diff options
-rw-r--r-- | IkiWiki/Plugin/ikiwikihosting.pm | 10 | ||||
-rw-r--r-- | debian/changelog | 17 | ||||
-rw-r--r-- | doc/bugs/picks_wrong_username_prefix_if_only_one_domain_supported.mdwn | 38 | ||||
-rw-r--r-- | doc/bugs/wiki_creation_impossible.mdwn | 7 | ||||
-rw-r--r-- | doc/todo/apache_2.4_support.mdwn | 52 | ||||
-rw-r--r-- | doc/todo/do_not_enable_mod__95__userdir_just_so_we_can_disable_it.mdwn | 27 | ||||
-rw-r--r-- | doc/todo/some_SSL_improvements.mdwn | 45 | ||||
-rwxr-xr-x | ikisite | 132 | ||||
-rw-r--r-- | ikiwiki-hosting.conf | 2 | ||||
-rw-r--r-- | templates/apache-site.tmpl | 39 | ||||
-rw-r--r-- | templates/apache-sitealias.tmpl | 2 |
11 files changed, 333 insertions, 38 deletions
diff --git a/IkiWiki/Plugin/ikiwikihosting.pm b/IkiWiki/Plugin/ikiwikihosting.pm index 45756d9..da1a898 100644 --- a/IkiWiki/Plugin/ikiwikihosting.pm +++ b/IkiWiki/Plugin/ikiwikihosting.pm @@ -69,6 +69,13 @@ sub getsetup () { safe => 1, rebuild => 0, }, + redirect_to_https => { + type => "boolean", + example => 1, + description => "redirect from http to https?", + safe => 1, + rebuild => 0, + }, } sub sessioncgi ($$) { @@ -420,6 +427,9 @@ sub checkconfig { if (! defined $config{ipv6_disabled}) { $config{ipv6_disabled}=0; } + if (! defined $config{redirect_to_https}) { + $config{redirect_to_https}=0; + } } sub genwrapper { diff --git a/debian/changelog b/debian/changelog index 303cde2..a10b890 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,23 @@ ikiwiki-hosting (0.20140228) UNRELEASED; urgency=medium * When branching a site, do not copy over the database files including the session database and the list of email subscriptions. + * Fix bug causing it to sometimes wrong username prefix if only one + domain is configured. (smcv) + * Fix failures when run in a directory others cannot read (such as a + protected /root). (anarcat, smcv) + * Several changes to SSL handling (smcv) + - Add per-site SSL and source configuration files, + apache-ssl.conf.tmpl and apache-source.conf.tmpl in addition + to the already used apache.conf.tmpl. + - ikiwikihosting ikiwiki plugin now has a redirect_to_https + setting, so users can choose whether their site should force users + to access it via https. + - Previously, when ssl was enabled, alias urls always redirected + to the http site. Now, this is only done when + redirect_to_https is set. + * Deal with apache 2.4 upgrade, including making sites-available files + with the .conf extension. Remains compatable with apache 2.2. + (smcv) Closes: #744789 -- Joey Hess <joeyh@debian.org> Fri, 07 Mar 2014 11:38:41 -0400 diff --git a/doc/bugs/picks_wrong_username_prefix_if_only_one_domain_supported.mdwn b/doc/bugs/picks_wrong_username_prefix_if_only_one_domain_supported.mdwn new file mode 100644 index 0000000..5dc1038 --- /dev/null +++ b/doc/bugs/picks_wrong_username_prefix_if_only_one_domain_supported.mdwn @@ -0,0 +1,38 @@ +Suppose you have this: + + # List supported domains here. + domains=example.com + + # Username prefixes used to ensure unique usernames are used for + # sites under different top level domains. Keep the prefixes short! + prefix_ih=example.com + +In `username()` we do this: + + # add unique prefix to avoid collisions with system users and + # other top domains + my $prefix; + foreach my $key (keys %config) { + next unless defined $config{$key}; + next unless $config{$key} eq $topdomain; + $prefix=$key; + $prefix=~s/^prefix_//; + last; + } + +The value of `domains` is defined and equals `example.com`, so if it happens +to come first in the hash (randomized order), ikisite will set +`$prefix=domains`, leading to usernames like `domains-foo` instead