summaryrefslogtreecommitdiff
path: root/files
AgeCommit message (Collapse)Author
2014-11-15sni: make ssl_cert configurable per vhosto
to support sni we configure ssl_certs on a vhost basis. additionally this commit introduces a generic configuration hash which will be used to replace most other parameters in the future.
2014-10-16disable SSLv3o
2014-07-18make our autoconfig setup publicmh
2013-04-25Merge commit 'dafb060'Micah Anderson
Conflicts: manifests/debian.pp
2013-04-12Merge remote-tracking branch 'immerda/master'Micah Anderson
Fixed apache_no_default_site variable to be a parameter to the apache class (no_default_site = false) Conflicts: files/include.d/Debian/ssl_defaults.inc manifests/base.pp manifests/config/file.pp manifests/vhost.pp manifests/vhost/php/standard.pp manifests/vhost/template.pp templates/vhosts/php/CentOS.erb templates/vhosts/php/Debian.erb
2013-02-28add munin plugin to this modulemh
2012-11-04Merge branch 'master' of git://labs.riseup.net/shared-apachevarac
2012-11-04added wheezy apache2.confvarac
2012-10-30Update default apache2.conf for Debian using packaged versionJerome Charaoui
2012-03-07Add default vhost files for DebianGabriel Filion
Taken from a Debian Squeeze install of Apache. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-10-13add worker related config filesmh
2011-10-08introduce a new template style, less duplicated things, more handy optionsmh
2011-03-18we don't need these logfiles in the includemh
2011-02-22add STS header in default ssl configmh
2010-12-12update to latest secure ssl directivesmh
2010-08-17correct statementmh
2010-08-16fix various missing things for itk_plus modemh
2010-08-16impelement itk plus modemh
itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances.
2010-06-10adjust sslciphersuite to new recommendationsmh
2010-02-15fix log path in include.d/Debian/ssl_defaults.incJerome Charaoui
2010-02-03add global ssl.conf file on Debian to provide NameVirtualHost directiveJerome Charaoui
2010-02-03fix incomplete file include.d/Debian/ssl_defaults.incJerome Charaoui
2010-02-03provide ssl defaults for vhosts under Debian (copied from CentOS config)Jerome Charaoui
2010-01-30fix includes to new locationmh
2009-12-23manage default 'charset' and 'security' configs on DebianJerome Charaoui
2009-12-23move includes in conf.d into include.dJerome Charaoui
2009-12-23organize files in subdirectories per type : 'config' for main apache config; ↵Jerome Charaoui
'scripts' for extra shell scripts; 'service' for service default parameters. also, manage apache2.conf on Debian.
2009-12-08improve Debian supportJerome Charaoui
2009-11-24rotate internal apache logs as wellmh
2009-05-17enable itk in the sysconfig modulemh
2009-05-17manage sysconfig for itk as wellduritong
2009-05-17added sysconfig to be managed as wellMarcel
2009-03-15added default rewrite rules for joomlasmh
2009-02-24deny access to git repository foldersmh
2008-12-05- add index.shtml to default index if we do includmh
es, as well add +Includes to the directory options if not yet done - removed the security rewrite as it is already in the defaults.inc! - removed the enforcement of mod_security
2008-11-30merged with puzzlemh
2008-11-07adjusted paths to general stylemh
2008-11-07made path more defaultmh
introduced logrotating for apache
2008-11-07use rather default shellmh
2008-11-07generalized various config stylesmh
finished support for openbsd
2008-11-07merged with puzzlemh
2008-11-01enabled apache for openbsdmh
2008-11-01finally fixed VirtualHosts stuff for sslmh
2008-11-01fixed default pathsmh
2008-11-01tuned ssl for more secure ciphers, hide server signature by defaultmh
2008-11-01merged with puzzlemh
2008-10-25merged with puzzlemh
2008-07-26factered out the modules of the apache modulemh
2008-07-26adding name virtualhost for centosmh
2008-05-09merged puzzlemh