Merge remote-tracking branch 'immerda/master'

Fixed apache_no_default_site variable to be a parameter to the apache
class (no_default_site = false)

Conflicts:
	files/include.d/Debian/ssl_defaults.inc
	manifests/base.pp
	manifests/config/file.pp
	manifests/vhost.pp
	manifests/vhost/php/standard.pp
	manifests/vhost/template.pp
	templates/vhosts/php/CentOS.erb
	templates/vhosts/php/Debian.erb

4 files changed, 32 insertions, 17 deletions

diff --git a/files/include.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc
index 5cc663f..7735ebb 100644
--- a/files/include.d/CentOS/ssl_defaults.inc
+++ b/files/include.d/CentOS/ssl_defaults.inc
@@ -1,9 +1,3 @@
-# Use separate log files for the SSL virtual host; note that LogLevel
-# is not inherited from httpd.conf.
-ErrorLog logs/ssl_error_log
-TransferLog logs/ssl_access_log
-LogLevel warn
-
 #   SSL Engine Switch:
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
@@ -11,13 +5,16 @@ SSLEngine on
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
 # connect.  Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
+#SSLProtocol all -SSLv2
+SSLProtocol -all +SSLv3 +TLSv1
 
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
 
+SSLHonorCipherOrder on
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
@@ -134,8 +131,5 @@ SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
 
-#   Per-Server Logging:
-#   The home of a custom SSL log file. Use this when you want a
-#   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+# set STS Header
+Header add Strict-Transport-Security "max-age=15768000"
diff --git a/files/include.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc
index 3a67cd3..7030ec8 100644
--- a/files/include.d/Debian/ssl_defaults.inc
+++ b/files/include.d/Debian/ssl_defaults.inc
@@ -11,13 +11,13 @@ SSLEngine on
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
 # connect.  Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
+SSLProtocol -all +SSLv3 +TLSv1
 
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
-
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+SSLHonorCipherOrder on
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If
@@ -139,3 +139,6 @@ SetEnvIf User-Agent ".*MSIE.*" \
 #   compact non-error SSL logfile on a virtual host basis.
 CustomLog /var/log/apache2/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+# set STS Header
+Header add Strict-Transport-Security "max-age=15768000"
diff --git a/files/include.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc
index e7d2c36..67cf36f 100644
--- a/files/include.d/OpenBSD/ssl_defaults.inc
+++ b/files/include.d/OpenBSD/ssl_defaults.inc
@@ -1,4 +1,5 @@
 SSLEngine on
-SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+#SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
 SSLCertificateFile    /etc/ssl/server.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key
diff --git a/files/include.d/silverstripe.inc b/files/include.d/silverstripe.inc
new file mode 100644
index 0000000..40c44e4
--- /dev/null
+++ b/files/include.d/silverstripe.inc
@@ -0,0 +1,17 @@
+# silverstripe .htaccess
+<Files *.ss>
+  Order deny,allow
+  Deny from all
+  #Allow from 127.0.0.1
+</Files>
+
+<IfModule mod_rewrite.c>
+  RewriteEngine On
+  #RewriteBase /
+
+  RewriteCond %{REQUEST_URI} !(\.gif$)|(\.jpg$)|(\.png$)|(\.css$)|(\.js$)
+
+  RewriteCond %{REQUEST_URI} ^(.*)$
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
+</IfModule>