of the +intended `ih-foo`. At least in unstable, this happens inconsistently +(again, randomized hash order) so I ended up with `foo.example.com` +creating both `ih-foo` and `domains-foo`, and distributing its files +arbitrarily between the two. + +The solution is simple: `next unless $key =~ m/^prefix_/;` + +Fixed in my `ready/prefix` [[branch|patch]]: +<http://git.pseudorandom.co.uk/smcv/ikiwiki-hosting.git/shortlog/refs/heads/ready/prefix> + +--[[smcv]] + +> [[fixed|done]] --[[Joey]] diff --git a/doc/bugs/wiki_creation_impossible.mdwn b/doc/bugs/wiki_creation_impossible.mdwn index 36857e1..1b4b7dd 100644 --- a/doc/bugs/wiki_creation_impossible.mdwn +++ b/doc/bugs/wiki_creation_impossible.mdwn @@ -20,3 +20,10 @@ error: git failed > So this should be fairly simple to fix: just change the directory first. It's is probably safe to `chdir($HOME)` anyways... --[[anarcat]] > > > I did exactly that so [[patch]] in the `dev/usercreate_fails` branch of git repo (`git://src.anarc.at/ikiwiki-hosting`). --[[anarcat]] + +> > > This looks good, but incomplete: calling `ikiwiki -setup` also fails. +> > > Try my `ready/home` branch, which includes anarcat's, instead? +> > > <http://git.pseudorandom.co.uk/smcv/ikiwiki-hosting.git/shortlog/refs/heads/ready/home> +> > > --[[smcv]] + +[[merged|done]] --[[Joey]] diff --git a/doc/todo/apache_2.4_support.mdwn b/doc/todo/apache_2.4_support.mdwn index 449955c..63e7e8f 100644 --- a/doc/todo/apache_2.4_support.mdwn +++ b/doc/todo/apache_2.4_support.mdwn @@ -25,3 +25,55 @@ i have a (so far) working [[patch]] in my git repo (`git://src.anarc.at/ikiwiki- > > I've opened an equivalent bug in Debian so it can be on the > Debian Apache packagers' radar. --[[smcv]] +> +> Please consider my `ready/apache24` branch. +> <http://git.pseudorandom.co.uk/smcv/ikiwiki-hosting.git/shortlog/refs/heads/ready/apache24> +> +> It does not handle migration from ikisite-example.com to +> ikisite-example.com.conf at the time you install Apache 2.4: that can be done +> by disabling and re-enabling all sites, if Apache 2.4 doesn't get an +> automatic migration in its maintainer scripts before jessie is released +> (which seems to be the plan). However, it does work with both 2.2 and 2.4. +> --[[smcv]] + +>> What if I have an apache 2.2 host that has lots of existing sites +>> configured with `$apache_site`? This patch seems to cause them to break +>> in some way or another until I disable/reenable them all. +>> +>>> I might have misunderstood what you're getting at here: do you mean +>>> "I have an Apache 2.2 host and switch it to smcv's patched +>>> ikiwiki-hosting while keeping Apache 2.2", or "I have an Apache 2.2 +>>> host and switch it to Apache 2.4"? +>>> +>>> The former worked for me... I'm still using Apache 2.2 on the server +>>> that I'm interested in upgrading. Old sites remain in the old, +>>> Apache-2.2-only scheme; when I disable and re-enable a site, +>>> it's moved to the new scheme, which works either way. +>>> If you've tried this and encountered a bug, or spotted a bug +>>> via code review, please explain? +>>> +>>> The latter is not (yet) expected to work, unless you disable and +>>> re-enable all ikisites (which I wanted to avoid for now, because +>>> I think some of mine still have local edits, although merging my +>>> ssl branch hopefully removed the need for that). It looks as though +>>> the Apache 2.4 maintainer scripts might do it, one day. It would +>>> maybe be reasonable to add an "ikisite migrate" subcommand, +>>> which either does the disable/enable for every site or does a +>>> more minimal rename-the-configurations step, and make +>>> ikiwiki-hosting-web's