[TASK] Initial commit

attributes/default.rb

+default['typo3_site']['ip_address'] = '192.168.156.140'
+default['typo3_site']['webroot'] = '/var/www'
+default['typo3_site']['site_configuration'] = 'SiteConfiguration.php'
+default['typo3_site']['server_aliases'] = 'www.site.dev'
+default['typo3_site']['hostname'] = 'site.dev'
+default['typo3_site']['repository'] = ''
+default['typo3_site']['repository_hostname'] = 'git.domain'
+default['typo3_site']['repository_port'] = 22
+default['typo3_site']['deploy_dump'] = '~/site/dump.sql'
+
+# Example:
+#[
+#	{
+#		:user => 'vagrant',
+#		:hostname => 'deploy.site.com',
+#		:port => 22,
+#		:remote => '~/site/fileadmin/',
+#		:local => 'fileadmin'
+#	},
+#	{
+#		:user => 'vagrant',
+#		:hostname => 'deploy.site.com',
+#		:port => 22,
+#		:remote => '~/site/uploads/',
+#		:local => 'uploads'
+#	}
+#]
+default['typo3_site']['sync_directories'] = []
+
+# Example:
+#[
+#	{
+#		:database_name => 'typo3',
+#		:database_user => 'typo3',
+#		:database_password => 'typo3',
+#		:dump_user => 'vagrant',
+#		:dump_hostname => 'deploy.site.com',
+#		:dump_port => 22,
+#		:dump_remote => '~/site/dump.sql',
+#		:dump_local => '/home/vagrant/dump.sql',
+#		:post_install_queries => [
+#			"INSERT INTO typo3.be_users (pid, tstamp, username, password, admin, usergroup, disable, starttime, endtime, lang, email) VALUES (0,1276860841,'admin','$1$lV7klIfP$E8.y9jiK4RL6qZzgWboSP/',1,'0',0,0,0,'','admin@example.com')",
+#			"UPDATE typo3.sys_domain SET domainName = 'site.dev' WHERE uid = 1;"
+#		]
+#	}
+#]
+default['typo3_site']['sync_databases'] = []
\ No newline at end of file

metadata.rb

+name 'typo3_site'
+maintainer 'sgalinski Internet Services'
+maintainer_email 'stefan@sgalinski.de'
+license 'Apache 2.0'
+description 'Site'
+long_description 'Sets up a website'
+version '1.0.0'
+recipe 'typo3_site::default', 'Main recipe'
+
+depends 'apache2', '~> 3.0.0'
+depends 'database', '~> 4.0.0'
+depends 'graphicsmagick'
+depends 'hostsfile'
+depends 'mysql', '~> 6.0.0'
+depends 'mysql2_chef_gem', '~> 1.0.0'
+depends 'line'
\ No newline at end of file

