[%
USE JSON;
SET nginx_is_enabled = file_test('f', '/etc/nginx/ea-nginx/cpanel_localhost_header.json');
IF nginx_is_enabled;
SET header_data = JSON.loadfile('/etc/nginx/ea-nginx/cpanel_localhost_header.json');
IF header_data.exists('cPanel-localhost');
SET cpanel_localhost_value = header_data.item('cPanel-localhost');
END;
END;
%]
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# Direct modifications to the Apache configuration file WILL be lost upon subsequent
# regeneration of this configuration file, or an Apache update.
#
# To have your modifications retained, you should create/edit administrator-specific
# include files:
#
# [% paths.dir_conf_includes %]/pre_main_global.conf
# [% paths.dir_conf_includes %]/pre_virtualhost_global.conf
# [% paths.dir_conf_includes %]/post_virtualhost_global.conf
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
##################################################
##################################################
#
# cPanel & WHM controlled Apache configuration
#
##################################################
##################################################
[%# NOTE: The IF variable.exists() method used throughout this template is to deal with
migration from ea3 to ea4. This should allow pre-existing distillation of variables
when the user was on EA3 but didn't use the WHM interfaces to update their httpd.conf.
The ELSE clause is there to ensure a default is placed into the configuration regardless
of previous distillations and will attempt to use the WHM settings where possible.
Ideally speaking, the user shouldn't be using previously distilled information since
we're moving towards a solution where httpd.conf isn't a database. However, we're not
there yet, so the exists() method is used to ensure easier migration.
-%]
Include "[% paths.dir_base %]/conf.modules.d/*.conf"
# Administrator locations for safely altering httpd.conf
[% IF file_test('f', paths.dir_conf_includes _ '/pre_main_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_main_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_main_global.conf" if you want to customize httpd.conf.
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/pre_main_2.conf') -%]
# Major Version Specific
Include "[% paths.dir_conf_includes %]/pre_main_2.conf"
[% END -%]
# These are hard-coded values that are required by cPanel & WHM
PidFile [% paths.dir_run %]/httpd.pid
User nobody
Group nobody
ExtendedStatus [% IF main.exists('extendedstatus') %][% main.extendedstatus.item.extendedstatus %][% ELSE %]Off[% END %]
LogLevel [% IF main.exists('loglevel') %][% main.loglevel.item.loglevel %][% ELSE %]warn[% END %]
[%- IF main.exists('symlink_protect') %]
SymlinkProtect [% main.symlink_protect.item.symlink_protect %]
SymlinkProtectRoot [% paths.dir_docroot %]
[% END -%]
# You can change this by using WHM, and navigating to the 'Basic WebHost ManagerĀ® Setup' -> 'Contact Information' interface.
ServerAdmin [% serveradmin %]
# You can change this by using WHM, and navigating to the 'Networking Setup' => 'Change Hostname' interface.
ServerName [% wildcard_safe(main.servername.item.servername) %]
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Global Configuration' interface.
[% IF main.exists('traceenable') %]TraceEnable [% main.traceenable.item.traceenable %][% END %]
[% IF main.exists('serversignature') %]ServerSignature [% main.serversignature.item.serversignature %][% END %]
[% IF main.exists('servertokens') %]ServerTokens [% main.servertokens.item.servertokens %][% END %]
[% IF main.exists('fileetag') %]FileETag [% main.fileetag.item.fileetag %][% END %]
[% IF main.exists('optimize_htaccess') && main.optimize_htaccess.item.optimize_htaccess && main.optimize_htaccess.item.optimize_htaccess != "search_full_path" %]
AllowOverride None
[% ELSE %]
AllowOverride All
[% END %]
Options [% main.directory.options.item.options %]
[% IF main.exists('startservers') %]StartServers [% main.startservers.item.startservers %][% END %]
[% IF main.exists('minspareservers') %]MinSpareServers [% main.minspareservers.item.minspareservers %][% END %]
[% IF main.exists('maxspareservers') %]MaxSpareServers [% main.maxspareservers.item.maxspareservers %][% END %]
[% IF main.exists('serverlimit') %]ServerLimit [% main.serverlimit.item.serverlimit %][% END %]
[% IF main.exists('maxclients') %]MaxRequestWorkers [% main.maxclients.item.maxclients %][% END %]
[% IF main.exists('maxrequestsperchild') %]MaxConnectionsPerChild [% main.maxrequestsperchild.item.maxrequestsperchild %][% END %]
[% IF main.exists('keepalive') %]KeepAlive [% main.keepalive.item.keepalive %][% END %]
[% IF main.exists('keepalivetimeout') %]KeepAliveTimeout [% main.keepalivetimeout.item.keepalivetimeout %][% END %]
[% IF main.exists('maxkeepaliverequests') %]MaxKeepAliveRequests [% main.maxkeepaliverequests.item.maxkeepaliverequests || 0 %][% END %]
[% IF main.exists('timeout') %]Timeout [% main.timeout.item.timeout %][% END %]
[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
# Global DCV Exclude - Rewrites
RewriteEngine on
[% FOR pattern = dcv_rewrite_patterns -%]
RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
[% END -%]
[% IF all_possible_proxy_subdomains_regex %]
# Exclude proxy subdomains as we need rewrites to capture the DCV requests
RewriteCond %{HTTP_HOST} !^(?:[% all_possible_proxy_subdomains_regex %])\.
[% END -%]
RewriteRule ^ - [END]
[% SET dcv_location_regex = '(' _ dcv_rewrite_patterns.join('|') _ ')'; %]
# Global DCV Exclude - Location
Satisfy Any
Order Allow,Deny
Allow from all
[% END %]
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'DirectoryIndex Priority' interface.
DirectoryIndex [% main.directoryindex.item.directoryindex %]
# You can change this by using WHM, and navigating to the 'Apache Configuration' -> 'Memory Usage Restrictions' interface.
[%# NOTE: The maxrlimit* settings are currently hard-coded to off in WHM -%]
[% IF main.rlimitcpu.item.softrlimitcpu -%]
RLimitCPU [% main.rlimitcpu.item.softrlimitcpu %] [% main.rlimitcpu.item.maxrlimitcpu %]
[% END -%]
[% IF main.rlimitmem.item.softrlimitmem -%]
RLimitMEM [% main.rlimitmem.item.softrlimitmem %] [% main.rlimitmem.item.maxrlimitmem %]
[% END -%]
# This setting is required by cPanel & WHM in order to provide access to a default webpage when none exists
Options All
AllowOverride None
Require all granted
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
# Required cPanel security policy: Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
Require all denied
# PHP error_log protection
Require all denied
ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi
[% IF autodiscover_proxy_subdomains -%]
ScriptAliasMatch ^/Autodiscover/Autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
ScriptAliasMatch ^/autodiscover/autodiscover.xml /usr/local/cpanel/cgi-sys/autodiscover.cgi
[% END -%]
Alias /bandwidth /usr/local/bandmin/htdocs/
Alias /img-sys /usr/local/cpanel/img-sys/
Alias /java-sys /usr/local/cpanel/java-sys/
[% IF !skipmailman -%]
Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
[% END -%]
Alias /sys_cpanel /usr/local/cpanel/sys_cpanel/
ScriptAlias /cgi-sys /usr/local/cpanel/cgi-sys/
[% IF !skipmailman -%]
ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
[% END -%]
[% IF file_test('f', '/usr/local/cpanel/cgi-sys/scgiwrap') %]ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap[% END %]
# This can be configured in the cPanel 'Leech Protection' interface.
[% IF file_test('f', '/usr/local/cpanel/bin/leechprotect') -%]
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
Mutex file:[% paths.dir_run %] rewrite-map
[% END -%]
