Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
isaak yansane-sisk
slapos
Commits
399ac485
Commit
399ac485
authored
Jun 24, 2015
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apache-frontend: update security settings
parent
435dd59d
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
12 additions
and
15 deletions
+12
-15
software/apache-frontend/common.cfg
software/apache-frontend/common.cfg
+3
-3
software/apache-frontend/templates/000.conf.in
software/apache-frontend/templates/000.conf.in
+3
-4
software/apache-frontend/templates/apache_cached.conf.in
software/apache-frontend/templates/apache_cached.conf.in
+4
-4
software/apache-frontend/templates/default-virtualhost.conf.in
...are/apache-frontend/templates/default-virtualhost.conf.in
+2
-4
No files found.
software/apache-frontend/common.cfg
View file @
399ac485
...
@@ -102,7 +102,7 @@ mode = 640
...
@@ -102,7 +102,7 @@ mode = 640
[template-apache-cached-configuration]
[template-apache-cached-configuration]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/apache_cached.conf.in
url = ${:_profile_base_location_}/templates/apache_cached.conf.in
md5sum =
0c4393db80670daf18b432b7f07383e9
md5sum =
116271eafe80309a99203fd8a11a4558
mode = 640
mode = 640
[template-rewrite-cached]
[template-rewrite-cached]
...
@@ -127,13 +127,13 @@ mode = 640
...
@@ -127,13 +127,13 @@ mode = 640
[template-default-virtualhost]
[template-default-virtualhost]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/000.conf.in
url = ${:_profile_base_location_}/templates/000.conf.in
md5sum =
ed1b680e31e30596bf051682ec0270b4
md5sum =
d98a01182f38868612948c87d5231428
mode = 640
mode = 640
[template-default-slave-virtualhost]
[template-default-slave-virtualhost]
recipe = slapos.recipe.build:download
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
url = ${:_profile_base_location_}/templates/default-virtualhost.conf.in
md5sum = 5
463dd67f1b1bea0bee57a421e371dd0
md5sum = 5
dbfd59f9316b8a629f9f098a1cc1c72
mode = 640
mode = 640
[template-log-access]
[template-log-access]
...
...
software/apache-frontend/templates/000.conf.in
View file @
399ac485
...
@@ -2,16 +2,15 @@
...
@@ -2,16 +2,15 @@
ServerName www.example.org
ServerName www.example.org
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Rewrite part
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
ErrorDocument 404 /notfound.html
ErrorDocument 404 /notfound.html
</VirtualHost>
</VirtualHost>
...
...
software/apache-frontend/templates/apache_cached.conf.in
View file @
399ac485
...
@@ -105,9 +105,10 @@ SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
...
@@ -105,9 +105,10 @@ SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLSessionCacheTimeout 300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLHonorCipherOrder on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
</FilesMatch>
</FilesMatch>
...
@@ -119,7 +120,6 @@ SSLProxyCheckPeerExpire off
...
@@ -119,7 +120,6 @@ SSLProxyCheckPeerExpire off
<VirtualHost *:{{ cached_port }}>
<VirtualHost *:{{ cached_port }}>
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
...
...
software/apache-frontend/templates/default-virtualhost.conf.in
View file @
399ac485
...
@@ -16,8 +16,8 @@
...
@@ -16,8 +16,8 @@
SSLEngine on
SSLEngine on
SSLProxyEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLCipherSuite
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
{% set ssl_configuration_list = [('SSLCertificateFile', 'path_to_ssl_crt'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
('SSLCertificateKeyFile', 'path_to_ssl_key'),
...
@@ -38,7 +38,6 @@
...
@@ -38,7 +38,6 @@
CustomLog "{{ slave_parameter.get('access_log') }}" combined
CustomLog "{{ slave_parameter.get('access_log') }}" combined
# Rewrite part
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
...
@@ -90,7 +89,6 @@
...
@@ -90,7 +89,6 @@
SSLProxyEngine on
SSLProxyEngine on
# Rewrite part
# Rewrite part
ProxyVia On
ProxyPreserveHost On
ProxyPreserveHost On
ProxyTimeout 600
ProxyTimeout 600
RewriteEngine On
RewriteEngine On
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment