diff options
author | Micah Anderson <micah@riseup.net> | 2013-04-12 13:23:29 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-04-12 14:37:28 -0400 |
commit | 115691c87bad3f5863f088e73603133b67c9f828 (patch) | |
tree | bbfd7b5c0d0c220ef3e52eb25acd4595a46b85d0 /files/itk_plus/conf.d/CentOS/ssl.conf | |
parent | 2401aae6c4785c1e6a777756bebe70c38b889727 (diff) | |
parent | 5ec141dfbf218dd9b2f2611d788db98f74e65073 (diff) |
Merge remote-tracking branch 'immerda/master'
Fixed apache_no_default_site variable to be a parameter to the apache
class (no_default_site = false)
Conflicts:
files/include.d/Debian/ssl_defaults.inc
manifests/base.pp
manifests/config/file.pp
manifests/vhost.pp
manifests/vhost/php/standard.pp
manifests/vhost/template.pp
templates/vhosts/php/CentOS.erb
templates/vhosts/php/Debian.erb
Diffstat (limited to 'files/itk_plus/conf.d/CentOS/ssl.conf')
-rw-r--r-- | files/itk_plus/conf.d/CentOS/ssl.conf | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/files/itk_plus/conf.d/CentOS/ssl.conf b/files/itk_plus/conf.d/CentOS/ssl.conf new file mode 100644 index 0000000..fb0c915 --- /dev/null +++ b/files/itk_plus/conf.d/CentOS/ssl.conf @@ -0,0 +1,75 @@ +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +LoadModule ssl_module modules/mod_ssl.so + +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +NameVirtualHost *:443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex default + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec |