Bläddra i källkod

Clean up Apache SSL configuration

Avoid using the Include directive.  Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
Mike Ashley 9 år sedan
förälder
incheckning
d3abc02f84

+ 1
- 2
roles/blog/templates/etc_apache2_sites-available_blog.j2 Visa fil

@@ -9,8 +9,7 @@
9 9
 <VirtualHost *:443>
10 10
     ServerName {{ domain }}
11 11
     ServerAlias www.{{ domain }}
12
-
13
-    Include /etc/apache2/ssl.conf
12
+    SSLEngine On
14 13
 
15 14
     DocumentRoot            "/var/www/{{ domain }}"
16 15
     DirectoryIndex          index.html

+ 0
- 1
roles/common/files/etc_apache2_conf-available_ssl-stapling-cache.conf Visa fil

@@ -1 +0,0 @@
1
-SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)

roles/common/templates/etc_apache2_ssl.conf.j2 → roles/common/files/etc_apache2_conf-available_ssl.conf Visa fil

@@ -1,8 +1,8 @@
1
-SSLEngine on
2 1
 SSLProtocol ALL -SSLv2 -SSLv3
3 2
 SSLHonorCipherOrder On
4 3
 SSLCompression off
5 4
 SSLUseStapling On
5
+SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)
6 6
 SSLStaplingResponderTimeout 5
7 7
 SSLStaplingReturnResponderErrors off
8 8
 

+ 5
- 17
roles/common/tasks/ssl.yml Visa fil

@@ -43,25 +43,13 @@
43 43
   notify: restart apache
44 44
   when: ansible_distribution_release != 'wheezy'
45 45
 
46
-- name: Add Apache SSL stapling cache configuration
47
-  copy:
48
-    src=etc_apache2_conf-available_ssl-stapling-cache.conf
49
-    dest=/etc/apache2/conf-available/ssl-stapling-cache.conf
46
+- name: Add common Apache SSL config
47
+  copy: src=etc_apache2_conf-available_ssl.conf
48
+    dest=/etc/apache2/conf-available/ssl.conf
50 49
     owner=root
51 50
     group=root
52
-  when: ansible_distribution_release != 'wheezy'
53
-  notify: restart apache
54
-
55
-- name: Enable Apache SSL stapling cache configuration
56
-  command: a2enconf ssl-stapling-cache
57
-    creates=/etc/apache2/conf-enabled/ssl-stapling-cache.conf
58
-  when: ansible_distribution_release != 'wheezy'
59 51
   notify: restart apache
60 52
 
61
-- name: Add common Apache SSL config
62
-  template:
63
-    src=etc_apache2_ssl.conf.j2
64
-    dest=/etc/apache2/ssl.conf
65
-    owner=root
66
-    group=root
53
+- name: Enable Apache SSL config
54
+  command: a2enconf ssl creates=/etc/apache2/conf-enabled/ssl.conf
67 55
   notify: restart apache

+ 1
- 2
roles/git/templates/etc_apache2_sites-available_cgit.j2 Visa fil

@@ -6,10 +6,9 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ cgit_domain }}
9
+    SSLEngine On
9 10
 
10
-    Include /etc/apache2/ssl.conf
11 11
     DocumentRoot /var/www/htdocs/cgit/
12
-
13 12
     <Directory "/var/www/htdocs/cgit/">
14 13
         AllowOverride None
15 14
         Options +ExecCGI

+ 1
- 2
roles/mailserver/templates/etc_apache2_sites-available_autoconfig.j2 Visa fil

@@ -17,8 +17,7 @@
17 17
 
18 18
 <VirtualHost *:443>
19 19
     ServerName {{ mail_server_autoconfig_hostname }}
20
-
21
-    Include /etc/apache2/ssl.conf
20
+    SSLEngine On
22 21
 
23 22
     DocumentRoot            "/var/www/autoconfig"
24 23
     Options                 -Indexes

+ 1
- 2
roles/news/templates/etc_apache2_sites-available_selfoss.j2 Visa fil

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ selfoss_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/selfoss
13 12
     Options                 -Indexes

+ 1
- 2
roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2 Visa fil

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ owncloud_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/owncloud
13 12
     Options                 -Indexes

+ 1
- 2
roles/readlater/templates/etc_apache2_sites-available_wallabag.j2 Visa fil

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ wallabag_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/wallabag
13 12
     Options                 -Indexes

Laddar…
Avbryt
Spara