piwik installation first step

diff --git a/.etckeeper b/.etckeeper
index 9d572e3cdf6963801eab79b136485c1731b2b488..652958746ef7d6b082507d6ab5c9f91fb2b1d4ad 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -225,6 +225,7 @@ maybe chmod 0644 'apache2/sites-available/default-ssl.conf'
 maybe chmod 0644 'apache2/sites-available/hoellein.online.conf'
 maybe chmod 0644 'apache2/sites-available/nextcloud.conf'
 maybe chmod 0644 'apache2/sites-available/nextcloud_siedlerverein.conf'
+maybe chmod 0644 'apache2/sites-available/piwik.conf'
 maybe chmod 0644 'apache2/sites-available/siedlerverein.conf'
 maybe chmod 0644 'apache2/sites-available/siedlerverein_local.conf'
 maybe chmod 0755 'apache2/sites-enabled'

diff --git a/apache2/sites-available/piwik.conf b/apache2/sites-available/piwik.conf
new file mode 100644 (file)
index 0000000..3fa1657
--- /dev/null
+++ b/apache2/sites-available/piwik.conf
@@ -0,0 +1,60 @@
+<IfModule mod_headers.c>
+        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+</IfModule>
+<IfModule mod_ssl.c>
+        <VirtualHost *:443>
+                Header set Referrer-Policy "no-referrer"
+                ServerAdmin webmaster@localhost
+                DocumentRoot /var/www/piwik/
+                ServerName piwik.hoellein.online:443
+                ServerAlias piwik.hoellein.online
+                <Directory />
+                        Options FollowSymLinks
+                        AllowOverride all
+                </Directory>
+                <Directory /var/www/piwik/>
+                        SetEnv HOME /var/www/piwik
+                        SetEnv HTTP_HOME /var/www/piwik
+                        Options Indexes FollowSymLinks MultiViews
+                        AllowOverride All
+                        Require all granted
+                </Directory>
+                <LocationMatch "/(data|conf|bin|inc)/">
+                        Require all denied
+                        Satisfy All
+                </LocationMatch>
+                RewriteEngine on
+                ScriptAlias /cgi-bin/ /var/www/piwik/cgi-bin/
+                <Directory "/var/www/piwik/cgi-bin">
+                        AllowOverride None
+                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+#                       Order allow,deny
+#                       Allow from all
+                        Require all granted
+                </Directory>
+
+
+                # Possible values include: debug, info, notice, warn, error, crit,
+                # alert, emerg.
+                LogLevel debug
+                ErrorLog ${APACHE_LOG_DIR}/piwik.hoellein.online_error.log
+                CustomLog ${APACHE_LOG_DIR}/piwik.hoellein..online_access.log combined
+
+                #   SSL Engine Switch:
+                #   Enable/Disable SSL for this virtual host.
+                SSLEngine on
+                SSLProtocol all -SSLv2 -SSLv3
+                <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                        SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /var/www/piwik/cgi-bin/>
+                        SSLOptions +StdEnvVars
+                </Directory>
+
+                SSLCertificateFile /etc/letsencrypt/live/nextcloud.hoellein.online/cert.pem
+                SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.hoellein.online/privkey.pem
+                SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.hoellein.online/chain.pem
+                SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/hoellein.online/dhparams_2048.pem
+        </VirtualHost>
+</IfModule>
+

diff --git a/apache2/sites-enabled/piwik.conf b/apache2/sites-enabled/piwik.conf
new file mode 120000 (symlink)
index 0000000..66cb144
--- /dev/null
+++ b/apache2/sites-enabled/piwik.conf
@@ -0,0 +1 @@
+../sites-available/piwik.conf
\ No newline at end of file