# Lock Root Dir
AllowOverride None
Require all denied
#
# Directory based Configuration w/PHP over-rides
# Once we git rid of .htaccess files
# AllowOverride None
Require all granted
# Mark Offline
# Must have only one "# RewriteRule .*"
# Path is assumed by scripts to be correct, set properly on install
# RewriteRule .* offline.php [last]
# @note Typical of Cake, Radix, Yii and Zend
RewriteEngine On
# RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* /index.php [L,QSA]
#
# Define some PHP Settings
php_flag apc.enabled on
php_flag define_syslog_variables on
php_flag display_errors on
php_flag display_startup_errors on
php_flag error_log on
php_flag html_errors on
php_flag ignore_repeated_errors on
php_flag ignore_repeated_source on
php_flag implicit_flush off
php_flag log_errors on
php_flag magic_quotes_runtime off
php_value date.timezone UTC
php_value error_reporting -1
php_value max_input_vars 2048
php_value memory_limit 256M
# Session Data
php_flag session.auto_start off
php_flag session.bug_compat_42 off
php_flag session.cookie_httponly on
php_flag session.use_strict_mode on
# 7d
php_value session.cookie_lifetime 0
# 1h
php_value session.gc_maxlifetime 3600
php_value session.name my_site
# @todo Eventually we want use Elasticache
php_value session.save_handler memcached
php_value session.save_path localhost:11211
# php_flag display_errors 1
# php_flag display_startup_errors 1
# php_value date.timezone America/Los_Angeles
#
# The Default Server & Proper Web-Site
Listen 80
# Use empty webroot for protection?
DocumentRoot /var/www/wordpress
ServerName example.com
ServerAlias www.example.com
RewriteEngine On
# Protect against XSS
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# Focre Canonical Host
# @note don't forget to properly handle the EC2LB checker
RewriteCond %{HTTP_HOST} !^example\.com$
RewriteRule ^(.*)$ http://example.com$1 [R=301,L]
#
# The SSL Site
Listen 443
DocumentRoot /var/www/wordpress
SSLEngine On
ServerName example.com
# Apache Provided Defaults
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
RewriteEngine On
# Protect against XSS
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]