maintainer script run it - would you like me to +>>> try that? --s +>> +>> Did you consider just making ikisite write out both `$apache_site` and +>> `apache_site.conf`? Then the runtime complication of needing to +>> `a2ensite $apache_site.conf` on 2.2 goes away. --[[Joey]] + +>>> Maybe. I was worried that when the Apache maintainers get round to this: +>>> +>>> #XXX: Deal with the sites-available/sites-enabled *.conf transition, e.g. rename +>>> # all files which look like site configuration? +>>> +>>> that process could get broken by having both ikisite-example.com and +>>> ikisite-example.com.conf in sites-available. --s + +>>>> Ok, this seems acceptable and I'm ok with punting handling upgrades to +>>>> 2.4 yet, in hopes apache will deal with it. [[merged|done]] --[[Joey]] diff --git a/doc/todo/do_not_enable_mod__95__userdir_just_so_we_can_disable_it.mdwn b/doc/todo/do_not_enable_mod__95__userdir_just_so_we_can_disable_it.mdwn new file mode 100644 index 0000000..fb47c62 --- /dev/null +++ b/doc/todo/do_not_enable_mod__95__userdir_just_so_we_can_disable_it.mdwn @@ -0,0 +1,27 @@ +ikiwiki-hosting-web.postinst does `a2enmod userdir` so that it can use +`UserDir disabled`. This seems a little silly. + +My `ready/userdir` [[branch|patch]] fixes that. + +<http://git.pseudorandom.co.uk/smcv/ikiwiki-hosting.git/commitdiff/refs/heads/ready/userdir> + +--[[smcv]] + +> What about upgrades? +> +> Anyway, I think that the idea here was to make the confuration work even +> if used alongside an apache that did have userdir configured for other +> sites. --[[Joey]] + +>> Look at the patch, I think I already addressed both objections :-) +>> +>> There are two changes: +>> +>> * don't force mod_userdir on in the postinst; upgrades unaffected. +>> * wrap the `UserDir disabled` directive in `<IfModule mod_userdir.c>`, +>> so that if it's loaded, we disable it, but if it isn't, we do nothing. +>> Upgraded machines (and machines where the sysadmin wants userdirs on +>> another vhost) will load mod_userdir, but disable it for ikisite-managed +>> vhosts; new installations won't need to load it at all. +>> +>> --[[smcv]] diff --git a/doc/todo/some_SSL_improvements.mdwn b/doc/todo/some_SSL_improvements.mdwn new file mode 100644 index 0000000..52ded46 --- /dev/null +++ b/doc/todo/some_SSL_improvements.mdwn @@ -0,0 +1,45 @@ +Please consider my `ready/ssl` [[branch|patch]]: +<http://git.pseudorandom.co.uk/smcv/ikiwiki-hosting.git/shortlog/refs/heads/ready/ssl> + +Changes are: + +* Include /etc/ikiwiki-hosting/b-foo/apache-ssl.conf.tmpl in the SSL + vhost, but not the unencrypted vhost. This is a good place to configure + HTTP basic/digest authentication or adjust SSL ciphers, for instance. + +* Similarly, for completeness, include + /etc/ikiwiki-hosting/b-foo/apache-source.conf.tmpl in the + source.foo vhost. + +* apache.conf.tmpl is included in all vhosts (unencrypted, SSL and source) + as before. + +* Give sites a boolean redirect_to_https option. If on, the normal port-80 + vhost behaves like the aliases, redirecting to the SSL vhost. + +* If a SSL key exists, but redirect_to_https is not set, unencrypted aliases + redirect to the unencrypted main site (but SSL aliases redirect to the + SSL site). + +That last change makes it much more palatable to have a public, +mostly-read-only site that doesn't need SSL for normal use, but install a +self-signed or otherwise non-cartel-approved certificate so that a few +authorized editors (who can be taught to verify the self-signed cert by +fingerprint) can use password authentication securely. For instance, +that's probably what I'm going to do for my blog. + +Truth table: