states/apache2/files/index.conf

{# This configuration is based on wordpress_composer.conf and any changes to
 # this file should be duplicated there, as appropriate.
-#}
# vim: ft=apache:
<VirtualHost *:443>
    ServerName {{ SERVER_NAME }}
    ErrorLog ${APACHE_LOG_DIR}/{{ SERVER_NAME }}_error.log
    CustomLog ${APACHE_LOG_DIR}/{{ SERVER_NAME }}_access.log combined

    SSLEngine on
    SSLCertificateFile {{ LE_CERT_PATH }}/fullchain.pem
    SSLCertificateKeyFile {{ LE_CERT_PATH }}/privkey.pem

    RewriteEngine On
    # Log Rewrite actions (use trace1 - trace8 for detailed logging)
    LogLevel rewrite:warn

    ###########################################################################
    # CC Legal Tools
    # Directory Aliases
    Alias /status           /var/www/git/cc-legal-tools-data/docs/status
    Alias /rdf              /var/www/git/cc-legal-tools-data/docs/rdf
    Alias /publicdomain     /var/www/git/cc-legal-tools-data/docs/publicdomain
    Alias /licenses         /var/www/git/cc-legal-tools-data/docs/licenses
    Alias /cc-legal-tools   /var/www/git/cc-legal-tools-data/docs/cc-legal-tools
    # File Aliases
    Alias /schema.rdf   /var/www/git/cc-legal-tools-data/docs/rdf/schema.rdf
    Alias /ns.html      /var/www/git/cc-legal-tools-data/docs/rdf/ns.html
    Alias /ns           /var/www/git/cc-legal-tools-data/docs/rdf/ns.html
    <Directory /var/www/git/cc-legal-tools-data/docs>
        # Disable .htaccess (for security and performance)
        AllowOverride None
        # Also serve HTML files without .html extension
        RewriteCond %{REQUEST_FILENAME}.html -f
        RewriteRule !.*\.html$ %{REQUEST_FILENAME}.html [L]
        # Redirect .../index.php to .../
        RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
        # Deny access to PHP files (content should be only static files)
        RewriteRule .*\.php$ "-" [F,L]
        # Correct mimetype for .../rdf files
        RewriteRule (.*/rdf$) $1 [T=application/rdf+xml]
    </Directory>

    ###########################################################################
    # Chooser
#    Alias /choose /var/www/git/chooser/docs
#    <Directory /var/www/git/chooser/docs>
#        # Disable .htaccess (for security and performance)
#        AllowOverride None
#        # Redirect .../index.php to .../
#        RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
#        RewriteCond %{REQUEST_FILENAME} !-f
#        RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
#        # Deny access to PHP files (content should be only static files)
#        RewriteRule .*\.php "-" [F,L]
#    </Directory>
    RedirectPermanent /choose/zero  /choose
    RedirectPermanent /chooser      /choose
    RedirectTemp /choose https://chooser-beta.creativecommons.org

    ###########################################################################
    # FAQ
    Alias /faq /var/www/git/faq/faq
    <Directory /var/www/git/faq/faq>
        # Disable .htaccess (for security and performance)
        AllowOverride None
        # Redirect .../index.php to .../
        RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
        # Deny access to PHP files (content should be only static files)
        RewriteRule .*\.php "-" [F,L]
    </Directory>

    ###########################################################################
    # Platform Toolkit
    Alias /platform/toolkit /var/www/git/mp/docs
    <Directory /var/www/git/mp/docs>
        # Disable .htaccess (for security and performance)
        AllowOverride None
        # Redirect .../index.php to .../
        RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
        # Deny access to PHP files (content should be only static files)
        RewriteRule .*\.php "-" [F,L]
    </Directory>

