Projects
jsj
jsj-installtools
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 103
View file
jsj-installtools.changes
Changed
@@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu Feb 16 12:42:10 UTC 2023 - Stefan Botter <obs@botter.cc> + +- add better vhost templates for use with PrepareApacheConfig +- add dhparam.pem and ssl stapling template +- change call to PrepareApacheConfig in CreateConfig + +------------------------------------------------------------------- Thu Feb 16 11:20:25 UTC 2023 - Stefan Botter <obs@botter.cc> - fix PrepareApacheConfig: logrotate config, remove duplicate
View file
000-ssl-stapling.conf
Added
@@ -0,0 +1,6 @@ +<IfDefine SSL> + <IfDefine !NOSSL> + SSLUseStapling on + SSLStaplingCache "shmcb:logs/stapling-cache(150000)" + </IfDefine> +</IfDefine>
View file
CreateConfig
Changed
@@ -54,6 +54,7 @@ jsj) ;; hsbhv) ;; hsb) ;; + bb) ;; *) echo LOC $LOC not yet defined!; exit 1;; esac ;; @@ -99,7 +100,7 @@ echo $? echo echo PrepareApacheConfig $APACHEHOST - /usr/share/jsjinstalltools/PrepareApacheConfig $APACHEHOST $SHOST + /usr/share/jsjinstalltools/PrepareApacheConfig -h $APACHEHOST ${SHOST:+-s} -l $LOC echo $? echo if $FTPD = 1 ; then
View file
PrepareApacheConfig
Changed
@@ -1,17 +1,31 @@ #!/bin/bash -HOSTNAME=$1 -SHOST=$2 +HOSTNAME="" +SHOST="" +LOC=jsj JSJSHARE="/usr/share/jsjinstalltools" . /usr/share/jsjinstalltools/GetVersion +while $1"_" \! _ ; do + case $1 in + "-h") HOSTNAME=$2; shift; shift;; + "-s") SHOST="s"; shift;; + "-l") LOC=$2; shift; shift;; + *) echo "call: $0 -h <hostname>"; + echo " -l <location:jsj>"; + echo " -s"; + exit 1;; + esac +done if -z $HOSTNAME ; then - echo call: $0 hostname + echo call: $0 -h hostname exit 1 fi -if -z $SHOST ; then - SHOST="" -else - SHOST="s" -fi +case $LOC in + jsj) DOMAIN=botter.cc;; + hsbhv) DOMAIN=hs-bremerhaven.de;; + hsb) DOMAIN=fbw.hs-bremen.de;; + bb) DOMAIN=bremische-buergerschaft.de;; + *) echo Variante $VAR nicht vorgesehen, bitte prüfen!; exit;; +esac echo $HOSTNAME zypper -n in -l phpMyAdmin for h in $HOSTNAME s$HOSTNAME; do @@ -31,10 +45,12 @@ mv $TEMPFILE /etc/apache2/listen.conf chmod 644 /etc/apache2/listen.conf fi -if -f $JSJSHARE/vhost.conf ; then - sed -e "s/HOSTNAME/$HOSTNAME/" < $JSJSHARE/vhost.conf > /etc/apache2/vhosts.d/$HOSTNAME.conf +if -f $JSJSHARE/vhost.conf -a -f $JSJSHARE/vhost-ssl.conf ; then + sed -e "s/HOSTNAME/$HOSTNAME/" -e "s/DOMAINNAME/$DOMAIN/" < $JSJSHARE/vhost-ssl.conf > /etc/apache2/vhosts.d/$HOSTNAME.conf + cp $JSJSHARE/dhcparam.pem /etc/ssl/ + cp $JSJSHARE/000-ssl-stapling.conf /etc/apache2/vhosts.d/ if x$SHOST = xs ; then - sed -e "s/HOSTNAME/s$HOSTNAME/" < $JSJSHARE/vhost.conf > /etc/apache2/vhosts.d/s$HOSTNAME.conf + sed -e "s/HOSTNAME/s$HOSTNAME/" -e "s/DOMAINNAME/$DOMAIN/" < $JSJSHARE/vhost.conf > /etc/apache2/vhosts.d/s$HOSTNAME.conf fi if ${VERSION_ID%%.*} -ge 13 ; then sed -i -e '/^ *Order .*allow/ i\ \ \ \ \ \ \ \ Require all granted' \
View file
dhparam.pem
Added