suppose www.example.com is the canonical/preferred name of +example.com, aka example.branchable.com. + + redirect from |r_t_https=0 |r_t_https=1 | old behaviour + ---------------+-------------+-------------+------------- + http://www.e.c |(no redirect)|https://www |(no redirect) + https://www.e.c|(no redirect)|(no redirect)|(no redirect) + http://e.c |http://www |https://www |https://www + https://e.c |https://www |https://www |https://www + http://e.b.c |http://www |https://www |https://www + https://e.b.c |https://www |https://www |https://www + +--[[smcv]] + +> [[merged|done]] --[[Joey]] @@ -6,6 +6,20 @@ use strict; use IkiWiki; use IkiWiki::Hosting; +my $apache_before_2_4=undef; + +sub apache_before_2_4 { + return $apache_before_2_4 if defined $apache_before_2_4; + my $query_result = getshell('dpkg-query', '-W', 'apache2.2-common'); + if ($query_result =~ m/^apache2.2-common\s+2\.[012]\./) { + $apache_before_2_4=1; + } + else { + $apache_before_2_4=0; + } + return $apache_before_2_4; +} + sub meta_create { required => [qw{hostname}], options => [qw{type=s vcs=s wikiname=s owner=s admin=s adminemail=s createnonce!}], @@ -85,6 +99,7 @@ sub create { eval q{use Cwd q{abs_path}}; $autosetup=abs_path($autosetup); runas(username($hostname), sub { + chdir($home) || error "chdir $home: $!"; shell("ikiwiki", "-setup", $autosetup); chmod(0600, "$home/ikiwiki.setup") || error "chmod $home/ikiwiki.setup: $!"; chmod(0700, "$home/source") || error "chmod $home/source: $!"; @@ -832,6 +847,7 @@ sub username { # other top domains my $prefix; foreach my $key (keys %config) { + next unless $key =~ m/^prefix_/; next unless defined $config{$key}; next unless $config{$key} eq $topdomain; $prefix=$key; @@ -1038,6 +1054,8 @@ sub changesetup { assert_wrapper_safe($hostname); runas(username($hostname), sub { + my $home=homedir($hostname); + chdir($home) || error "chdir $home: $!"; my $cgi_wrapper=getsetup($hostname, "cgi_wrapper"); my $srcdir=srcdir($hostname); @@ -1347,6 +1365,8 @@ sub usercreate { # configure default username and email for git commits runas(username($hostname), sub { + # we need to move to a directory we can edit + chdir($home) || error "chdir $home: $!"; shell(qw{git config --global user.name admin}); shell(qw{git config --global user.email}, $config{adminemail}); chmod(0600, "$home/.gitconfig") || error "chmod $home/.gitconfig: $!"; @@ -1381,6 +1401,30 @@ sub userdelete { unlink($lockfile); } +sub get_apache_conf_tmpl { + my $hostname = shift; + my $suffix = shift; + my $apache_template_vars = shift; + + if (-f rootconfig($hostname)."/apache$suffix.conf.tmpl") { + my @bits=stat(_); + if ($bits[4] == 0 && $bits[5] == 0) { + require HTML::Template; + my $template=HTML::Template->new( + filename => rootconfig($hostname)."/apache$suffix.conf.tmpl", + die_on_bad_params => 0, + ); + $template->param(@$apache_template_vars); + return $template->output; + } + else { + print STDERR "warning: ignoring apache$suffix.conf.tmpl; not owned by root\n"; + } + } + + return ""; +} + sub meta_enable { required => [qw{hostname}], options => [qw{}], @@ -1557,8 +1601,13 @@ sub enable { # This is the url that alias urls redirect to. my $redirurl=$url; + my $httpsredirurl=$url->clone; if ($ssl_enabled) { - $redirurl->scheme("https"); + $httpsredirurl->scheme("https"); + if (getsetup($hostname, 'redirect_to_https')) { + $redirurl->scheme("https"); + push @ssl_template_vars, (redirect_to_https => 1); + } } # generate apache config file @@ -1574,35 +1623,29 @@ sub enable { @ssl_template_vars ); - # If an apache.conf.tmpl is available, - # it will be added into the apache config file. - my $apache_conf_tmpl=""; - if (-f rootconfig($hostname)."