recipes/default.rb

+#
+# Cookbook Name:: typo3_site
+# Recipe:: default
+#
+# Copyright sgalinski Internet Services
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+##########################
+### Add hostname entry ###
+##########################
+
+hostsfile_entry node['typo3_site']['ip_address'] do
+	hostname node['typo3_site']['hostname']
+	action :append
+end
+
+hostsfile_entry node['typo3_site']['ip_address'] do
+	hostname node['typo3_site']['server_aliases']
+	action :append
+end
+
+###################################
+### Install additional packages ###
+###################################
+
+include_recipe 'graphicsmagick'
+include_recipe 'apache2'
+include_recipe 'apache2::mod_php5'
+include_recipe 'apache2::mod_ssl'
+
+%w(php5-curl php5-intl php5-gd php5-mcrypt php5-mysql php5-imagick).each do |name|
+	package name do
+		action :install
+	end
+end
+
+################################
+### Modify Php Configuration ###
+################################
+
+replace_or_add 'Increase time limit' do
+	path '/etc/php5/apache2/php.ini'
+	pattern 'max_execution_time = 30'
+	line 'max_execution_time = 240'
+end
+
+replace_or_add 'Increase time limit - CLI' do
+	path '/etc/php5/cli/php.ini'
+	pattern 'max_execution_time = 30'
+	line 'max_execution_time = 240'
+end
+
+replace_or_add 'Increase upload size limit' do
+	path '/etc/php5/apache2/php.ini'
+	pattern 'upload_max_filesize = 2M'
+	line 'upload_max_filesize = 10M'
+end
+
+replace_or_add 'Increase upload size limit - CLI' do
+	path '/etc/php5/cli/php.ini'
+	pattern 'upload_max_filesize = 2M'
+	line 'upload_max_filesize = 10M'
+end
+
+replace_or_add 'Increase post_max_size limit' do
+	path '/etc/php5/apache2/php.ini'
+	pattern 'post_max_size = 2M'
+	line 'post_max_size = 10M'
+end
+
+replace_or_add 'Increase post_max_size limit - CLI' do
+	path '/etc/php5/cli/php.ini'
+	pattern 'post_max_size = 2M'
+	line 'post_max_size = 10M'
+end
+
+################################
+### Setup Apache Environment ###
+################################
+
+# copy ssl key data
+template '/etc/apache2/ssl/sslKey.key' do
+	source 'sslKey.key'
+	owner 'vagrant'
+	group 'vagrant'
+end
+
+template '/etc/apache2/ssl/sslKey.crt' do
+	source 'sslKey.crt'
+	owner 'vagrant'
+	group 'vagrant'
+end
+
+# create web app with an own virtual host
+web_app node['typo3_site']['hostname'] do
+	template 'vHost.conf.erb'
+	docroot "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/"
+	server_name node['typo3_site']['hostname']
+	server_aliases node['typo3_site']['server_aliases']
+end
+
+#######################
+### Provide Sources ###
+#######################
+
+ssh_known_hosts_entry node['typo3_site']['repository_hostname'] do
+	port node['typo3_site']['repository_port']
+end
+
+git "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}" do
+	repository node['typo3_site']['repository']
+	remote 'origin'
+	revision 'HEAD'
+	reference 'master'
+	timeout 100000
+	user 'vagrant'
+	group 'vagrant'
+	action :checkout
+	ssh_wrapper '/home/vagrant/ssh_wrapper.sh'
+end
+
+###########################################
+### Provide site specific configuration ###
+###########################################
+
+template "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/typo3conf/#{node['typo3_site']['site_configuration']}" do
+	source 'SiteConfiguration.erb'
