summaryrefslogtreecommitdiff
path: root/puppet/modules/apache/files/conf.d
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-07-12 16:45:58 -0400
committerMicah <micah@leap.se>2016-07-12 16:45:58 -0400
commit4aff06cc2fecc0b59728d7fc825fb36394b847b7 (patch)
tree3668fd7666051bfd5e6b5b79a7238e54962e3948 /puppet/modules/apache/files/conf.d
parentf2019755fd724fb1020cb2d97cdf82b751450ebc (diff)
git subrepo clone https://leap.se/git/puppet_apache puppet/modules/apache
subrepo: subdir: "puppet/modules/apache" merged: "415e950" upstream: origin: "https://leap.se/git/puppet_apache" branch: "master" commit: "415e950" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "1e79595" Change-Id: Iba7353669969a09c0b4bbd63add67e3245b05ede
Diffstat (limited to 'puppet/modules/apache/files/conf.d')
-rw-r--r--puppet/modules/apache/files/conf.d/CentOS/ssl.conf76
-rw-r--r--puppet/modules/apache/files/conf.d/CentOS/welcome.conf10
-rw-r--r--puppet/modules/apache/files/conf.d/Debian/charset6
-rw-r--r--puppet/modules/apache/files/conf.d/Debian/security50
-rw-r--r--puppet/modules/apache/files/conf.d/Debian/ssl.conf1
-rw-r--r--puppet/modules/apache/files/conf.d/do_includes.conf5
-rw-r--r--puppet/modules/apache/files/conf.d/git.conf5
-rw-r--r--puppet/modules/apache/files/conf.d/mozilla_autoconfig.conf6
-rw-r--r--puppet/modules/apache/files/conf.d/status.conf24
-rw-r--r--puppet/modules/apache/files/conf.d/vhosts.conf8
10 files changed, 191 insertions, 0 deletions
diff --git a/puppet/modules/apache/files/conf.d/CentOS/ssl.conf b/puppet/modules/apache/files/conf.d/CentOS/ssl.conf
new file mode 100644
index 00000000..7f9be957
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/CentOS/ssl.conf
@@ -0,0 +1,76 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+#
+# When we also provide SSL we have to listen to the
+# the HTTPS port in addition.
+#
+Listen 443
+NameVirtualHost *:443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
+SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex default
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+SSLRandomSeed startup file:/dev/urandom 256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names. NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly.
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
diff --git a/puppet/modules/apache/files/conf.d/CentOS/welcome.conf b/puppet/modules/apache/files/conf.d/CentOS/welcome.conf
new file mode 100644
index 00000000..7d7b0cd6
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/CentOS/welcome.conf
@@ -0,0 +1,10 @@
+#
+# This configuration file enables the default "Welcome"
+# page if there is no default index page present for
+# the root URL. To disable the Welcome page, comment
+# out all the lines below.
+#
+#<LocationMatch "^/+$">
+# Options -Indexes
+# ErrorDocument 403 /error/noindex.html
+#</LocationMatch>
diff --git a/puppet/modules/apache/files/conf.d/Debian/charset b/puppet/modules/apache/files/conf.d/Debian/charset
new file mode 100644
index 00000000..40d7198b
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/Debian/charset
@@ -0,0 +1,6 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
diff --git a/puppet/modules/apache/files/conf.d/Debian/security b/puppet/modules/apache/files/conf.d/Debian/security
new file mode 100644
index 00000000..55b3e519
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/Debian/security
@@ -0,0 +1,50 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages. It will be made the default for the release after lenny.
+#
+#<Directory />
+# AllowOverride None
+# Order Deny,Allow
+# Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+#ServerTokens Minimal
+ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+#
+#TraceEnable Off
+TraceEnable On
+
diff --git a/puppet/modules/apache/files/conf.d/Debian/ssl.conf b/puppet/modules/apache/files/conf.d/Debian/ssl.conf
new file mode 100644
index 00000000..bcfe8201
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/Debian/ssl.conf
@@ -0,0 +1 @@
+NameVirtualHost *:443
diff --git a/puppet/modules/apache/files/conf.d/do_includes.conf b/puppet/modules/apache/files/conf.d/do_includes.conf
new file mode 100644
index 00000000..f44d9d4a
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/do_includes.conf
@@ -0,0 +1,5 @@
+#
+# Add index.shtml to the list of files that will be served as directory
+# indexes.
+#
+DirectoryIndex index.shtml
diff --git a/puppet/modules/apache/files/conf.d/git.conf b/puppet/modules/apache/files/conf.d/git.conf
new file mode 100644
index 00000000..c03ee2b5
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/git.conf
@@ -0,0 +1,5 @@
+# deny access to git repository folders
+<DirectoryMatch .*\.git/.*>
+ Order allow,deny
+ Deny From All
+</DirectoryMatch>
diff --git a/puppet/modules/apache/files/conf.d/mozilla_autoconfig.conf b/puppet/modules/apache/files/conf.d/mozilla_autoconfig.conf
new file mode 100644
index 00000000..6e4f7db8
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/mozilla_autoconfig.conf
@@ -0,0 +1,6 @@
+Alias /.well-known/autoconfig/mail/config-v1.1.xml /var/www/autoconfig/config.shtml
+<Directory /var/www/autoconfig/>
+ Options +Includes
+ AddType application/xml .shtml
+ AddOutputFilter INCLUDES .shtml
+</Directory>
diff --git a/puppet/modules/apache/files/conf.d/status.conf b/puppet/modules/apache/files/conf.d/status.conf
new file mode 100644
index 00000000..fb706cc1
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/status.conf
@@ -0,0 +1,24 @@
+###########################################################
+### this file is managed by PUPPET ####
+### only modify it in puppet repo or you will ####
+### loose the changes ! ####
+###########################################################
+
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+<Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+
+ <IfModule mod_security2.c>
+ SecRuleEngine Off
+ </IfModule>
+</Location>
+
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called.
+ExtendedStatus On
+
diff --git a/puppet/modules/apache/files/conf.d/vhosts.conf b/puppet/modules/apache/files/conf.d/vhosts.conf
new file mode 100644
index 00000000..86485501
--- /dev/null
+++ b/puppet/modules/apache/files/conf.d/vhosts.conf
@@ -0,0 +1,8 @@
+###########################################################
+### this file is managed by PUPPET ####
+### only modify it in puppet repo or you will ####
+### loose the changes ! ####
+###########################################################
+
+NameVirtualHost *:80
+Include vhosts.d/*.conf