From 43328e80a5508e3ee931a7b10a9ca0667081d232 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 24 Apr 2008 15:17:42 +0000 Subject: added default centos file and made sources more configurable --- files/centos/ssl.conf | 13 ++++--------- manifests/init.pp | 5 ++++- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/files/centos/ssl.conf b/files/centos/ssl.conf index f03fc73..647a4a4 100644 --- a/files/centos/ssl.conf +++ b/files/centos/ssl.conf @@ -16,9 +16,6 @@ LoadModule ssl_module modules/mod_ssl.so # the HTTPS port in addition. # Listen 443 -NameVirtualHost *:443 -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" sslcombined -UseCanonicalName On ## ## SSL Global Context @@ -81,7 +78,7 @@ SSLCryptoDevice builtin ## SSL Virtual Host Context ## - + # General setup for the virtual host, inherited from global configuration #DocumentRoot "/var/www/html" @@ -105,22 +102,21 @@ SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW -SSLCipherSuite HIGH:MEDIUM:!ADH:-SSLv2 +SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. -SSLCertificateFile /e/certs/server.crt +SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /e/certs/server.key +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -229,6 +225,5 @@ SetEnvIf User-Agent ".*MSIE.*" \ CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" -ServerSignature off diff --git a/manifests/init.pp b/manifests/init.pp index 40f6c1c..32b4610 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -75,7 +75,10 @@ class apache::centos inherits apache::base{ owner => root, group => 0, mode => 0755; } file{"${config_dir}/conf.d/ssl.conf": - source => "puppet://$server/apache/centos/ssl.conf", + source => [ "puppet://$server/files/apache/centos/${fqdn}/ssl.conf", + "puppet://$server/files/apache/centos/ssl.conf", + "puppet://$server/apache/centos/ssl.conf" + ], owner => root, group => 0, mode => 0755; } apache::vhost::file { '00_default_centos_vhost': } -- cgit v1.2.3