Browse Source

Clean up Apache SSL configuration

Avoid using the Include directive.  Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
Mike Ashley 9 years ago
parent
commit
d3abc02f84

+ 1
- 2
roles/blog/templates/etc_apache2_sites-available_blog.j2 View File

@@ -9,8 +9,7 @@
9 9
 <VirtualHost *:443>
10 10
     ServerName {{ domain }}
11 11
     ServerAlias www.{{ domain }}
12
-
13
-    Include /etc/apache2/ssl.conf
12
+    SSLEngine On
14 13
 
15 14
     DocumentRoot            "/var/www/{{ domain }}"
16 15
     DirectoryIndex          index.html

+ 0
- 1
roles/common/files/etc_apache2_conf-available_ssl-stapling-cache.conf View File

@@ -1 +0,0 @@
1
-SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)

roles/common/templates/etc_apache2_ssl.conf.j2 → roles/common/files/etc_apache2_conf-available_ssl.conf View File

@@ -1,8 +1,8 @@
1
-SSLEngine on
2 1
 SSLProtocol ALL -SSLv2 -SSLv3
3 2
 SSLHonorCipherOrder On
4 3
 SSLCompression off
5 4
 SSLUseStapling On
5
+SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)
6 6
 SSLStaplingResponderTimeout 5
7 7
 SSLStaplingReturnResponderErrors off
8 8
 

+ 5
- 17
roles/common/tasks/ssl.yml View File

@@ -43,25 +43,13 @@
43 43
   notify: restart apache
44 44
   when: ansible_distribution_release != 'wheezy'
45 45
 
46
-- name: Add Apache SSL stapling cache configuration
47
-  copy:
48
-    src=etc_apache2_conf-available_ssl-stapling-cache.conf
49
-    dest=/etc/apache2/conf-available/ssl-stapling-cache.conf
46
+- name: Add common Apache SSL config
47
+  copy: src=etc_apache2_conf-available_ssl.conf
48
+    dest=/etc/apache2/conf-available/ssl.conf
50 49
     owner=root
51 50
     group=root
52
-  when: ansible_distribution_release != 'wheezy'
53
-  notify: restart apache
54
-
55
-- name: Enable Apache SSL stapling cache configuration
56
-  command: a2enconf ssl-stapling-cache
57
-    creates=/etc/apache2/conf-enabled/ssl-stapling-cache.conf
58
-  when: ansible_distribution_release != 'wheezy'
59 51
   notify: restart apache
60 52
 
61
-- name: Add common Apache SSL config
62
-  template:
63
-    src=etc_apache2_ssl.conf.j2
64
-    dest=/etc/apache2/ssl.conf
65
-    owner=root
66
-    group=root
53
+- name: Enable Apache SSL config
54
+  command: a2enconf ssl creates=/etc/apache2/conf-enabled/ssl.conf
67 55
   notify: restart apache

+ 1
- 2
roles/git/templates/etc_apache2_sites-available_cgit.j2 View File

@@ -6,10 +6,9 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ cgit_domain }}
9
+    SSLEngine On
9 10
 
10
-    Include /etc/apache2/ssl.conf
11 11
     DocumentRoot /var/www/htdocs/cgit/
12
-
13 12
     <Directory "/var/www/htdocs/cgit/">
14 13
         AllowOverride None
15 14
         Options +ExecCGI

+ 1
- 2
roles/mailserver/templates/etc_apache2_sites-available_autoconfig.j2 View File

@@ -17,8 +17,7 @@
17 17
 
18 18
 <VirtualHost *:443>
19 19
     ServerName {{ mail_server_autoconfig_hostname }}
20
-
21
-    Include /etc/apache2/ssl.conf
20
+    SSLEngine On
22 21
 
23 22
     DocumentRoot            "/var/www/autoconfig"
24 23
     Options                 -Indexes

+ 1
- 2
roles/news/templates/etc_apache2_sites-available_selfoss.j2 View File

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ selfoss_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/selfoss
13 12
     Options                 -Indexes

+ 1
- 2
roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2 View File

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ owncloud_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/owncloud
13 12
     Options                 -Indexes

+ 1
- 2
roles/readlater/templates/etc_apache2_sites-available_wallabag.j2 View File

@@ -6,8 +6,7 @@
6 6
 
7 7
 <VirtualHost *:443>
8 8
     ServerName {{ wallabag_domain }}
9
-
10
-    Include /etc/apache2/ssl.conf
9
+    SSLEngine On
11 10
 
12 11
     DocumentRoot            /var/www/wallabag
13 12
     Options                 -Indexes

Loading…
Cancel
Save