/apache.conf.tmpl") { - my @bits=stat(_); - if ($bits[4] == 0 && $bits[5] == 0) { - require HTML::Template; - my $template=HTML::Template->new( - filename => rootconfig($hostname)."/apache.conf.tmpl", - die_on_bad_params => 0, - ); - $template->param(@apache_template_vars); - $apache_conf_tmpl=$template->output; - } - else { - print STDERR "warning: ignoring apache.conf.tmpl; not owned by root\n"; - } - } - # write and enable apache config file my $apache_site="ikisite-".$url->host; - my $apache_conf_file="/etc/apache2/sites-available/$apache_site"; + my $apache_conf_file="/etc/apache2/sites-available/$apache_site.conf"; outtemplate($apache_conf_file, "apache-site.tmpl", @apache_template_vars, - apache_conf_tmpl => $apache_conf_tmpl, + # If an apache.conf.tmpl is available, + # it will be added into the apache config file in the default + # and SSL vhosts. + apache_conf_tmpl => get_apache_conf_tmpl($hostname, "", [@apache_template_vars]), + # Similarly, apache-source.conf.tmpl will be added to the + # source.foo.example.com vhost, and apache-ssl.conf.tmpl + # to the SSL vhost (only). + apache_source_conf_tmpl => get_apache_conf_tmpl($hostname, '-source', [@apache_template_vars]), + apache_ssl_conf_tmpl => get_apache_conf_tmpl($hostname, '-ssl', [@apache_template_vars]), ); my %setup; $setup{$url->host}=1; - shell("a2ensite", $apache_site); + if (apache_before_2_4()) { + shell("a2ensite", "$apache_site.conf"); + } + else { + shell("a2ensite", $apache_site); + } # generate apache config files for alias urls, that redirect to the # main url @@ -1610,7 +1653,7 @@ sub enable { next if $setup{$alias}; $setup{$alias}=1; $apache_site="ikisite-$alias"; - $apache_conf_file="/etc/apache2/sites-available/$apache_site"; + $apache_conf_file="/etc/apache2/sites-available/$apache_site.conf"; outtemplate($apache_conf_file, "apache-sitealias.tmpl", suexec => (cgidir($hostname) =~ m!^/var/www!), user => $user, @@ -1623,9 +1666,15 @@ sub enable { # Value escaped to prevent leakage # into RewriteEngine regexp. url_escaped => quotemeta($redirurl), + https_url_escaped => quotemeta($httpsredirurl), @ssl_template_vars ); - shell("a2ensite", $apache_site); + if (apache_before_2_4()) { + shell("a2ensite", "$apache_site.conf"); + } + else { + shell("a2ensite", $apache_site); + } } # reload apache config @@ -1633,8 +1682,14 @@ sub enable { if ($@) { # avoid leaving apache in a broken state foreach my $site (keys %setup) { - shell("a2dissite", $site); + if (apache_before_2_4()) { + shell("a2dissite", "$site.conf"); + } + else { + shell("a2dissite", $site); + } } + shell("apache2ctl", "graceful"); error "apache2ctl graceful failed"; } @@ -1673,14 +1728,27 @@ sub disable { my $reload=0; foreach my $url (@urls) { my $apache_site="ikisite-".$url->host; - my $apache_conf_file="/etc/apache2/sites-available/$apache_site"; + my $apache_conf_file="/etc/apache2/sites-available/$apache_site.conf"; if (-e $apache_conf_file) { # inside guard because a2dissite fails if the config # file does not exist, and this needs to be idempotent - shell("a2dissite", $apache_site); + if (apache_before_2_4()) { + shell("a2dissite", "$apache_site.conf"); + } + else { + shell("a2dissite", $apache_site); + } unlink($apache_conf_file); $reload=1; } + # If we're now using Apache 2.4, there might be old versions + # from Apache 2.2 still lying around + foreach my $detritus ( + "/etc/apache2/sites-enabled/$apache_site", + "/etc/apache2/sites-available/$apache_site") { + unlink $detritus || error("unlink $detritus: $!"); + $reload=1; + } } shell("apache2ctl", "graceful") if $reload && ! $options{temporary}; @@ -1766,7 +1834,9 @@ sub ikiwikisetup { assert_wrapper_denied(); runas(username($hostname), sub { - my $setupfile=homedir($hostname)."