Commit 3b30d69f authored by Sebastien Robin's avatar Sebastien Robin

enable ssl encryption to see testnode logs with apache

parent 92898889
......@@ -91,6 +91,9 @@ class Recipe(GenericBaseRecipe):
'httpd-error.log'),
access_log=os.path.join(self.options['httpd-log-directory'],
'httpd-access.log'),
certificate=self.options['httpd-cert-file'],
key=self.options['httpd-key-file'],
testnode_log_directory=self.options['log-directory'],
)
config_file = self.createFile(self.options['httpd-conf-file'],
self.substituteTemplate(self.getTemplateFilename('httpd.conf.in'),
......@@ -101,3 +104,7 @@ class Recipe(GenericBaseRecipe):
'slapos.recipe.librecipe.execute.execute',
[self.options['apache-binary'], '-f', config_file, '-DFOREGROUND'])
self.path_list.append(wrapper)
# create empty html page to not allow listing of /
page = open(os.path.join(self.options['log-directory'], "index.html"), "w")
page.write("<html/>")
page.close()
\ No newline at end of file
......@@ -3,7 +3,7 @@
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
Listen [%(ip)s]:%(port)s
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
......@@ -17,13 +17,6 @@ LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
......@@ -40,3 +33,26 @@ LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule autoindex_module modules/mod_autoindex.so
# SSL Configuration
SSLEngine on
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLProxyEngine On
DocumentRoot "%(testnode_log_directory)s"
# Directory protection
<Directory />
Options Indexes FollowSymLinks
IndexOptions FancyIndexing
order allow,deny
Allow from All
</Directory>
\ No newline at end of file
......@@ -12,6 +12,7 @@ parts =
shellinabox
certificate-authority
ca-shellinabox
ca-httpd
[connection-dict]
recipe = slapos.cookbook:publish
......@@ -49,8 +50,10 @@ zip-binary = ${zip:location}/bin/zip
httpd-pid-file = $${basedirectory:run}/httpd.pid
httpd-lock-file = $${basedirectory:run}/httpd.lock
httpd-conf-file = $${rootdirectory:etc}/httpd.conf
httpd-wrapper = $${basedirectory:services}/httpd
httpd-wrapper = $${rootdirectory:bin}/httpd
httpd-log-directory = $${basedirectory:log}
httpd-cert-file = $${rootdirectory:etc}/httpd-public.crt
httpd-key-file = $${rootdirectory:etc}/httpd-private.key
configuration-file = $${rootdirectory:etc}/erp5testnode.cfg
log-file = $${basedirectory:log}/erp5testnode.log
......@@ -118,6 +121,14 @@ wrapper = $${basedirectory:services}/shellinaboxd
key-file = $${shellinabox:key-file}
cert-file = $${shellinabox:cert-file}
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${testnode:httpd-wrapper}
wrapper = $${basedirectory:services}/httpd
key-file = $${testnode:httpd-key-file}
cert-file = $${testnode:httpd-cert-file}
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/
......
......@@ -79,7 +79,7 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-default.cfg
output = ${buildout:directory}/template-default.cfg
mode = 0644
md5sum = 15e9333279626b5e8364344320573043
md5sum = ea103e4b563cf3ab88614fa19249359d
[networkcache]
# signature certificates of the following uploaders.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment