Yes, it would, but as you mention, it’s overwritten in the direct config for Nextcloud. As you may know, this is the default config for that directory (which I commented out, because I’m blocking general access) which must be overwritten regardless:
#<Directory /var/www> # Options Indexes FollowSymLinks # AllowOverride None # Require all granted #</Directory>
So everything is working. This is no surprise, you guys made it that way. I went ahead and commented out the duplicate Nextcloud directory stipulation in the base config because it wasn’t necessary.
Since you block access to
/var/www
, how do you access Pi-hole?
I have specified those directories my main apache config:
<Directory /var/www/admin>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/html/admin>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
And yes, I am using the public directory blocking, which you guys authored, per:
# Block public access to admin panel
<Directory ~ /var/www(/html)?/admin>
Require ip 127 192.168 10 172.16.0.0/12 ::1/128 fe80::/10 fc00::/7
</Directory>
PiHole works great.
And I’m missing your HTTPS/443 config to get the full picture.
True that, my apologies. Here’s the 443 config (relevant parts). I’m using let’s encrypt, and that’s also working great:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
I do notice that the public document root here conflicts with the public document root for HTTP (/var/www). Is that an issue, or is that by design? Either way, this is how you guys wrote it.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xxx.xxx.xxx
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/xxx.xxx.xxx/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxx.xxx.xxx/privkey.pem
</VirtualHost>
</IfModule>