Projects
jsj
jsj-installtools
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 108
View file
jsj-installtools.changes
Changed
@@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Tue Feb 28 14:25:57 UTC 2023 - Stefan Botter <obs@botter.cc> + +- add permissions in vhost-ssl for non-SSL virtual host for + accessing .well-known +- add vhost-ssl-proxy template for proxy virtual host + +------------------------------------------------------------------- Fri Feb 17 08:40:39 UTC 2023 - Stefan Botter <obs@botter.cc> - automatically add headers and rewrite modules to the
View file
vhost-ssl-proxy.conf
Added
@@ -0,0 +1,75 @@ +<VirtualHost *:80> + ServerAdmin vmadmin@local + ServerName HOSTNAME.DOMAINNAME + DocumentRoot /srv/www/HOSTNAME/htdocs/ + ErrorLog /var/log/apache2/HOSTNAME-error_log + CustomLog /var/log/apache2/HOSTNAME-access_log combined + HostnameLookups Off + UseCanonicalName Off + ServerSignature On + <ifmodule mod_rewrite.c> + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} !^/\.well\-known/ + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} L,R,NE + </ifmodule> + <Directory "/srv/www/HOSTNAME/htdocs"> + Options -Indexes -FollowSymLinks + AllowOverride None + Require all granted + </Directory> +</VirtualHost> +<IfDefine SSL> +<IfDefine !NOSSL> +<VirtualHost *:443> + ServerName HOSTNAME.DOMAINNAME + DocumentRoot /srv/www/HOSTNAME/htdocs/ + ErrorLog /var/log/apache2/HOSTNAME-error_log + CustomLog /var/log/apache2/HOSTNAME-access_log combined + CustomLog /var/log/apache2/ssl_request_log ssl_combined + SSLEngine on + SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + SSLHonorCipherOrder on + SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem" + <IfModule mod_headers.c> + Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + Header always set X-Frame-Options SAMEORIGIN + Header always set X-Content-Type-Options nosniff + </IfModule> + # Requires Apache >= 2.4 + SSLCompression off + # Requires Apache >= 2.4.11 + SSLSessionTickets Off + SSLCertificateFile /etc/apache2/ssl.crt/HOSTNAME.DOMAINNAME.fullchain.pem + SSLCertificateKeyFile /etc/apache2/ssl.key/HOSTNAME.DOMAINNAME.key + + <IfModule mod_proxy.c> + ProxyPreserveHost Off + SSLProxyEngine On + SSLProxyVerify none + SSLProxyCheckPeerCN off + SSLProxyCheckPeerName off + SSLProxyCheckPeerExpire off + # Encoded slashes need to be allowed + AllowEncodedSlashes NoDecode + + <Proxy *> + Require all granted + </Proxy> + ProxyPass / https://HOSTNAME.DOMAINNAME/ + ProxyPassReverse / https://HOSTNAME.DOMAINNAME/ + Header set Host HOSTNAME.DOMAINNAME + RequestHeader set Host HOSTNAME.DOMAINNAME + RequestHeader set Origin https://HOSTNAME.DOMAINNAME + Header unset Referer + RequestHeader unset Referer + </IfModule> + <Location /> + Require all granted + </Location> + +</VirtualHost> +</IfDefine> +</IfDefine> +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.