Merge remote-tracking branch 'immerda/master'

1 files changed, 0 insertions, 200 deletions

diff --git a/files/vhosts.d/Gentoo/0-default_ssl.conf b/files/vhosts.d/Gentoo/0-default_ssl.conf
deleted file mode 100644
index a123de8..0000000
--- a/files/vhosts.d/Gentoo/0-default_ssl.conf
+++ /dev/null
@@ -1,200 +0,0 @@
-############################################################
-#### this file is managed by PUPPET                     ####
-#### only modify in svn or you will loose the changes ! ####
-############################################################
-<IfDefine SSL>
-<IfDefine SSL_DEFAULT_VHOST>
-<IfModule ssl_module>
-# see bug #178966 why this is in here
-
-# When we also provide SSL we have to listen to the HTTPS port
-# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
-Listen 443
-NameVirtualHost *:443
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" sslcombined
-UseCanonicalName On
-
-<VirtualHost _default_:443>
-	Include /etc/apache2/vhosts.d/default_vhost.include
-	ErrorLog /var/log/apache2/ssl_error_log
-
-	<IfModule log_config_module>
-		TransferLog /var/log/apache2/ssl_access_log
-	</IfModule>
-
-	## SSL Engine Switch:
-	# Enable/Disable SSL for this virtual host.
-	SSLEngine on
-
-	## SSL Cipher Suite:
-	# List the ciphers that the client is permitted to negotiate.
-	# See the mod_ssl documentation for a complete list.
-	#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-    #SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2
-    SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH
- 
-    SSLCertificateFile /e/certs/server.crt
-    SSLCertificateKeyFile /e/certs/server.key
-    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
-        SSLOptions +StdEnvVars
-    </Files>
-
-    RewriteEngine on
-      RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
-      RewriteRule .* - [F]
-    ServerSignature Off
-
-	## Server Certificate:
-	# Point SSLCertificateFile at a PEM encoded certificate. If the certificate
-	# is encrypted, then you will be prompted for a pass phrase. Note that a 
-	# kill -HUP will prompt again. Keep in mind that if you have both an RSA
-	# and a DSA certificate you can configure both in parallel (to also allow
-	# the use of DSA ciphers, etc.)
-	#SSLCertificateFile /etc/apache2/ssl/server.crt
-	#SSLCertificateFile /etc/apache2/ssl/server-dsa.crt
-	
-	## Server Private Key:
-	# If the key is not combined with the certificate, use this directive to
-	# point at the key file. Keep in mind that if you've both a RSA and a DSA
-	# private key you can configure both in parallel (to also allow the use of
-	# DSA ciphers, etc.)
-	#SSLCertificateKeyFile /etc/apache2/ssl/server.key
-	#SSLCertificateKeyFile /etc/apache2/ssl/server-dsa.key
-	
-	## Server Certificate Chain:
-	# Point SSLCertificateChainFile at a file containing the concatenation of 
-	# PEM encoded CA certificates which form the certificate chain for the
-	# server certificate. Alternatively the referenced file can be the same as
-	# SSLCertificateFile when the CA certificates are directly appended to the
-	# server certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl/ca.crt
-	
-	## Certificate Authority (CA):
-	# Set the CA certificate verification path where to find CA certificates
-	# for client authentication or alternatively one huge file containing all
-	# of them (file must be PEM encoded).
-	# Note: Inside SSLCACertificatePath you need hash symlinks to point to the
-	# certificate files. Use the provided Makefile to update the hash symlinks
-	# after changes.
-	#SSLCACertificatePath /etc/apache2/ssl/ssl.crt
-	#SSLCACertificateFile /etc/apache2/ssl/ca-bundle.crt
-	
-	## Certificate Revocation Lists (CRL):
-	# Set the CA revocation path where to find CA CRLs for client authentication
-	# or alternatively one huge file containing all of them (file must be PEM 
-	# encoded).
-	# Note: Inside SSLCARevocationPath you need hash symlinks to point to the
-	# certificate files. Use the provided Makefile to update the hash symlinks
-	# after changes.
-	#SSLCARevocationPath /etc/apache2/ssl/ssl.crl
-	#SSLCARevocationFile /etc/apache2/ssl/ca-bundle.crl
-	
-	## Client Authentication (Type):
-	# Client certificate verification type and depth. Types are none, optional,
-	# require and optional_no_ca. Depth is a number which specifies how deeply
-	# to verify the certificate issuer chain before deciding the certificate is
-	# not valid.
