thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Improved apache SSL config, and disabled directory index

Luke Cyca 11 years ago
parent
d40d95a210
commit
d5b2d7ade0
2 changed files with 9 additions and 2 deletions
Split View Show Diff Stats
  1. 5
    1
      roles/blog/templates/etc_apache2_sites-available_blog.j2
  2. 4
    1
      roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2

+ 5
- 1
roles/blog/templates/etc_apache2_sites-available_blog.j2 View File 

@@ -14,7 +14,9 @@ NameVirtualHost *:443
14 14 
     ServerAlias www.{{ blog_domain }}
15 15
16 16 
     SSLEngine on
17 
-    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
17 
+    SSLProtocol ALL -SSLv2
18 
+    SSLHonorCipherOrder On
19 
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
18 20
19 21 
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
20 22 
     SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
 
@@ -22,5 +24,7 @@ NameVirtualHost *:443
22 24
23 25 
     DocumentRoot            "/var/www/{{ blog_domain }}"
24 26 
     DirectoryIndex          index.html
27 
+    Options                 -Indexes
28 
+
25 29 
     HostnameLookups         Off
26 30 
 </VirtualHost>

+ 4
- 1
roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2 View File 

@@ -4,13 +4,16 @@ NameVirtualHost *:443
4 4 
     ServerName {{ owncloud_domain }}
5 5
6 6 
     SSLEngine on
7 
-    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
7 
+    SSLProtocol ALL -SSLv2
8 
+    SSLHonorCipherOrder On
9 
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
8 10
9 11 
     SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
10 12 
     SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
11 13 
     SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
12 14
13 15 
     DocumentRoot            /var/www/owncloud
16 
+    Options                 -Indexes
14 17
15 18 
     ErrorLog                /var/log/apache2/owncloud.info-error_log
16 19 
     CustomLog               /var/log/apache2/owncloud.info-access_log common

Write Preview
Loading…
Cancel
Save