+	owner 'vagrant'
+	group 'vagrant'
+	mode '0660'
+end
+
+#########################
+### Synchronize Files ###
+#########################
+
+node['typo3_site']['sync_directories'].each do |sync_data|
+	ssh_known_hosts_entry sync_data['hostname'] do
+		port sync_data['port']
+	end
+
+	bash 'Synchronize ' + sync_data['local'] do
+		user 'vagrant'
+		group 'vagrant'
+		timeout 3000000
+		code <<-EOF
+			rsync --delete -auvz --progress -e "ssh -i /home/vagrant/.ssh/id_rsa -p #{sync_data['port']} -o StrictHostKeyChecking=no" \
+				--no-o --no-g #{sync_data['user']}@#{sync_data['hostname']}:#{sync_data['remote']} \
+				"#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/#{sync_data['local']}";
+		EOF
+		action :run
+	end
+end
+
+###################
+### Setup MySQL ###
+###################
+
+mysql_service 'default' do
+	initial_root_password 'root'
+	action [:create, :start]
+end
+
+mysql_config 'default' do
+	source 'my.cnf.erb'
+	action :create
+	notifies :restart, 'mysql_service[default]'
+end
+
+mysql_client 'default' do
+	action :create
+end
+
+########################
+### Create Databases ###
+########################
+
+# install the necessary mysql2 gem
+mysql2_chef_gem 'default' do
+	action :install
+end
+
+# create the databases
+connection_info = {:host => '127.0.0.1', :username => 'root', :password => 'root'}
+
+node['typo3_site']['sync_databases'].each do |database_data|
+	# create database
+	mysql_database database_data['database_name'] do
+		connection connection_info
+		action :create
+	end
+
+	# create user
+	mysql_database_user database_data['database_user'] do
+		connection connection_info
+		database_name database_data['database_name']
+		password database_data['database_password']
+		host '127.0.0.1'
+		privileges [:select, :update, :insert, :create, :alter, :drop, :delete]
+		action :grant
+	end
+
+	# add host to ssh known hosts
+	ssh_known_hosts_entry database_data['dump_hostname'] do
+		port database_data['dump_port']
+	end
+
+	# download the sql data
+	bash 'Download Dump for ' + database_data['database_name'] do
+		user 'vagrant'
+		group 'vagrant'
+		timeout 3000000
+		code <<-EOF
+		rsync --delete -auvz --progress -e "ssh -i /home/vagrant/.ssh/id_rsa -p #{database_data['dump_port']} -o StrictHostKeyChecking=no" \
+			--no-o --no-g #{database_data['dump_user']}@#{database_data['dump_hostname']}:#{database_data['dump_remote']} \
+			#{database_data['dump_local']};
+		EOF
+		action :run
+	end
+
+	# load the dump
+	bash 'Import Dump for ' + database_data['database_name'] do
+		code <<-EOF
+			mysql -h 127.0.0.1 -u root -proot #{database_data['database_name']} < #{database_data['dump_local']}
+		EOF
+		action :run
+	end
+
+	# # this would be better, but currently buggy in the database cookbook
+	# # https://github.com/opscode-cookbooks/database/issues/128
+	# mysql_database 'Import Dump for ' + database_data['database_name'] do
+	# 	connection connection_info
+	# 	database_name #{database_data['database_name']}
+	# 	sql { ::File.open(#{database_data['dump_local']}).read }
+	# 	action :query
+	# end
+
+	database_data['post_install_queries'].each do |query|
+		mysql_database 'Execute Post Install Query' do
+			connection connection_info
+			database_name database_data['database_name']
+			sql query
+			action :query
+		end
+	end
+end
\ No newline at end of file

templates/default/SiteConfiguration.erb

+<?php
+
+$GLOBALS['TYPO3_CONF_VARS']['DB']['database'] = 'typo3';
+$GLOBALS['TYPO3_CONF_VARS']['DB']['username'] = 'typo3';
+$GLOBALS['TYPO3_CONF_VARS']['DB']['password'] = 'typo3';
+$GLOBALS['TYPO3_CONF_VARS']['DB']['host'] = '127.0.0.1';
+
+// SSL settings for the backend login
+//
+// Notes:
+// - The value 2 is used in the live system only. It will redirect any normal http access to an https one.
+// - The value 0 is used in the testing and devel systems, because we doesn't have ssl support here!!
+$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] = 0;
+
+// Change install tool password to joh316
+$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] = '$P$CCuX8EzzYaSOHJS5o32X9Uk3Vg79ji1';
+
+// show failed sql queries and php errors
+$GLOBALS['TYPO3_CONF_VARS']['SYS']['enableDeprecationLog'] = 0;
+
+// change the systemLog location
+$GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLog'] = 'file,/var/www/typo3.log,3';
+
+// show failed sql queries and php errors
+if (!$GLOBALS['TYPO3_DISABLE_DEBUG']) {
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG'] = 0;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'] = '*';
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['sqlDebug'] = 1;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['displayErrors'] = 1;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['enableDeprecationLog'] = 0;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['errorHandlerErrors'] = 'E_ALL ^ E_NOTICE';
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['clearCacheSystem'] = TRUE;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLogLevel'] = 0;
+	$GLOBALS['TYPO3_CONF_VARS']['SYS']['exceptionalErrors'] = 28674;
+}
+
+?>

templates/default/my.cnf.erb

+[mysqld]
+# * Fine Tuning
+key_buffer		= 16M
+max_allowed_packet	= 16M
+thread_stack		= 192K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover         = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+
+# * Query Cache Configuration
+query_cache_limit	= 1M
+query_cache_size        = 16M
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet	= 16M
+
+[isamchk]
+key_buffer		= 16M
\ No newline at end of file

templates/default/sslKey.crt

+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIJAI0fP6WiydHSMA0GCSqGSIb3DQEBCwUAMHgxCzAJBgNV
+BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxEDAOBgNV
+BAoMB0ZyZW50bGUxEDAOBgNVBAMMB0ZyZW50bGUxIjAgBgkqhkiG9w0BCQEWE2Zy
+ZW50bGVAZXhhbXBsZS5vcmcwHhcNMTQxMTE4MTkwNjAxWhcNMTUxMTE4MTkwNjAx
+WjB4MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVu
+aWNoMRAwDgYDVQQKDAdGcmVudGxlMRAwDgYDVQQDDAdGcmVudGxlMSIwIAYJKoZI
+hvcNAQkBFhNmcmVudGxlQGV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAor936HJ6p5j/FJab3UZCaJtOoQ19V+PSEtPNqopd32idrsWM
+R8oKjmuDN++tI0DXab5a7eJrsJ+LmyYl5Ly0uY5tW/fbP1ONs5FSsheithy7fCN0
+EFwkor02HIkJWBFksqDUf594mKoEgX0Epba8e41MT7MHuZU4Kl4cPt2ple7OXYxo
+QJTgLBGDIm7Xn4vw4GPzYvtARizjgflBqPkUDn3VYMi3Jwdcawve1yY90mhrZ4Rv
+3N9AXOzQF8WOEqg9JyaEUzHYy5T7D7XA4U2od3tBo1gAwzCDHQ8yc2aXU5nA5IBf
+i8A6N+kMF61shT3gSN/tuziMc1ymdfjc9yvXCwIDAQABo1AwTjAdBgNVHQ4EFgQU
+kvS96/BBMpa/er9Por6Coi6X9uUwHwYDVR0jBBgwFoAUkvS96/BBMpa/er9Por6C
+oi6X9uUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEASmTZ5iB6CMJN
+GEsawTqExkT7DbrmbkWobt02gz1KCrAU6aJBQ42TIW9DWcG37fyJyil699+K0HEg
+wm7bSZh5C/IPM6jgBvWuK6CVYItmbcHG1dTiYfqQRplUT1x/beekKpVDlpcqUvmT
+JbHFkxGuNAfcifhOZK3apv1N9birPBOOSZtFXvC1SP8tSrg5M4SF1pjFOlWPhXri
+uOVsvUkWu9FOZnserG7DbyzjNni6G9LNmnw0D0MFJjIrp5fw3JQmdqen19USsKTb
+vr6cquLNsKnw44WQagP+LZ6y2/4/ZRWAHcgQwWbmOqhD0FkNsJAhwESmJzf8yU8n
+lkM+0SMS8w==
+-----END CERTIFICATE-----

templates/default/sslKey.key

+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAor936HJ6p5j/FJab3UZCaJtOoQ19V+PSEtPNqopd32idrsWM
+R8oKjmuDN++tI0DXab5a7eJrsJ+LmyYl5Ly0uY5tW/fbP1ONs5FSsheithy7fCN0
+EFwkor02HIkJWBFksqDUf594mKoEgX0Epba8e41MT7MHuZU4Kl4cPt2ple7OXYxo
+QJTgLBGDIm7Xn4vw4GPzYvtARizjgflBqPkUDn3VYMi3Jwdcawve1yY90mhrZ4Rv
+3N9AXOzQF8WOEqg9JyaEUzHYy5T7D7XA4U2od3tBo1gAwzCDHQ8yc2aXU5nA5IBf
+i8A6N+kMF61shT3gSN/tuziMc1ymdfjc9yvXCwIDAQABAoIBABxTEn1kHzC4Efz1
+UV8rcTdfgEnLXTtErTUVo7/AoSHWxUq7mvSLl1a+I3JCxnFSQatns8+fDnsI6XUx
+KHss1I9O2H2fH4tf8VOFQU05i9oCGic6zGJkhwPDxn0k5HltXYcxMoqbqJN5U5tt
+tLdanGcsalGcqQWFkObexi+yyGcNh9HH8PujuqL5w+FHnSm5AQI15aaqoLG2MH48
+7HpMwRJbT0rX3mYPXSudttLlsttEyj+URZrsYm5BnjMgVez02wsJuKBtyDhUZjHk
++d64FKTFpB1eq/YcHoqDjRLcCmt0IttKPlegmB8SeDxwYXIIydZ/xps819p/Z8P6
+BsXy1gECgYEAz5GaPmlFGoIbZR5pJ9ob1a9bhSkBZEA7DNvzqUWIZzmGpZ4z/45L
+EyVUmMdEGxCHoANHf1QIaAjZVpffpZop2kpyRfSnuGXX6RbrtnYO4VOFjbLLqc0g
+pfi3xPHYQvCbKzTT3gVaUxaGMJrQM9RD21rMwlpxppRENkLCjxtCDIECgYEAyLim
+Mdc0srSAT2onv0XQ0ymyHOAlxmEX/T5Am5fMLBx28pLLGCdaIcsPbNUFyGtuNGC5
+nRrFwcepy+YB/BpYOxfZpLZJpuGeClWMO/ubtjLEQrUwEEn1AXzQouoTnsdO4jB6
+xw93jLtuRk1nKri8tEfzXQwKHdzHI5bHowNsjYsCgYBUh4YZ/oLOzcdcQasvOIp3
+VgdeThmr+uBRV01+VLu81dd4oNmqLAd0z5II+bVJlEy3JD68orsdquTfd8/zP7nl
+lMW+qWiYFpl76gKp9qAOsRXFY9e+2bN/A6/K+3ZHpHZ8fPH/C40CIz0YlCNPyBSu
+Qub6Cx0Xam/w7PUQlFgsgQKBgHtFc8QeUB4EXtzm7Bw7S2G0NNApFOn9zVbZOaKV
+Gm5o2OBnKNXfrSod5I5JUbDh0Z/XW4dR3uwArJYt30AuCcvY/PB8h0U3QPFF0scv
+4lSGXyQ81JTcZt0QA65aJcyYySh+75h7Nke3AKWqedax+CqcGakmcLwgUCjaPCcw
+PiW7AoGANTKmG1o6iRBESHHnnkpmZ4AYLZbZ3OKU88lEc7lq60vKiWpiFFMbJG//
+qbF281By9O2Ke60elBo1KjAaTxqcwyaGI07C6CgI4ddjW7I0HSmZH7tjPc42J1Gk
+ytg9Fe0lJkzNfd/CJsx1nWJxPSpXNCi3fpe/kWCzhw8aB9gxNSg=
+-----END RSA PRIVATE KEY-----