@@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA3Lu5k5zd1CHcFUiLJ7+mSUe4x27hbRt4nMKgooo/DR4f5hFek0jS +IBRxsek/lbU6h7oL+TdrIjj9aT69hi+tf+DhcCoWzR7qkghZpUdkZJkQvgft7/76 +RYA6mjF0C8ADb9TK1Wof5NxZ+Ylu8/pGHFmN5bsfBk0XVvu3TSB+8pB5Sj52zJhH +wzxHD6HHq5FJ+RVcNim8f7LtezlZgTGW72FpcZm7Uq8NYMmVKCQ7LYqwL7UN/Y/B +HhOaz0PmK3pXoGmsc1CNuThgvyva51Lk6gahMYaPEkiieaW9TbXL0bOyVJY3MoCK +rytcDrLKMEBYYHq+cUf9qb+5/IMKkNw5xGetx/Ydr5EJ4okEsniH8XkTHOU90Y6v +XKQyuu0MqFZNVhkHa8WupOPJ35JRgWe5t3tNIu4SMTe6yUPHi59EgE5ZRec21KTF +RJ1Sy+zipfEE/xJvVu041fOQkiSc/6ZlYnOQ0Cvn41/qyg9yhuTPqmVyg5XQfpi2 +695FIaKp4R5342eP6nVcwLDKvwlvuY0UvZ3CZrskyfWKylRFE4vuaq4WiDooXpdY +YJg5fdDwsv7HhyN1OheDOHOYSRryFUSVGfKmiugECpBt6zPf18qutFbCvCiHjLwG +zo8xqQGI68Wjz8TQbqB1EK9oOCoKzl9a3T0gY3nlRazWfORvgqHYk0sCAQI= +-----END DH PARAMETERS-----
View file
vhost-ssl.conf
Added
@@ -0,0 +1,60 @@ +<VirtualHost *:80> + ServerAdmin vmadmin@local + ServerName HOSTNAME.DOMAINNAME + DocumentRoot /srv/www/HOSTNAME/htdocs/ + ErrorLog /var/log/apache2/HOSTNAME-error_log + CustomLog /var/log/apache2/HOSTNAME-access_log combined + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} L,R,NE +</VirtualHost> +<IfDefine SSL> +<IfDefine !NOSSL> +<VirtualHost *:443> + ServerName HOSTNAME.DOMAINNAME + DocumentRoot /srv/www/HOSTNAME/htdocs/ + ErrorLog /var/log/apache2/HOSTNAME-error_log + CustomLog /var/log/apache2/HOSTNAME-access_log combined + CustomLog /var/log/apache2/ssl_request_log ssl_combined + SSLEngine on + SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + SSLHonorCipherOrder on + SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem" + <IfModule mod_headers.c> + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + Header always set X-Frame-Options SAMEORIGIN + Header always set X-Content-Type-Options nosniff + </IfModule> + # Requires Apache >= 2.4 + SSLCompression off + # Requires Apache >= 2.4.11 + SSLSessionTickets Off + SSLCertificateFile /etc/apache2/ssl.crt/HOSTNAME.DOMAINNAME.fullchain.pem + SSLCertificateKeyFile /etc/apache2/ssl.key/HOSTNAME.DOMAINNAME.key + <Files ~ "\.(cgi|shtml|phtml|php3?)$"> + SSLOptions +StdEnvVars + </Files> + <Directory "/srv/www/cgi-bin"> + AllowOverride None + Options +ExecCGI -Includes + SSLOptions +StdEnvVars + Require all granted + </Directory> + <IfModule mod_userdir.c> + UserDir public_html + Include /etc/apache2/mod_userdir.conf + </IfModule> + <Directory "/srv/www/HOSTNAME/htdocs"> + Options -Indexes -FollowSymLinks + AllowOverride None + Require all granted + </Directory> + Alias /PM/ /srv/www/htdocs/phpMyAdmin/ +</VirtualHost> +</IfDefine> +</IfDefine> +
View file
vhost.conf
Changed
@@ -1,6 +1,6 @@ <VirtualHost *:80> - ServerAdmin vmadmin@botter.cc - ServerName HOSTNAME.botter.cc + ServerAdmin vmadmin@local + ServerName HOSTNAME.DOMAINNAME DocumentRoot /srv/www/HOSTNAME/htdocs/ ErrorLog /var/log/apache2/HOSTNAME-error_log CustomLog /var/log/apache2/HOSTNAME-access_log combined @@ -25,6 +25,5 @@ Order allow,deny Allow from all </Directory> - #Alias /tmp/ /srv/www/htdocs/tmp/ Alias /PM/ /srv/www/htdocs/phpMyAdmin/ </VirtualHost>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.