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-tar .tgz
AddType text/vnd.wap.wml .wml
AddType image/vnd.wap.wbmp .wbmp
AddType text/vnd.wap.wmlscript .wmls
AddType application/vnd.wap.wmlc .wmlc
AddType application/vnd.wap.wmlscriptc .wmlsc
# These extensions are used to redirect incoming requests to WHM
AddHandler cgi-script .cgi .pl .plx .ppl .perl
# This is used for custom error documents
AddHandler server-parsed .shtml
# You can change this by using WHM, and updating the 'Tweak Settings' -> 'System' -> 'Allow server-info' option.
# This is used by the WHM 'Apache Status' application
SetHandler server-status
Order deny,allow
Deny from all
[% IF options_support.APR_HAVE_IPV6 -%]
Allow from 127.0.0.1 ::1
[% ELSE -%]
Allow from 127.0.0.1
[% END -%]
SecRuleEngine Off
modsecurity_rules 'SecRuleEngine Off'
[% IF serve_server_status -%]
SetHandler server-status
Order deny,allow
Deny from all
Allow from [% allow_server_info_status_from %]
[% END -%]
# Required cPanel security policy: disable userdir when mod_ruid2 or mpm_itk or mod_passenger are loaded
UserDir public_html
UserDir disabled
UserDir disabled
UserDir disabled
[% IF nginx_is_enabled && cpanel_localhost_value %]
# This allows us to not log requests proxied to Apache from nginx;
# That way hits are not double recorded.
SetEnvIf cPanel-localhost [% cpanel_localhost_value %] isproxyrequest
RequestHeader unset cPanel-localhost
RemoteIPHeader X-Forwarded-For-[% cpanel_localhost_value %]
RemoteIPInternalProxy [% wildcard_safe(main.servername.item.servername) %]
[% FOREACH ip IN ips_in_use -%]
[% ip = ip.remove( '^\[' ) -%]
[% ip = ip.remove( '\]$' ) -%]
RemoteIPInternalProxy [% ip %]
[% END -%]
RequestHeader unset X-Forwarded-For-[% cpanel_localhost_value %]
[% END -%]
[%#
#-------------------#
# CLOUDFLARE CONFIG #
#-------------------#
%]
[% IF !nginx_is_enabled && !file_test( 'f', '/var/cpanel/no_apache_cloudflare' ) -%]
[%
USE ApacheConfig;
SET generated = ApacheConfig.generate_cloudflare_config();
-%]
[% IF generated && file_test( 'f', paths.dir_conf_includes _ '/cloudflare.conf' ) -%]
Include [% paths.dir_conf_includes %]/cloudflare.conf
[% END -%]
[% END -%]
[% IF enable_piped_logs -%]
LogFormat "%v:%{local}p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combinedvhost
LogFormat "%v %{%s}t %I .\n%v %{%s}t %O ." bytesvhost
LogFormat "apache-traffic.log %{%F}t %H %{SSL_PROTOCOL}x %v %I %O %{c}a %a" trafficlog
LogFormat "%v:%{local}p [% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined
LogFormat "%v:%{local}p [% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%a %l %u %t \"%r\" %>s %b[% END %]" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
[%- SET splitlogsextra = '' -%]
[%- TRY -%]
[%- SET splitlogsconf = load_conf('/var/cpanel/conf/splitlogs.conf') -%]
[%- IF splitlogsconf.maxopen.length %][% splitlogsextra = splitlogsextra _ " --maxopen=" _ splitlogsconf.maxopen %][% END -%]
[%- IF splitlogsconf.buffer.length %][% splitlogsextra = splitlogsextra _ " --buffer=" _ splitlogsconf.buffer %][% END -%]
[%- IF splitlogsconf.sslport.length %]
[% splitlogsextra = splitlogsextra _ " --sslport=" _ splitlogsconf.sslport %]
[%- ELSIF configured.main_port_ssl.length && configured.main_port_ssl != '443' %]
[% splitlogsextra = splitlogsextra _ " --sslport=" _ configured.main_port_ssl %]
[% END -%]
[%- CATCH -%]
[%# noop but catch is required or it dies %]
[%- END -%]
CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --suffix=-bytes_log[% splitlogsextra %]" bytesvhost env=!isproxyrequest
CustomLog "|/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log" trafficlog env=!isproxyrequest
CustomLog "|/usr/local/cpanel/bin/splitlogs --dir=[% paths.dir_domlogs %] --main=[% wildcard_safe(servername) %] --mainout=[% paths.file_access_log %][% splitlogsextra %]" [% logstyle %] env=!isproxyrequest
[% ELSE %]
[% IF main.exists('logformat_combined') || main.exists('logformat_common') %]
LogFormat "[% IF main.exists('logformat_combined') %][% main.logformat_combined.item.logformat_combined %][% ELSE %]%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"[% END %]" combined
LogFormat "[% IF main.exists('logformat_common') %][% main.logformat_common.item.logformat_common %][% ELSE %]%a %l %u %t \"%r\" %>s %b[% END %]" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
