summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
AgeCommit message (Collapse)Author
2015-12-12[bug] Use guess_apache_version in apache templatesvarac
The apache_version() fact only works if apache is already installed. So we use the guess_apache_version() function from the apache module to determine which apache version is to be installed. - Resolves: #7681
2015-11-17[deprec] use @ in front of erb template tagsvarac
Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
2015-11-17[bug] [jessie] Allow apache to access webapp dirvarac
- Resolves: #7580
2014-12-22Adds a ssl_common.inc file to use inside vhosts for the SSL config (solves ↵guido
#5103) Change-Id: I717bf7ca2c5679165a99370c4540f8b8dc1a48ea
2014-10-15Disable SSLv3, and RC4 ciphersMicah Anderson
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
2014-09-25stop logging user-agent in apache, fixes #6129Micah Anderson
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b
2014-04-02Update TLS apache vhost TLS configuration (#5137):Micah Anderson
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043
2013-09-24Webapp doesn't serve commercial cert (Bug #3916)varac
2013-09-22Merge branch 'api-crt-3384' into develop fixes #3384kwadronaut
2013-09-22adding fqdn as default servername and moving service.domain to ServerAlias ↵kwadronaut
(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns)
2013-09-20fix whitespace issues from https://review.leap.se/r/82varac
2013-09-19tidy webapp api x509 definitions (#3840)varac
2013-08-22add HSTS if hiera value for webapp['secure'] is set (#3514)Micah Anderson
Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab
2013-08-21Disable verbose, identifying apache headers (#3462):Micah Anderson
. Disable ServerSignature . Set ServerTokens Prod . unset the X-Powered-By and X-Runtime apache headers Change-Id: Iddb2cb9a0465bc7f657581adaacbbf748479fd7a
2013-05-22change paths for leap webapp to be under /srv/leap/webapp from /srv/leap-webappMicah Anderson
2013-04-18webapp: removed "Alias /1" from apache configelijah
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-11replace Documentroot path from - to _Micah Anderson
2012-11-27fix location of SSLCertificateChainFile locationMicah Anderson
2012-11-27map /1 -> document rootMicah Anderson
2012-11-27add site_webapp class to install the certs/keys/CAs and virtual host ↵Micah Anderson
configurations
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 03:14:30 +0000