Skip to content

Apache Virtual Host Configuration

Jump to bottom Edit New page
Ian Turgeon edited this page Aug 26, 2017 · 5 revisions

Production ready Apache configuration.

Features

  • port 80 redirects to 443
  • SSL
  • FuelPhp Environment set to production
  • XSendFile enabled for speedy media delivery
  • Max Upload set to 50MB for widget package uploading
  • PHP execution restricted to FuelPHP's entry script
  • All other PHP scripts do not execute, and result in a 404
  • All "dot" files and directories are denied
<VirtualHost *:80>
    # Redirect all traffic to HTTPS
    ServerName materia.YOUR_DOMAIN.edu
    Redirect "/" "https://materia.school.edu/"
</VirtualHost>

<VirtualHost *:443>
    ServerName materia.school.edu
    DocumentRoot /var/www/materia/public
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Setup SSL
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/materia-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/materia-selfsigned.key

    # SET the FUELPHP environment
    SetEnv FUEL_ENV production

    # Block php execution by default
    php_value engine off

    # route 404 and 403 errors to FuelPHP
    ErrorDocument 404 /index.php?/404
    ErrorDocument 403 /index.php?/403

    # Main application directory
    <Directory /var/www/materia/public>
        # Add xsendfile for faster/efficient media downloads
        XSendFile On
        XSendFilePath /var/www/materia/fuel/packages/materia/media

        # Allow the fuelphp .htaccess file to do it's thing
        AllowOverride All

        # Allow for sizable widget uploads to the admin panel
        php_value upload_max_filesize "50M"
    </Directory>

    # turn on php for index.php
    <FilesMatch "^index.php">
            php_value engine on
    </FilesMatch>

    # hide/disable php for every script thats not index.php
    <FilesMatch "^(?!index).*(\.php)">
        # this isn't needed, but just to make it obvious...
        php_value engine off

        order allow,deny
        deny from all
    </FilesMatch>

    # Static files
    <DirectoryMatch "^/var/www/materia/public/(widget|css|js|img)/">
        # allows symlinks to support zero downtime deploy mechanisms
        Options FollowSymLinks

        # block .htaccess files
        AllowOverride None
    </DirectoryMatch>

    # Block access to all dot files and directories
    <DirectoryMatch "^\.|\/\.">
        Order allow,deny
        Deny from all
    </DirectoryMatch>

</VirtualHost>

UCF Open Logo

Materia is a UCF open source project.

Documentation || Materia on Github || About UCF Open

Add a custom sidebar
Clone this wiki locally