/ikiwiki.setup"; + my $home=homedir($hostname); + chdir($home) || error "chdir $home: $!"; + my $setupfile="$home/ikiwiki.setup"; shell("ikiwiki", "-setup", $setupfile, ($options{refresh} ? "-refresh" : ()), ($options{wrappers} ? "-wrappers" : ())); @@ -1787,7 +1857,9 @@ sub ikiwikiclean { remove_wikilist($hostname); runas(username($hostname), sub { - my $setupfile=homedir($hostname)."/ikiwiki.setup"; + my $home=homedir($hostname); + chdir($home) || error "chdir $home: $!"; + my $setupfile="$home/ikiwiki.setup"; shell("ikiwiki", "-setup", $setupfile, "-clean"); return 1; diff --git a/ikiwiki-hosting.conf b/ikiwiki-hosting.conf index c7a2cda..8765735 100644 --- a/ikiwiki-hosting.conf +++ b/ikiwiki-hosting.conf @@ -83,7 +83,7 @@ lockdir=/var/lib/ikiwiki-hosting-web/lock # This can be used to set an alternative home directory in which # to create new sites. -#adduser_basedir=/some/other/home +#useradd_basedir=/some/other/home # Git daemon looks for vhosts in this directory. gitdaemondir=/var/lib/ikiwiki-hosting-web/git diff --git a/templates/apache-site.tmpl b/templates/apache-site.tmpl index 54e8ced..58e8697 100644 --- a/templates/apache-site.tmpl +++ b/templates/apache-site.tmpl @@ -13,6 +13,10 @@ UserDir disabled </IfModule> +<TMPL_IF REDIRECT_TO_HTTPS> + RewriteEngine On + RewriteRule ^/(.*) <TMPL_VAR URL_ESCAPED>$1 [L,R,NE] +<TMPL_ELSE> DocumentRoot <TMPL_VAR DESTDIR> <Directory /> DirectoryIndex index.html index @@ -21,25 +25,36 @@ <Directory <TMPL_VAR DESTDIR>> Options Indexes MultiViews<TMPL_UNLESS SUEXEC> ExecCGI</TMPL_UNLESS> AllowOverride None + <IfVersion < 2.4> Order allow,deny allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> </Directory> - <Directory /var/www> + <Directory /var/www/<TMPL_VAR USER>> Options ExecCGI AllowOverride None + <IfVersion < 2.4> Order allow,deny allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> </Directory> ScriptAlias /ikiwiki.cgi <TMPL_VAR CGIDIR>/ikiwiki.cgi - ErrorLog <TMPL_VAR LOGDIR>/error.log - LogLevel warn - CustomLog <TMPL_VAR LOGDIR>/access.log combined - <TMPL_UNLESS SUEXEC>AddHandler cgi-script .cgi</TMPL_UNLESS> ErrorDocument 404 "/ikiwiki.cgi" <TMPL_VAR APACHE_CONF_TMPL> +</TMPL_IF> + + ErrorLog <TMPL_VAR LOGDIR>/error.log + LogLevel warn + CustomLog <TMPL_VAR LOGDIR>/access.log combined </VirtualHost> <TMPL_IF SSL_ENABLED> @@ -70,14 +85,24 @@ <Directory <TMPL_VAR DESTDIR>> Options Indexes MultiViews<TMPL_UNLESS SUEXEC> ExecCGI</TMPL_UNLESS> AllowOverride None + <IfVersion < 2.4> Order allow,deny allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> </Directory> - <Directory /var/www> + <Directory /var/www/<TMPL_VAR USER>> Options ExecCGI AllowOverride None + <IfVersion < 2.4> Order allow,deny allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> </Directory> ScriptAlias /ikiwiki.cgi <TMPL_VAR CGIDIR>/ikiwiki.cgi @@ -89,6 +114,7 @@ ErrorDocument 404 "/ikiwiki.cgi" <TMPL_VAR APACHE_CONF_TMPL> +<TMPL_VAR APACHE_SSL_CONF_TMPL> </VirtualHost> </TMPL_IF> @@ -110,4 +136,5 @@ ErrorLog <TMPL_VAR LOGDIR>/error.log LogLevel warn CustomLog <TMPL_VAR LOGDIR>/access.log combined +<TMPL_VAR APACHE_SOURCE_CONF_TMPL> </VirtualHost> diff --git a/templates/apache-sitealias.tmpl b/templates/apache-sitealias.tmpl index 11ed302..bc72722 100644 --- a/templates/apache-sitealias.tmpl +++ b/templates/apache-sitealias.tmpl @@ -42,7 +42,7 @@ </IfModule> RewriteEngine On - RewriteRule ^/(.*) <TMPL_VAR URL_ESCAPED>$1 [L,R,NE] + RewriteRule ^/(.*) <TMPL_VAR HTTPS_URL_ESCAPED>$1 [L,R,NE] ErrorLog <TMPL_VAR LOGDIR>/error.log LogLevel warn |