[evolvis-commits] r6664: split off https/ ssl configuration into only one file↵

Thorsten Glaser t.glaser at tarent.de
Tue Jun 1 17:44:48 CEST 2010


Author: Thorsten Glaser <t.glaser at tarent.de>
Date: 2010-06-01 17:44:48 +0200 (Tue, 01 Jun 2010)
New Revision: 6664

Added:
   trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl0.inc
   trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl1.inc
Modified:
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/06maindirhttp
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/07maindirhttp.ssl
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/20list
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/21list.ssl
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/40virtualhost
   trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/41virtualhost.ssl
   trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.vhosts
   trunk/gforge_base/evolvisforge/gforge/setup
Log:
split off https/ssl configuration into only one file


Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/06maindirhttp
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/06maindirhttp	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/06maindirhttp	2010-06-01 15:44:48 UTC (rev 6664)
@@ -53,11 +53,6 @@
 #		allow from all
 #	</Directory>
 
-	# Ensure that we don't try to use SSL on SSL Servers
-	<IfModule apache_ssl.c>
-		SSLDisable
-	</IfModule>
-
         Alias /fckeditor/ /usr/share/fckeditor/
         <Directory "/usr/share/fckeditor/">
             Options Indexes MultiViews FollowSymLinks
@@ -74,5 +69,7 @@
         RewriteEngine on
         RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
         RewriteRule .* - [F]
+
+	Include /etc/gforge/httpd.ssl0.inc
 </VirtualHost>
 

Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/07maindirhttp.ssl
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/07maindirhttp.ssl	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/07maindirhttp.ssl	2010-06-01 15:44:48 UTC (rev 6664)
@@ -42,25 +42,6 @@
 	LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
 	CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
 
-	<IfModule mod_ssl.c>
-		SSLEngine on
-		SSLCertificateFile {sys_sslcrt}
-		SSLCertificateKeyFile {sys_sslkey}
-		{sys_ssl_apache_extra_cmd}
-		<Files ~ "\.(cgi|shtml)$">
-			SSLOptions +StdEnvVars
-		</Files>
-		<Directory "/usr/lib/cgi-bin">
-			SSLOptions +StdEnvVars
-		</Directory>
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
-
-	<IfModule apache_ssl.c>
-		SSLEnable
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
-
         Alias /fckeditor/ /usr/share/fckeditor/
         <Directory "/usr/share/fckeditor/">
             Options Indexes MultiViews FollowSymLinks
@@ -77,5 +58,7 @@
         RewriteEngine on
         RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
         RewriteRule .* - [F]
+
+	Include /etc/gforge/httpd.ssl1.inc
 </VirtualHost>
 

Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/20list
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/20list	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/20list	2010-06-01 15:44:48 UTC (rev 6664)
@@ -26,12 +26,10 @@
   CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
   LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
   CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
-  # Ensure that we don't try to use SSL on SSL Servers
-  <IfModule apache_ssl.c>
-    SSLDisable
-  </IfModule>
 
   RewriteEngine on
   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
   RewriteRule .* - [F]
+
+	Include /etc/gforge/httpd.ssl0.inc
 </VirtualHost>

Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/21list.ssl
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/21list.ssl	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/21list.ssl	2010-06-01 15:44:48 UTC (rev 6664)
@@ -6,24 +6,6 @@
   ServerName {lists_host}
   AddHandler cgi-script .cgi
 
-  <IfModule mod_ssl.c>
-    SSLEngine on
-    SSLCertificateFile {sys_sslcrt}
-    SSLCertificateKeyFile {sys_sslkey}
-    {sys_ssl_apache_extra_cmd}
-    <Files ~ "\.(cgi|shtml)$">
-      SSLOptions +StdEnvVars
-    </Files>
-    <Directory "/usr/lib/cgi-bin">
-      SSLOptions +StdEnvVars
-    </Directory>
-    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-  </IfModule>
-
-  <IfModule apache_ssl.c>
-    SSLEnable
-  </IfModule>
-
   ScriptAlias /cgi-bin/mailman/ /var/lib/mailman/cgi-bin/
   ScriptAlias /mailman/ /var/lib/mailman/cgi-bin/
 
@@ -48,5 +30,7 @@
   RewriteEngine on
   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
   RewriteRule .* - [F]
+
+	Include /etc/gforge/httpd.ssl1.inc
 </VirtualHost>
 

Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/40virtualhost
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/40virtualhost	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/40virtualhost	2010-06-01 15:44:48 UTC (rev 6664)
@@ -21,8 +21,6 @@
 	CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
 	LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
 	CustomLog "|/usr/bin/cronolog {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
-	# Ensure that we don't try to use SSL on SSL Servers
-	<IfModule apache_ssl.c>
-		SSLDisable
-	</IfModule>
+
+	Include /etc/gforge/httpd.ssl0.inc
 </VirtualHost>

