Clean up Apache configs (#60)

* force HTTPS

* fix typo in rewrite condition

templates/httpd/clientip.conf.j2

@@ -1,25 +1,9 @@
 <VirtualHost *:80>
   ServerName clientip.{{ mailserver_domain }}
 
-  DocumentRoot /var/www/poweradmin/
+  RewriteEngine on
+  RewriteCond %{HTTPS} off
+  RewriteCond %{SERVER_NAME} =clientip.{{ mailserver_domain }}
 
-  ErrorLog /var/log/httpd/poweradmin_error.log
-  CustomLog /var/log/httpd/poweradmin_access.log combined
-
-  <Directory />
-    Options FollowSymLinks
-    AllowOverride All
-  </Directory>
-
-  <Directory /var/www/poweradmin/>
-    Options FollowSymLinks MultiViews
-    AllowOverride All
-    Order allow,deny
-    allow from all
-  </Directory>
-
-RewriteEngine on
-RewriteCond %{SERVER_NAME} =clientip.{{ mailserver_domain }}
-
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/domain.conf.j2

@@ -2,14 +2,14 @@
         ServerName {{ mailserver_hostname }}.{{ mailserver_domain }}
         ServerAlias {{ ([mailserver_domain] + custom_domains) | join(' ') }}
 
-        DocumentRoot /var/www/html/
-RewriteEngine on
+        RewriteEngine on
+        RewriteCond %{HTTPS} off
 {% for custom_domain in [mailserver_hostname ~ '.' ~ mailserver_domain] + [mailserver_domain] + custom_domains %}
-RewriteCond %{SERVER_NAME} ={{ custom_domain }}
+        RewriteCond %{SERVER_NAME} ={{ custom_domain }}
 {%- if loop.index != loop.length %}
- [OR]
+         [OR]
 {% endif %}
 {% endfor %}
 
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/dyndns.conf.j2

@@ -1,25 +1,9 @@
 <VirtualHost *:80>
   ServerName dyndns.{{ mailserver_domain }}
 
-  DocumentRoot /var/www/poweradmin/
+  RewriteEngine on
+  RewriteCond %{HTTPS} off
+  RewriteCond %{SERVER_NAME} =dyndns.{{ mailserver_domain }}
 
-  ErrorLog /var/log/httpd/poweradmin_error.log
-  CustomLog /var/log/httpd/poweradmin_access.log combined
-
-  <Directory />
-    Options FollowSymLinks
-    AllowOverride All
-  </Directory>
-
-  <Directory /var/www/poweradmin/>
-    Options FollowSymLinks MultiViews
-    AllowOverride All
-    Order allow,deny
-    allow from all
-  </Directory>
-
-RewriteEngine on
-RewriteCond %{SERVER_NAME} =dynsdns.{{ mailserver_domain }}
-
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/horde.conf.j2

@@ -2,78 +2,12 @@
   ServerName horde.{{ mailserver_domain }}
   ServerAlias autodiscover.{{ mailserver_domain }} {{ custom_domains | join(' horde.') }} {{ custom_domains | join(' autodiscover.') }}
 
-  DocumentRoot                      /usr/share/horde
-
-  RewriteEngine on
-
-  <Directory /usr/share/horde>
-      # **IMPORTANT** By default, everyone accessing Horde is automatically logged
-      # in as 'Administrator'. This is a security risk! It is very important that
-      # you change the authentication backend under the 'Authentication' tab.
-      # For this reason, Horde is currently only accessible from localhost.
-
-     Options +FollowSymLinks
-
-     <IfModule !mod_authz_core.c>
-       # Apache 2.2
-       Order Allow,Deny
-       #Deny from All
-       Allow from All
-     </IfModule>
-     <IfModule mod_authz_core.c>
-       # Apache 2.4
-       Require all granted
-     </IfModule>
-
-     <IfModule mod_rewrite.c>
-        RewriteEngine On
-        RewriteBase   /
-        RewriteCond   %{REQUEST_FILENAME}  !-d
-        RewriteCond   %{REQUEST_FILENAME}  !-f
-        RewriteRule ^(.*)$ rampage.php [QSA,L]
-     </IfModule>
-  </Directory>
-
-  <Directory /usr/share/horde/config>
-       Deny from all
-  </Directory>
-
-  <Directory /usr/share/horde/scripts>
-       Deny from all
-  </Directory>
-
-  <Directory /usr/share/horde/locale>
-       Deny from all
-  </Directory>
-
-  <Directory /usr/share/horde/lib>
-       Deny from all
-  </Directory>
-
-  <Directory /usr/share/horde/templates>
-       Deny from all
-  </Directory>
-
-  <Directory /usr/share/horde/rpc>
-      RewriteCond   %{REQUEST_FILENAME}  !-d
-      RewriteCond   %{REQUEST_FILENAME}  !-f
-      RewriteRule   ^(.*)$ index.php/$1 [QSA,L]
-  </Directory>
-
-    # ActiveSync
-    Alias /rpc.php /usr/share/horde/rpc.php
-    Alias /Microsoft-Server-ActiveSync /usr/share/horde/rpc.php
-    Alias /autodiscover/autodiscover.xml /usr/share/horde/rpc.php
-    Alias /Autodiscover/Autodiscover.xml /usr/share/horde/rpc.php
-    Alias /AutoDiscover/AutoDiscover.xml /usr/share/horde/rpc.php
-    ProxyTimeout 5400
-
 {% for custom_domain in [mailserver_domain] + custom_domains %}
-RewriteCond %{SERVER_NAME} =horde.{{ custom_domain }}
+  RewriteCond %{SERVER_NAME} =horde.{{ custom_domain }}
 {%- if loop.index != loop.length %}
- [OR]
+   [OR]
 {% endif %}
 {% endfor %}
 