[% ELSE -%]
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# NOTE: "combined" and "common" are required by WHM
LogFormat "%a %l %u %t \"%r\" %>s %b" common
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[% END -%]
LogFormat "%{%F}t %H %{SSL_PROTOCOL}x %v %I %O %{c}a %a" trafficlog
CustomLog /var/log/cpanel-server-traffic/web/traffic-apache.log trafficlog env=!isproxyrequest
CustomLog logs/access_log [% logstyle %] env=!isproxyrequest
[% END %]
[% IF configured.ip_listen -%]
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
[% FOREACH ip IN configured.ip_listen -%]
Listen [% ip %]:[% configured.main_port %]
[% END -%]
[% ELSE -%]
# WARNING: This is the default value assigned during installation, and should
# be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache non-SSL IP/port')
Listen [% default_apache_port %]
[% END -%]
# cipher and protocol directives can be set in WHM under 'Apache Configuration' -> 'Global Configuration'
[% IF main.sslciphersuite.item.sslciphersuite.length %] SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %]
[% IF main.sslprotocol.item.sslprotocol.length %] SSLProtocol [% main.sslprotocol.item.sslprotocol %][% END %]
SSLPassPhraseDialog builtin
[% IF supported.stapling -%]
SSLUseStapling [% IF main.sslusestapling.item.sslusestapling.length %][% main.sslusestapling.item.sslusestapling %][% ELSE %]On[% END %]
SSLStaplingCache shmcb:[% paths.dir_run %]/stapling_cache_shmcb(256000)
# Prevent browsers from failing if an OCSP server is temporarily broken.
SSLStaplingReturnResponderErrors off
SSLStaplingErrorCacheTimeout 60
SSLStaplingFakeTryLater off
SSLStaplingResponderTimeout 3
[% END -%]
SSLSessionCache shmcb:[% paths.dir_run %]/ssl_gcache_data_shmcb(1024000)
SSLSessionCache dbm:[% paths.dir_run %]/ssl_gcache_data_dbm
SSLSessionCacheTimeout 300
Mutex file:[% paths.dir_run %] ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
[% IF configured.ip_listen_ssl -%]
# The Listen port can be updated using 'Tweak Settings' -> 'System',
# However, if you have any Apache Reserved IPs, then this Tweak setting will
# be ignored. Instead, each IP on your system (excluding Apache Reserved IPs)
# will be listed here.
[% FOREACH ip IN configured.ip_listen_ssl -%]
Listen [% ip %]:[% configured.main_port_ssl %]
[% END -%]
[% ELSE -%]
# WARNING: This is the default value assigned during installation, and should
# be updated using WHM ('Tweak Settings' -> 'System' -> 'Apache SSL port')
Listen [% default_apache_ssl_port %]
[% END -%]
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Include "[% paths.dir_conf %]/*.conf"
[% IF file_test('f', paths.dir_conf_includes _ '/account_suspensions.conf') -%]
Include "[% paths.dir_conf_includes %]/account_suspensions.conf"
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/errordocument.conf') -%]
Include "[% paths.dir_conf_includes %]/errordocument.conf"
[% END -%]
# Administrator locations for safely globally altering all virtualhost configurations
[% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/pre_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/pre_virtualhost_2.conf') -%]
# Major Version Specific
Include "[% paths.dir_conf_includes %]/pre_virtualhost_2.conf"
[% END -%]
[% IF proxypass_for_proxysubdomains -%]
ProxyPass /___proxy_subdomain_ws_cpanel ws://127.0.0.1:2082 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_whm ws://127.0.0.1:2086 max=1 retry=0
ProxyPass /___proxy_subdomain_ws_webmail ws://127.0.0.1:2095 max=1 retry=0
[% END -%]
[% IF supports_cpanelwebcall -%]
ProxyPass /cpanelwebcall/ http://127.0.0.1:2082/cpanelwebcall/ max=1 retry=0
[% END -%]
[% MACRO websocket_proxies (servername) BLOCK -%]
[% IF servername.match('^cpanel\\.') -%]
RewriteCond %{HTTP_HOST} !=[% servername %]
[% END -%]
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_cpanel/$1 [PT]
[% IF servername.match('^webmail\\.') -%]
RewriteCond %{HTTP_HOST} !=[% servername %]
[% END -%]
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_webmail/$1 [PT]
[% IF servername.match('^whm\\.') -%]
RewriteCond %{HTTP_HOST} !=[% servername %]
[% END -%]
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} websocket [nocase]
RewriteRule ^/(.*) /___proxy_subdomain_ws_whm/$1 [PT]
[% END -%]
##################################################
##################################################