Modified: trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/41virtualhost.ssl
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/41virtualhost.ssl	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/httpd.d/41virtualhost.ssl	2010-06-01 15:44:48 UTC (rev 6664)
@@ -19,21 +19,5 @@
 	LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
 	CustomLog "|/usr/bin/cronolog {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
 
-	<IfModule mod_ssl.c>
-		SSLEngine on
-		SSLCertificateFile {sys_sslcrt}
-		SSLCertificateKeyFile {sys_sslkey}
-		{sys_ssl_apache_extra_cmd}
-		<Files ~ "\.(cgi|shtml)$">
-			SSLOptions +StdEnvVars
-		</Files>
-		<Directory "/usr/lib/cgi-bin">
-			SSLOptions +StdEnvVars
-		</Directory>
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
-	<IfModule apache_ssl.c>
-		SSLEnable
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
+	Include /etc/gforge/httpd.ssl1.inc
 </VirtualHost>

Added: trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl0.inc
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl0.inc	                        (rev 0)
+++ trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl0.inc	2010-06-01 15:44:48 UTC (rev 6664)
@@ -0,0 +1,6 @@
+# vhost include fragment for port-80 vhosts
+
+# Ensure that we don’t try to use SSL on SSL servers
+<IfModule apache_ssl.c>
+	SSLDisable
+</IfModule>

Added: trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl1.inc
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl1.inc	                        (rev 0)
+++ trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.ssl1.inc	2010-06-01 15:44:48 UTC (rev 6664)
@@ -0,0 +1,25 @@
+# vhost include fragment for port-443 vhosts
+
+<IfModule mod_ssl.c>
+	SSLEngine on
+
+	SSLCertificateFile {sys_sslcrt}
+	SSLCertificateKeyFile {sys_sslkey}
+	{sys_ssl_apache_extra_cmd}
+
+	<Files ~ "\.(cgi|shtml)$">
+		SSLOptions +StdEnvVars
+	</Files>
+
+	<Directory "/usr/lib/cgi-bin">
+		SSLOptions +StdEnvVars
+	</Directory>
+
+	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</IfModule>
+
+<IfModule apache_ssl.c>
+	SSLEnable
+
+	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</IfModule>

Modified: trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.vhosts
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.vhosts	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/etc/templates/httpd.vhosts	2010-06-01 15:44:48 UTC (rev 6664)
@@ -12,10 +12,8 @@
   CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/gforge.log" gforge
   LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
   CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
-  # Ensure that we don't try to use SSL on SSL Servers
-  <IfModule apache_ssl.c>
-    SSLDisable
-  </IfModule>
+
+	Include /etc/gforge/httpd.ssl0.inc
 </VirtualHost>
 <VirtualHost {ip_address}:443>
 	ServerName {vhost_name}
@@ -32,21 +30,5 @@
 	LogFormat "%{Host}i %h %l %u %t %{SSL_PROTOCOL}x:%{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvhssl
 	CustomLog "|{cronolog_path} {var_log_gforge}/%Y/%m/%d/awstats.log" combinedvhssl
 
-	<IfModule mod_ssl.c>
-		SSLEngine on
-		SSLCertificateFile {sys_sslcrt}
-		SSLCertificateKeyFile {sys_sslkey}
-		{sys_ssl_apache_extra_cmd}
-		<Files ~ "\.(cgi|shtml)$">
-			SSLOptions +StdEnvVars
-		</Files>
-		<Directory "/usr/lib/cgi-bin">
-			SSLOptions +StdEnvVars
-		</Directory>
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
-	<IfModule apache_ssl.c>
-		SSLEnable
-		SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-	</IfModule>
+	Include /etc/gforge/httpd.ssl1.inc
 </VirtualHost>

Modified: trunk/gforge_base/evolvisforge/gforge/setup
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/setup	2010-06-01 15:44:45 UTC (rev 6663)
+++ trunk/gforge_base/evolvisforge/gforge/setup	2010-06-01 15:44:48 UTC (rev 6664)
@@ -360,7 +360,7 @@
 	done
 	chmod 600 $HTTPDSECRETS $CONFFILEIN $CONFFILEOUT
 	chmod 640 $CONFFILEOUTDIR/local.pl $CONFFILEOUTDIR/database.inc
-	chmod 644 $CONFFILEOUTDIR/shell.inc
+	chmod 644 $CONFFILEOUTDIR/shell.inc $CONFFILEOUTDIR/httpd.*.inc
 	chown gforge:gforge $CONFFILEOUTDIR/local.pl $CONFFILEOUTDIR/database.inc
 }
 	




More information about the evolvis-commits mailing list