Merge pull request #489 from mikeashley/stapling-fix

Clean up Apache SSL configuration

roles/blog/templates/etc_apache2_sites-available_blog.j2

@@ -9,8 +9,7 @@
 <VirtualHost *:443>
     ServerName {{ domain }}
     ServerAlias www.{{ domain }}
-
-    Include /etc/apache2/ssl.conf
+    SSLEngine On
 
     DocumentRoot            "/var/www/{{ domain }}"
     DirectoryIndex          index.html

roles/common/files/etc_apache2_conf-available_ssl-stapling-cache.conf

@@ -1 +0,0 @@
-SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)

roles/common/templates/etc_apache2_ssl.conf.j2 → roles/common/files/etc_apache2_conf-available_ssl.conf

@@ -1,8 +1,8 @@
-SSLEngine on
 SSLProtocol ALL -SSLv2 -SSLv3
 SSLHonorCipherOrder On
 SSLCompression off
 SSLUseStapling On
+SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 

roles/common/tasks/ssl.yml

@@ -43,25 +43,13 @@
   notify: restart apache
   when: ansible_distribution_release != 'wheezy'
 
-- name: Add Apache SSL stapling cache configuration
-  copy:
-    src=etc_apache2_conf-available_ssl-stapling-cache.conf
-    dest=/etc/apache2/conf-available/ssl-stapling-cache.conf
+- name: Add common Apache SSL config
+  copy: src=etc_apache2_conf-available_ssl.conf
+    dest=/etc/apache2/conf-available/ssl.conf
     owner=root
     group=root
-  when: ansible_distribution_release != 'wheezy'
-  notify: restart apache
-
-- name: Enable Apache SSL stapling cache configuration
-  command: a2enconf ssl-stapling-cache
-    creates=/etc/apache2/conf-enabled/ssl-stapling-cache.conf
-  when: ansible_distribution_release != 'wheezy'
   notify: restart apache
 
-- name: Add common Apache SSL config
-  template:
-    src=etc_apache2_ssl.conf.j2
-    dest=/etc/apache2/ssl.conf
-    owner=root
-    group=root
+- name: Enable Apache SSL config
+  command: a2enconf ssl creates=/etc/apache2/conf-enabled/ssl.conf
   notify: restart apache

roles/git/templates/etc_apache2_sites-available_cgit.j2

@@ -6,10 +6,9 @@
 
 <VirtualHost *:443>
     ServerName {{ cgit_domain }}
+    SSLEngine On
 
-    Include /etc/apache2/ssl.conf
     DocumentRoot /var/www/htdocs/cgit/
-
     <Directory "/var/www/htdocs/cgit/">
         AllowOverride None
         Options +ExecCGI

roles/mailserver/templates/etc_apache2_sites-available_autoconfig.j2

@@ -17,8 +17,7 @@
 
 <VirtualHost *:443>
     ServerName {{ mail_server_autoconfig_hostname }}
-
-    Include /etc/apache2/ssl.conf
+    SSLEngine On
 
     DocumentRoot            "/var/www/autoconfig"
     Options                 -Indexes

roles/news/templates/etc_apache2_sites-available_selfoss.j2

@@ -6,8 +6,7 @@
 
 <VirtualHost *:443>
     ServerName {{ selfoss_domain }}
-
-    Include /etc/apache2/ssl.conf
+    SSLEngine On
 
     DocumentRoot            /var/www/selfoss
     Options                 -Indexes

roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2

@@ -6,8 +6,7 @@
 
 <VirtualHost *:443>
     ServerName {{ owncloud_domain }}
-
-    Include /etc/apache2/ssl.conf
+    SSLEngine On
 
     DocumentRoot            /var/www/owncloud
     Options                 -Indexes

roles/readlater/templates/etc_apache2_sites-available_wallabag.j2

@@ -6,8 +6,7 @@
 
 <VirtualHost *:443>
     ServerName {{ wallabag_domain }}
-
-    Include /etc/apache2/ssl.conf
+    SSLEngine On
 
     DocumentRoot            /var/www/wallabag
     Options                 -Indexes