-	#SSLVerifyClient require
-	#SSLVerifyDepth  10
-	
-	## Access Control:
-	# With SSLRequire you can do per-directory access control based on arbitrary
-	# complex boolean expressions containing server variable checks and other
-	# lookup directives. The syntax is a mixture between C and Perl. See the
-	# mod_ssl documentation for more details.
-	#<Location />
-	#	#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-	#	and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-	#	and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-	#	and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-	#	and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-	#	or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-	#</Location>
-
-	## SSL Engine Options:
-	# Set various options for the SSL engine.
-
-	## FakeBasicAuth:
-	# Translate the client X.509 into a Basic Authorisation. This means that the
-	# standard Auth/DBMAuth methods can be used for access control. The user 
-	# name is the `one line' version of the client's X.509 certificate. 
-	# Note that no password is obtained from the user. Every entry in the user 
-	# file needs this password: `xxj31ZMTZzkVA'.
-	
-	## ExportCertData:
-	# This exports two additional environment variables: SSL_CLIENT_CERT and 
-	# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
-	# (always existing) and the client (only existing when client 
-	# authentication is used). This can be used to import the certificates into
-	# CGI scripts.
-	
-	## StdEnvVars:
-	# This exports the standard SSL/TLS related `SSL_*' environment variables. 
-	# Per default this exportation is switched off for performance reasons, 
-	# because the extraction step is an expensive operation and is usually 
-	# useless for serving static content. So one usually enables the exportation
-	# for CGI and SSI requests only.
-
-	## StrictRequire:
-	# This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
-	# a "Satisfy any" situation, i.e. when it applies access is denied and no
-	# other module can change it.
-
-	## OptRenegotiate:
-	# This enables optimized SSL connection renegotiation handling when SSL 
-	# directives are used in per-directory context.
-	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-	<FilesMatch "\.(cgi|shtml|phtml|php)$">
-		SSLOptions +StdEnvVars
-	</FilesMatch>
-
-	<Directory "/var/www/localhost/cgi-bin">
-		SSLOptions +StdEnvVars
-	</Directory>
-
-	## SSL Protocol Adjustments:
-	# The safe and default but still SSL/TLS standard compliant shutdown
-	# approach is that mod_ssl sends the close notify alert but doesn't wait
-	# for the close notify alert from client. When you need a different
-	# shutdown approach you can use one of the following variables:
-
-	## ssl-unclean-shutdown:
-	# This forces an unclean shutdown when the connection is closed, i.e. no
-	# SSL close notify alert is send or allowed to received.  This violates the
-	# SSL/TLS standard but is needed for some brain-dead browsers. Use this when
-	# you receive I/O errors because of the standard approach where mod_ssl
-	# sends the close notify alert.
-
-	## ssl-accurate-shutdown:
-	# This forces an accurate shutdown when the connection is closed, i.e. a
-	# SSL close notify alert is send and mod_ssl waits for the close notify
-	# alert of the client. This is 100% SSL/TLS standard compliant, but in
-	# practice often causes hanging connections with brain-dead browsers. Use
-	# this only for browsers where you know that their SSL implementation works
-	# correctly. 
-	# Notice: Most problems of broken clients are also related to the HTTP 
-	# keep-alive facility, so you usually additionally want to disable 
-	# keep-alive for those clients, too. Use variable "nokeepalive" for this.
-	# Similarly, one has to force some clients to use HTTP/1.0 to workaround
-	# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-	# "force-response-1.0" for this.
-	<IfModule setenvif_module>
-		BrowserMatch ".*MSIE.*" \
-			nokeepalive ssl-unclean-shutdown \
-			downgrade-1.0 force-response-1.0
-	</IfModule>
-
-	## Per-Server Logging:
-	# The home of a custom SSL log file. Use this when you want a compact 
-	# non-error SSL logfile on a virtual host basis.
-	<IfModule log_config_module>
-		CustomLog /var/log/apache2/ssl_request_log \
-			"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-	</IfModule>
-</VirtualHost>
-</IfModule>
-</IfDefine>
-</IfDefine>
-
-# vim: ts=4 filetype=apache