diff options
author | Micah Anderson <micah@riseup.net> | 2013-04-12 13:23:29 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-04-12 14:37:28 -0400 |
commit | 115691c87bad3f5863f088e73603133b67c9f828 (patch) | |
tree | bbfd7b5c0d0c220ef3e52eb25acd4595a46b85d0 /files/include.d | |
parent | 2401aae6c4785c1e6a777756bebe70c38b889727 (diff) | |
parent | 5ec141dfbf218dd9b2f2611d788db98f74e65073 (diff) |
Merge remote-tracking branch 'immerda/master'
Fixed apache_no_default_site variable to be a parameter to the apache
class (no_default_site = false)
Conflicts:
files/include.d/Debian/ssl_defaults.inc
manifests/base.pp
manifests/config/file.pp
manifests/vhost.pp
manifests/vhost/php/standard.pp
manifests/vhost/template.pp
templates/vhosts/php/CentOS.erb
templates/vhosts/php/Debian.erb
Diffstat (limited to 'files/include.d')
-rw-r--r-- | files/include.d/CentOS/ssl_defaults.inc | 20 | ||||
-rw-r--r-- | files/include.d/Debian/ssl_defaults.inc | 9 | ||||
-rw-r--r-- | files/include.d/OpenBSD/ssl_defaults.inc | 3 | ||||
-rw-r--r-- | files/include.d/silverstripe.inc | 17 |
4 files changed, 32 insertions, 17 deletions
diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index 5cc663f..7735ebb 100644 --- a/files/include.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc @@ -1,9 +1,3 @@ -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log -LogLevel warn - # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on @@ -11,13 +5,16 @@ SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 +#SSLProtocol all -SSLv2 +SSLProtocol -all +SSLv3 +TLSv1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH +SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If @@ -134,8 +131,5 @@ SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" +# set STS Header +Header add Strict-Transport-Security "max-age=15768000" diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index 3a67cd3..7030ec8 100644 --- a/files/include.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc @@ -11,13 +11,13 @@ SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 +SSLProtocol -all +SSLv3 +TLSv1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 - +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH +SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If @@ -139,3 +139,6 @@ SetEnvIf User-Agent ".*MSIE.*" \ # compact non-error SSL logfile on a virtual host basis. CustomLog /var/log/apache2/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +# set STS Header +Header add Strict-Transport-Security "max-age=15768000" diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc index e7d2c36..67cf36f 100644 --- a/files/include.d/OpenBSD/ssl_defaults.inc +++ b/files/include.d/OpenBSD/ssl_defaults.inc @@ -1,4 +1,5 @@ SSLEngine on -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH SSLCertificateFile /etc/ssl/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key diff --git a/files/include.d/silverstripe.inc b/files/include.d/silverstripe.inc new file mode 100644 index 0000000..40c44e4 --- /dev/null +++ b/files/include.d/silverstripe.inc @@ -0,0 +1,17 @@ +# silverstripe .htaccess +<Files *.ss> + Order deny,allow + Deny from all + #Allow from 127.0.0.1 +</Files> + +<IfModule mod_rewrite.c> + RewriteEngine On + #RewriteBase / + + RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$) + + RewriteCond %{REQUEST_URI} ^(.*)$ + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L] +</IfModule> |