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/postfixadmin.conf.j2

@@ -1,41 +1,8 @@
 <VirtualHost *:80>
   ServerName postfixadmin.vpn.{{ mailserver_domain }}
 
-  DocumentRoot /var/www/postfixadmin/public/
+  RewriteEngine on
+  RewriteCond %{SERVER_NAME} =postfixadmin.vpn.{{ mailserver_domain }}
 
-  ErrorLog /var/log/httpd/postfixadmin_error.log
-  CustomLog /var/log/httpd/postfixadmin_access.log combined
-
-  <Directory />
-    Options FollowSymLinks
-    AllowOverride All
-    <RequireAny>
-      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
-{% for dynamic_host_name in wg_configs.keys() | list %}
-{% if dynamic_host_name != "server "%}
-      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
-      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
-{% endif %}
-{% endfor %}
-    </RequireAny>
-  </Directory>
-
-  <Directory /var/www/postfixadmin/public/>
-    Options FollowSymLinks MultiViews
-    AllowOverride All
-    <RequireAny>
-      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
-{% for dynamic_host_name in wg_configs.keys() | list %}
-{% if dynamic_host_name != "server "%}
-      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
-      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
-{% endif %}
-{% endfor %}
-    </RequireAny>
-  </Directory>
-
-RewriteEngine on
-RewriteCond %{SERVER_NAME} =postfixadmin.vpn.{{ mailserver_domain }}
-
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/poweradmin.conf.j2

@@ -1,41 +1,8 @@
 <VirtualHost *:80>
   ServerName poweradmin.vpn.{{ mailserver_domain }}
 
-  DocumentRoot /var/www/poweradmin/
+  RewriteEngine on
+  RewriteCond %{SERVER_NAME} =poweradmin.vpn.{{ mailserver_domain }}
 
-  ErrorLog /var/log/httpd/poweradmin_error.log
-  CustomLog /var/log/httpd/poweradmin_access.log combined
-
-  <Directory />
-    Options FollowSymLinks
-    AllowOverride All
-    <RequireAny>
-      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
-{% for dynamic_host_name in wg_configs.keys() | list %}
-{% if dynamic_host_name != "server "%}
-      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
-      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
-{% endif %}
-{% endfor %}
-    </RequireAny>
-  </Directory>
-
-  <Directory /var/www/poweradmin/>
-    Options FollowSymLinks MultiViews
-    AllowOverride All
-    <RequireAny>
-      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
-{% for dynamic_host_name in wg_configs.keys() | list %}
-{% if dynamic_host_name != "server "%}
-      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
-      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
-{% endif %}
-{% endfor %}
-    </RequireAny>
-  </Directory>
-
-RewriteEngine on
-RewriteCond %{SERVER_NAME} =poweradmin.vpn.{{ mailserver_domain }}
-
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/vpn.conf.j2

@@ -1,15 +1,8 @@
 <VirtualHost *:80>
   ServerName vpn.{{ mailserver_domain }}
 
+  RewriteEngine on
+  RewriteCond %{SERVER_NAME} =vpn.{{ mailserver_domain }}
 
-  ErrorLog /var/log/httpd/vpn_error.log
-  CustomLog /var/log/httpd/vpn_access.log combined
-
-  AddExternalAuth pwauth /usr/bin/pwauth
-  SetExternalAuthMethod pwauth pipe
-
-RewriteEngine on
-RewriteCond %{SERVER_NAME} =vpn.{{ mailserver_domain }}
-
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/webdav.conf.j2

@@ -2,35 +2,13 @@
   ServerName webdav.{{ mailserver_domain }}
   ServerAlias {{ custom_domains | join(' webdav.') }}
 
-  DocumentRoot /var/www/html/webdav/
-
-  ErrorLog /var/log/httpd/webdav_error.log
-  CustomLog /var/log/httpd/webdav_access.log combined
-
-  AddExternalAuth pwauth /usr/bin/pwauth
-  SetExternalAuthMethod pwauth pipe
-
-  <IfModule mod_dav_fs.c>
-      DAVLockDB /var/lib/dav/lockdb
-  </IfModule>
-  <Location />
-    DAV On
-    Options +Indexes
-    AuthType Basic
-    AuthName "private area"
-    AuthBasicProvider external
-    AuthExternal pwauth
-    Require valid-user
-    DirectoryIndex disabled
-  </Location>
-
-RewriteEngine on
+  RewriteEngine on
 {% for custom_domain in [mailserver_domain] + custom_domains %}
-RewriteCond %{SERVER_NAME} =webdav.{{ custom_domain }}
+  RewriteCond %{SERVER_NAME} =webdav.{{ custom_domain }}
 {%- if loop.index != loop.length %}
- [OR]
+   [OR]
 {% endif %}
 {% endfor %}
 
-RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>

templates/httpd/wildcard.conf.j2

@@ -1,11 +1,11 @@
 <VirtualHost *:80>
-  # ServerName {{ mailserver_domain }}
-  # ServerAlias {{ custom_domains | join(' ') }}
 
   ErrorLog /var/log/httpd/wildcard_error.log
   CustomLog /var/log/httpd/wildcard_access.log combined
 
   RewriteEngine on
-  RewriteRule ^ https://youtu.be/LLFhKaqnWwk [END,NE,R=permanent]
+  RewriteCond %{HTTPS} off
+
+  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 
 </VirtualHost>