Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Aurélien Vermylen
slapos
Commits
399ac485
Commit
399ac485
authored
Jun 24, 2015
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: update security settings
parent
435dd59d
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
12 additions
and
15 deletions
+12
-15
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+3
-3
software/apache-frontend/templates/000.conf.in
software/apache-frontend/templates/000.conf.in
+3
-4
software/apache-frontend/templates/apache_cached.conf.in
software/apache-frontend/templates/apache_cached.conf.in
+4
-4
software/apache-frontend/templates/default-virtualhost.conf.in
...are/apache-frontend/templates/default-virtualhost.conf.in
+2
-4
No files found.
software/apache-frontend/common.cfg
View file @
399ac485
...
...
@@ -102,7 +102,7 @@ mode = 640
[template-apache-cached-configuration]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache_cached.conf.in
md5sum =
0c4393db80670daf18b432b7f07383e9
md5sum =
116271eafe80309a99203fd8a11a4558
mode = 640
[template-rewrite-cached]
...
...
@@ -127,13 +127,13 @@ mode = 640
[template-default-virtualhost]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/000.conf.in
md5sum =
ed1b680e31e30596bf051682ec0270b4
md5sum =
d98a01182f38868612948c87d5231428
mode = 640
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum = 5
463dd67f1b1bea0bee57a421e371dd0
md5sum = 5
dbfd59f9316b8a629f9f098a1cc1c72
mode = 640
[template-log-access]
...
...
software/apache-frontend/templates/000.conf.in
View file @
399ac485
...
...
@@ -2,16 +2,15 @@
ServerName www.example.org
SSLEngine on
SSLProxyEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
ErrorDocument 404 /notfound.html
</VirtualHost>
...
...
software/apache-frontend/templates/apache_cached.conf.in
View file @
399ac485
...
...
@@ -105,9 +105,10 @@ SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
...
...
@@ -119,7 +120,6 @@ SSLProxyCheckPeerExpire off
<VirtualHost *:{{ cached_port }}>
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
...
...
software/apache-frontend/templates/default-virtualhost.conf.in
View file @
399ac485
...
...
@@ -16,8 +16,8 @@
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCipherSuite
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
...
...
@@ -38,7 +38,6 @@
CustomLog "{{ slave_parameter.get('access_log') }}" combined
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
...
...
@@ -90,7 +89,6 @@
SSLProxyEngine on
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyTimeout 600
RewriteEngine On
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment