Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-10-08 | introduce a new template style, less duplicated things, more handy options | mh | |
2011-03-18 | we don't need these logfiles in the include | mh | |
2011-02-22 | add STS header in default ssl config | mh | |
2010-12-12 | update to latest secure ssl directives | mh | |
2010-08-17 | correct statement | mh | |
2010-08-16 | fix various missing things for itk_plus mode | mh | |
2010-08-16 | impelement itk plus mode | mh | |
itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances. | |||
2010-06-10 | adjust sslciphersuite to new recommendations | mh | |
2010-01-30 | fix includes to new location | mh | |
2009-12-23 | manage default 'charset' and 'security' configs on Debian | Jerome Charaoui | |
2009-12-23 | move includes in conf.d into include.d | Jerome Charaoui | |
2009-12-23 | organize files in subdirectories per type : 'config' for main apache config; ↵ | Jerome Charaoui | |
'scripts' for extra shell scripts; 'service' for service default parameters. also, manage apache2.conf on Debian. | |||
2009-12-08 | improve Debian support | Jerome Charaoui | |
2009-11-24 | rotate internal apache logs as well | mh | |
2009-05-17 | enable itk in the sysconfig module | mh | |
2009-05-17 | manage sysconfig for itk as well | duritong | |
2009-05-17 | added sysconfig to be managed as well | Marcel | |
2009-03-15 | added default rewrite rules for joomlas | mh | |
2009-02-24 | deny access to git repository folders | mh | |
2008-12-05 | - add index.shtml to default index if we do includ | mh | |
es, as well add +Includes to the directory options if not yet done - removed the security rewrite as it is already in the defaults.inc! - removed the enforcement of mod_security | |||
2008-11-30 | merged with puzzle | mh | |
2008-11-07 | adjusted paths to general style | mh | |
2008-11-07 | made path more default | mh | |
introduced logrotating for apache | |||
2008-11-07 | use rather default shell | mh | |
2008-11-07 | generalized various config styles | mh | |
finished support for openbsd | |||
2008-11-07 | merged with puzzle | mh | |
2008-11-01 | enabled apache for openbsd | mh | |
2008-11-01 | finally fixed VirtualHosts stuff for ssl | mh | |
2008-11-01 | fixed default paths | mh | |
2008-11-01 | tuned ssl for more secure ciphers, hide server signature by default | mh | |
2008-11-01 | merged with puzzle | mh | |
2008-10-25 | merged with puzzle | mh | |
2008-07-26 | factered out the modules of the apache module | mh | |
2008-07-26 | adding name virtualhost for centos | mh | |
2008-05-09 | merged puzzle | mh | |
2008-04-29 | ${operatingsystem} = Gentoo not gentoo | andreas | |
2008-04-29 | new in gentoo, some unused, i.e. equal to default files del. | andreas | |
2008-04-29 | more default files | andreas | |
2008-04-29 | changed the ServerSignature to Off, we don't want to give too much infos | andreas | |
2008-04-29 | modifications1 for /etc/apache2/modules.d | andreas | |
* own directory * see vhosts.d | |||
2008-04-24 | added default centos file and made sources more configurable | mh | |
2008-04-13 | default vhost for centos | mh | |
2008-04-12 | extending apache to centos usage, vhost and crypto stuff on immer8 and class ↵ | mh | |
to enable server-status for munin-plugins, where not yet done | |||
2008-03-23 | merged php into apache | mh | |
2008-03-23 | moved certs to their new-sidewide-default location | mh | |
2008-03-21 | fixed path | mh | |
2008-03-21 | added mod_security-class, and a placeholder for mod_extract_forwarded_for | mh | |
2008-03-08 | korrektur vhosts raufladen (falsche zusammensetzung des file-pfads) | andreas | |