templates/default/vHost.conf.erb

+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerAdmin webmaster@localhost
+		ServerName <%= @params[:server_name] %>
+		ServerAlias <%= @params[:server_aliases] %>
+
+		DocumentRoot <%= @params[:docroot] %>
+		<Directory <%= @params[:docroot] %>>
+			Options FollowSymLinks MultiViews
+			AllowOverride All
+			Require all granted
+		</Directory>
+
+		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+		# error, crit, alert, emerg.
+		# It is also possible to configure the loglevel for particular
+		# modules, e.g.
+		#LogLevel info ssl:warn
+
+		ErrorLog /var/log/apache2/ssl-error.log
+		CustomLog /var/log/apache2/ssl-access.log combined
+
+		# For most configuration files from conf-available/, which are
+		# enabled or disabled at a global level, it is possible to
+		# include a line for only one particular virtual host. For example the
+		# following line enables the CGI configuration for this host only
+		# after it has been globally disabled with "a2disconf".
+		#Include conf-available/serve-cgi-bin.conf
+
+		#   SSL Engine Switch:
+		#   Enable/Disable SSL for this virtual host.
+		SSLEngine on
+
+		#   A self-signed (snakeoil) certificate can be created by installing
+		#   the ssl-cert package. See
+		#   /usr/share/doc/apache2/README.Debian.gz for more info.
+		#   If both key and certificate are stored in the same file, only the
+		#   SSLCertificateFile directive is needed.
+		#SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
+		#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+		SSLCertificateFile /etc/apache2/ssl/sslKey.crt
+		SSLCertificateKeyFile /etc/apache2/ssl/sslKey.key
+
+		#   Server Certificate Chain:
+		#   Point SSLCertificateChainFile at a file containing the
+		#   concatenation of PEM encoded CA certificates which form the
+		#   certificate chain for the server certificate. Alternatively
+		#   the referenced file can be the same as SSLCertificateFile
+		#   when the CA certificates are directly appended to the server
+		#   certificate for convinience.
+		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+		#   Certificate Authority (CA):
+		#   Set the CA certificate verification path where to find CA
+		#   certificates for client authentication or alternatively one
+		#   huge file containing all of them (file must be PEM encoded)
+		#   Note: Inside SSLCACertificatePath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCACertificatePath /etc/ssl/certs/
+		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+		#   Certificate Revocation Lists (CRL):
+		#   Set the CA revocation path where to find CA CRLs for client
+		#   authentication or alternatively one huge file containing all
+		#   of them (file must be PEM encoded)
+		#   Note: Inside SSLCARevocationPath you need hash symlinks
+		#		 to point to the certificate files. Use the provided
+		#		 Makefile to update the hash symlinks after changes.
+		#SSLCARevocationPath /etc/apache2/ssl.crl/
+		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+		#   Client Authentication (Type):
+		#   Client certificate verification type and depth.  Types are
+		#   none, optional, require and optional_no_ca.  Depth is a
+		#   number which specifies how deeply to verify the certificate
+		#   issuer chain before deciding the certificate is not valid.
+		#SSLVerifyClient require
+		#SSLVerifyDepth  10
+
+		#   SSL Engine Options:
+		#   Set various options for the SSL engine.
+		#   o FakeBasicAuth:
+		#	 Translate the client X.509 into a Basic Authorisation.  This means that
+		#	 the standard Auth/DBMAuth methods can be used for access control.  The
+		#	 user name is the `one line' version of the client's X.509 certificate.
+		#	 Note that no password is obtained from the user. Every entry in the user
+		#	 file needs this password: `xxj31ZMTZzkVA'.
+		#   o ExportCertData:
+		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
+		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+		#	 server (always existing) and the client (only existing when client
+		#	 authentication is used). This can be used to import the certificates
+		#	 into CGI scripts.
+		#   o StdEnvVars:
+		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
+		#	 Per default this exportation is switched off for performance reasons,
+		#	 because the extraction step is an expensive operation and is usually
+		#	 useless for serving static content. So one usually enables the
+		#	 exportation for CGI and SSI requests only.
+		#   o OptRenegotiate:
+		#	 This enables optimized SSL connection renegotiation handling when SSL
+		#	 directives are used in per-directory context.
+		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+		<FilesMatch "\.(cgi|shtml|phtml|php)$">
+				SSLOptions +StdEnvVars
+		</FilesMatch>
+		<Directory /usr/lib/cgi-bin>
+				SSLOptions +StdEnvVars
+		</Directory>
+
+		#   SSL Protocol Adjustments:
+		#   The safe and default but still SSL/TLS standard compliant shutdown
+		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+		#   the close notify alert from client. When you need a different shutdown
+		#   approach you can use one of the following variables:
+		#   o ssl-unclean-shutdown:
+		#	 This forces an unclean shutdown when the connection is closed, i.e. no
+		#	 SSL close notify alert is send or allowed to received.  This violates
+		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
+		#	 this when you receive I/O errors because of the standard approach where
+		#	 mod_ssl sends the close notify alert.
+		#   o ssl-accurate-shutdown:
+		#	 This forces an accurate shutdown when the connection is closed, i.e. a
+		#	 SSL close notify alert is send and mod_ssl waits for the close notify
+		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
+		#	 practice often causes hanging connections with brain-dead browsers. Use
+		#	 this only for browsers where you know that their SSL implementation
+		#	 works correctly.
+		#   Notice: Most problems of broken clients are also related to the HTTP
+		#   keep-alive facility, so you usually additionally want to disable
+		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+		#   "force-response-1.0" for this.
+		BrowserMatch "MSIE [2-6]" \
+				nokeepalive ssl-unclean-shutdown \
+				downgrade-1.0 force-response-1.0
+		# MSIE 7 and newer should be able to use keepalive
+		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+	</VirtualHost>
+</IfModule>
+
+<VirtualHost *:80>
+  ServerAdmin webmaster@localhost
+  ServerName <%= @params[:server_name] %>
+  ServerAlias <%= @params[:server_aliases] %>
+
+  DocumentRoot <%= @params[:docroot] %>
+  <Directory <%= @params[:docroot] %>>
+    Options FollowSymLinks MultiViews
+    AllowOverride All
+    Require all granted
+  </Directory>
+
+  ErrorLog /var/log/apache2/error.log
+
+  # Possible values include: debug, info, notice, warn, error, crit,
+  # alert, emerg.
+  LogLevel warn
+
+  CustomLog /var/log/apache2/access.log combined
+  ServerSignature On
+</VirtualHost>
\ No newline at end of file