    ###########################################################################
    # WordPress/Default
    DocumentRoot {{ DOCROOT }}
    <Directory {{ DOCROOT }}>
{%- if salt.pillar.get("apache2:stage_username", false) and salt.pillar.get("apache2:stage_password", false) %}
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /var/www/htpasswd
        Require valid-user
{%- endif %}
        AllowOverride AuthConfig Limit Options FileInfo
        Options +FollowSymLinks -Indexes
        <Files .env>
            Require all denied
        </Files>
    </Directory>
    <Directory {{ DOCROOT }}/backup>
        AllowOverride None
        Require all denied
    </Directory>
    <Directory {{ DOCROOT }}/wp/wp-admin/includes>
        AllowOverride None
        Require all denied
    </Directory>
    <Directory {{ DOCROOT }}/wp/wp-includes/theme-compat>
        AllowOverride None
        Require all denied
    </Directory>
    <Directory {{ DOCROOT }}/wp-content/uploads>
        AllowOverride None
        <FilesMatch "[.]ph(?:p\d?|t|tml)$">
            Require all denied
        </FilesMatch>
    </Directory>
    <FilesMatch "^[.]?wp-config[.]php">
        Require all denied
    </FilesMatch>

    # Default Index
    RewriteRule ^(/)?$ /wp/index.php [L]
    # WP-API
    RewriteRule ^(/wp-json/.*)$ /wp/index.php$1 [L]

    # Permalinks (for dirs/files not found)
    # https://codex.wordpress.org/Using_Permalinks
    # Directory Conditions
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/wp
    RewriteCond %{REQUEST_URI} !^/status
    RewriteCond %{REQUEST_URI} !^/rdf
    RewriteCond %{REQUEST_URI} !^/publicdomain
    RewriteCond %{REQUEST_URI} !^/platform/toolkit
    RewriteCond %{REQUEST_URI} !^/licenses
    RewriteCond %{REQUEST_URI} !^/faq
    RewriteCond %{REQUEST_URI} !^/choose
    RewriteCond %{REQUEST_URI} !^/cc-legal-tools
    # File Conditions
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !^/schema.rdf$
    RewriteCond %{REQUEST_URI} !^/ns.html$
    RewriteCond %{REQUEST_URI} !^/ns$
    # Rule
    RewriteRule . /wp/index.php [L]

    # Serve non-/wp-content/ out of /wp/ (for dirs/files not found)
    # https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
    # Directory Conditions
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/wp/
    RewriteCond %{REQUEST_URI} !^/wp-content/
    RewriteCond %{REQUEST_URI} !^/status
    RewriteCond %{REQUEST_URI} !^/rdf
    RewriteCond %{REQUEST_URI} !^/publicdomain
    RewriteCond %{REQUEST_URI} !^/platform/toolkit
    RewriteCond %{REQUEST_URI} !^/licenses
    RewriteCond %{REQUEST_URI} !^/faq
    RewriteCond %{REQUEST_URI} !^/choose
    RewriteCond %{REQUEST_URI} !^/cc-legal-tools
    # File Conditions
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !^/schema.rdf$
    RewriteCond %{REQUEST_URI} !^/ns.html$
    RewriteCond %{REQUEST_URI} !^/ns$
    # Rule
    RewriteRule ^/(.*)$ /wp/$1
</VirtualHost>


<VirtualHost *:80>
    ServerName ${HTTP_HOST}
    ErrorLog ${APACHE_LOG_DIR}/{{ SERVER_NAME }}_error.log
    CustomLog ${APACHE_LOG_DIR}/{{ SERVER_NAME }}_access.log combined

    # Enable Let's Encrypt verification
    Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
    <Directory /var/www/html/.well-known/acme-challenge>
        Options None
        AllowOverride None
        ForceType text/plain
        RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
    </Directory>

    # Enable WordPress migrations
    Alias /cache-uploads {{ DOCROOT }}/cache-uploads
    <Directory {{ DOCROOT }}/cache-uploads>
        AllowOverride None
        # Options default is FollowSymlinks
        Require local
    </Directory>

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/cache-uploads [NC]
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
</VirtualHost>