#
# Define default vhosts for shared IPs
#
##################################################
##################################################
[% FOREACH vh IN sharedips -%]
ServerName [% wildcard_safe(servername) %]
DocumentRoot [% paths.dir_docroot %]
ServerAdmin [% serveradmin %]
[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
# Global DCV Rewrite Exclude
RewriteOptions Inherit
[% END %]
[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
AllowOverride All
[% ELSE %]
AllowOverride All
[% END %]
suPHP_UserGroup nobody nobody
[%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
UserDir disabled
[%- IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
UserDir enabled [% defaultvhost.userdirprotect %]
[%- END -%]
[%- END %]
[% END -%]
##################################################
##################################################
#
# Define default vhosts for unbound IPs
#
##################################################
##################################################
ServerName [% wildcard_safe(servername) %]
DocumentRoot [% paths.dir_docroot %]
ServerAdmin [% serveradmin %]
[% IF global_dcv_rewrite_exclude && dcv_rewrite_patterns -%]
# Global DCV Rewrite Exclude
RewriteOptions Inherit
[% END %]
[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
AllowOverride All
[% ELSE %]
AllowOverride All
[% END %]
suPHP_UserGroup nobody nobody
[%- IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' %]
UserDir disabled
[%- IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
UserDir enabled [% defaultvhost.userdirprotect %]
[%- END -%]
[%- END %]
##################################################
##################################################
#
# Define the virtual host configurtion for user domains
#
##################################################
##################################################
# BEGIN: HTTP vhosts list
[% FOREACH vhost IN vhosts -%]
[% IF vhost.custom_vhost_template_ap2 != '' -%]
[% INCLUDE $vhost.custom_vhost_template_ap2 -%]
[% ELSE -%]
[% INCLUDE $includes.vhost -%]
[% END -%]
[% END -%]
# END: HTTP vhosts list
# BEGIN: HTTPS vhosts list
[% FOREACH vhost IN ssl_vhosts -%]
[% IF vhost.custom_vhost_template_ap2 != '' -%]
[% INCLUDE $vhost.custom_vhost_template_ap2 -%]
[% ELSE -%]
[% INCLUDE $includes.ssl_vhost -%]
[% END -%]
[% END -%]
# END: HTTPS vhosts list
##################################################
##################################################
#
# Define the main cPanel & WHM proxy subdomains
#
##################################################
##################################################
[% ips_in_use.push("127.0.0.1") -%]
[% SET copy_of_ips_in_use = ips_in_use.slice(0) -%]
[% WHILE (ip_block = copy_of_ips_in_use.splice(0, 50)) AND ip_block.size -%]
[% IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]
[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
ServerName proxy-subdomains-vhost.localhost
[% IF autodiscover_proxy_subdomains -%]
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[% ELSE -%]
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[% END -%]
DocumentRoot [% paths.dir_docroot %]
ServerAdmin [% serveradmin %]
suPHP_UserGroup nobody nobody
SecRuleEngine Off
modsecurity_rules 'SecRuleEngine Off'
[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
AllowOverride All
[% ELSE %]
AllowOverride All
[% END %]
[% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
UserDir disabled
[% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
UserDir enabled [% defaultvhost.userdirprotect %]
[% END -%]
[% END -%]
[% IF dcv_rewrite_patterns -%]
ScriptAlias /.cpanel/dcv /usr/local/cpanel/cgi-priv/get_local.cgi
[% END -%]
RewriteEngine On
[% IF dcv_rewrite_patterns -%]
[% FOR pattern = dcv_rewrite_patterns -%]
RewriteCond %{REQUEST_URI} [% mod_rewrite_string_escape(pattern) %] [% !loop.last && '[OR]' %]
[% END -%]
RewriteRule ^ /.cpanel/dcv [passthrough]
[% END -%]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2082/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2086/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2077/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) http://127.0.0.1:2079/$1 [P]
[% END %]
[% IF autodiscover_proxy_subdomains %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^autodiscover\.
RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autodiscover.cgi [P]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^autoconfig\.
RewriteRule ^[^?]*(\\?.*)? http://127.0.0.1/cgi-sys/autoconfig.cgi [P]
[% END %]
[% IF proxypass_for_proxysubdomains -%]
[% websocket_proxies(servername) -%]
[% END %]
UseCanonicalName Off
SecRuleEngine On
modsecurity_rules 'SecRuleEngine On'
[% END %]
[% END -%]
[% WHILE (ip_block = ips_in_use.splice(0, 50)) AND ip_block.size -%]
[% IF proxysubdomains && supported.mod_proxy && supported.mod_rewrite -%]
[%-# These comments are used internally as parsing tokens, for better or worse, so don't chnage them -%]
# [% IF autodiscover_proxy_subdomains %]CPANEL/WHM/WEBMAIL/WEBDISK/AUTOCONFIG PROXY SUBDOMAINS[% ELSE %]CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS[% END %]
ServerName [% wildcard_safe(servername) %]
[% IF autodiscover_proxy_subdomains %]
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.* autodiscover.* autoconfig.*
[% ELSE %]
ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.* cpcontacts.*
[% END %]
DocumentRoot [% paths.dir_docroot %]
ServerAdmin [% serveradmin %]
suPHP_UserGroup nobody nobody
SecRuleEngine Off
modsecurity_rules 'SecRuleEngine Off'
[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger %]
AllowOverride All
[% ELSE %]
AllowOverride All
[% END %]
[% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
UserDir disabled
[% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
UserDir enabled [% defaultvhost.userdirprotect %]
[% END -%]
[% END -%]
RewriteEngine On
SSLEngine on
[% IF !ssl_proxy_to_non_ssl -%]
SSLProxyEngine On
SSLProxyVerify none
# Setting to Off for backwards-compatibility
# Read for more info: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn
SSLProxyCheckPeerCN Off
[% IF options_support.split_version.2 >= 5 -%]
SSLProxyCheckPeerName Off
[% END -%]
SSLProxyCheckPeerExpire Off
[% END -%]
[% IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') %]
SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
[% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
SSLUseStapling Off
[% END -%]
[% ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%]
SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
[% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%]
SSLUseStapling Off
[% END -%]
[% ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%]
SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key
[% IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%]
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab
[% END -%]
[% IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%]
SSLUseStapling Off
[% END -%]
[% ELSE %]
# No service SSL installed for cPanel
[% END %]
[% SET proxy_prot = ssl_proxy_to_non_ssl ? 'http' : 'https' %]
[% SET wsproxy_prot = ssl_proxy_to_non_ssl ? 'ws' : 'wss' %]
RequestHeader set X-HTTPS 1
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpanel\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpanel/$1 [PT]
ProxyPass "/___proxy_subdomain_cpanel" "http://127.0.0.1:2082" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2082 : 2083 %]/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_webmail/$1 [PT]
ProxyPass "/___proxy_subdomain_webmail" "http://127.0.0.1:2095" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2095 : 2096 %]/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^whm\.
RewriteCond %{HTTP:Upgrade} !websocket [nocase]
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_whm/$1 [PT]
ProxyPass "/___proxy_subdomain_whm" "http://127.0.0.1:2086" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2086 : 2087 %]/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^webdisk\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_webdisk/$1 [PT]
ProxyPass "/___proxy_subdomain_webdisk" "http://127.0.0.1:2077" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2077 : 2078 %]/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpcontacts\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpcontacts/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcontacts" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^cpcalendars\.
[% IF proxypass_for_proxysubdomains %]
RewriteRule ^/(.*) /___proxy_subdomain_cpcalendars/$1 [PT]
ProxyPass "/___proxy_subdomain_cpcalendars" "http://127.0.0.1:2079" max=1 retry=0
[% ELSE %]
RewriteRule ^/(.*) [% proxy_prot %]://127.0.0.1:[% ssl_proxy_to_non_ssl ? 2079 : 2080 %]/$1 [P]
[% END %]
[% IF autodiscover_proxy_subdomains %]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^autodiscover\.
RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autodiscover.cgi [P]
RewriteCond %{HTTP_HOST} !^[% wildcard_safe(servername) %]$
RewriteCond %{HTTP_HOST} ^autoconfig\.
RewriteRule ^[^?]*(\\?.*)? [% proxy_prot %]://127.0.0.1/cgi-sys/autoconfig.cgi [P]
[% END %]
[% IF proxypass_for_proxysubdomains -%]
[% websocket_proxies(servername) -%]
[% END %]
UseCanonicalName Off
SecRuleEngine On
modsecurity_rules 'SecRuleEngine On'
[% END -%]
[% END -%]
# Administrator locations for safely altering virtualhost configuration
[% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_global.conf') -%]
Include "[% paths.dir_conf_includes %]/post_virtualhost_global.conf"
[% ELSE -%]
# Create "[% paths.dir_conf_includes %]/post_virtualhost_global.conf" if you want to customize httpd.conf.
[% END -%]
[% IF file_test('f', paths.dir_conf_includes _ '/post_virtualhost_2.conf') -%]
# Major Version Specific
Include "[% paths.dir_conf_includes %]/post_virtualhost_2.conf"
[% END -%]
##################################################
##################################################
#
# Define the Domain Forwarding virtual hosts
#
##################################################
##################################################
[% IF file_test('f', '/var/cpanel/domainfwdip') -%]
ServerName [% wildcard_safe(domainfwdip) %]
ServerAdmin root\@localhost
DocumentRoot /dev/null
ScriptAliasMatch .* /usr/local/cpanel/cgi-sys/domainredirect.cgi
[% ELSE -%]
# Domain forwarding is currently disabled.
# You can set this by logging into WHM, and navigating to the 'DNS Functions' => 'Setup/Edit Domain Forwarding' interface.
[% END %]
##################################################
##################################################
#
# Default SSL Hostname Virtual Host
#
##################################################
##################################################
[%- WHILE (vh_block = sharedips.splice(0, 50)) AND vh_block.size -%]
ServerName [% wildcard_safe(servername) %]
DocumentRoot [% paths.dir_docroot %]
[%- IF serveradmin -%]
ServerAdmin [% serveradmin %]
[%- ELSE -%]
ServerAdmin webmaster@[% servername %]
[%- END -%]
suPHP_UserGroup nobody nobody
[%- IF supported.mod_userdir && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
AllowOverride All
[% ELSE -%]
AllowOverride All
[%- END %]
[% IF supported.mod_userdir && userdirprotect_enabled && defaultvhost.userdirprotect != '-1' -%]
UserDir disabled
[% IF defaultvhost.userdirprotect != '' && !supported.mpm_itk && !supported.mod_ruid2 && !supported.mod_passenger -%]
UserDir enabled [% defaultvhost.userdirprotect %]
[%- END -%]
[%- END -%]
SSLEngine on
[% IF file_test('f', '/var/cpanel/ssl/cpanel/mycpanel.pem') %]
SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
[%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/mycpanel.pem') -%]
SSLUseStapling Off
[%- END -%]
[%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.pem') -%]
SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.pem
[%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.pem') -%]
SSLUseStapling Off
[%- END -%]
[%- ELSIF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.crt') && file_test('f', '/var/cpanel/ssl/cpanel/cpanel.key') -%]
SSLCertificateFile /var/cpanel/ssl/cpanel/cpanel.crt
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/cpanel.key
[%- IF file_test('f', '/var/cpanel/ssl/cpanel/cpanel.cab') -%]
SSLCertificateChainFile /var/cpanel/ssl/cpanel/cpanel.cab
[%- END -%]
[%- IF supported.stapling && !has_ocsp('/var/cpanel/ssl/cpanel/cpanel.crt') -%]
SSLUseStapling Off
[%- END -%]
[% ELSE %]
# No service SSL installed for cPanel
[% END %]
UseCanonicalName Off
SecRuleEngine On
modsecurity_rules 'SecRuleEngine On'
[% END -%]
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT EDIT. AUTOMATICALLY GENERATED. USE INCLUDE FILES IF YOU NEED TO MAKE A CHANGE
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #