Added virtual host support for Debian/Ubuntu to apache module

2010-11-05 16:55:05 +02:00 · 2010-11-05 16:55:05 +02:00 · 42fd785e66
commit 42fd785e66
parent 512c38ba9d
4 changed files with 230 additions and 33 deletions
--- a/apache/templates/apache2.httpd.conf.erb
+++ b/apache/templates/apache2.httpd.conf.erb
@ -0,0 +1,93 @@
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin adm@<%= domain %>
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work.  See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make 
+# redirections work in a sensible way.
+#
+ServerName <%= fqdn %>
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature Off
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories). 
+#
+# First, we configure the "default" to be a very restrictive set of 
+# features.  
+#
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "/srv/www">
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important.  Please see
+# http://httpd.apache.org/docs/2.2/mod/core.html#options
+# for more information.
+#
+    Options Indexes FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+#   Options FileInfo AuthConfig Limit
+#
+    AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+    Order allow,deny
+    Allow from all
+
+</Directory>
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@ -9,7 +9,12 @@
 # consult the online docs. You have been warned.  
 #

+#
+# Load SSL module if not loaded
+#
+<IfModule !mod_ssl.c>
 LoadModule ssl_module modules/mod_ssl.so
+</IfModule>

 #
 # When we also provide SSL we have to listen to the 
@ -17,6 +22,7 @@ LoadModule ssl_module modules/mod_ssl.so
 #
 Listen 443

+<% if operatingsystem == 'CentOS' or operatingsystem == 'Fedora' -%>
 ##
 ##  SSL Global Context
 ##
@ -73,6 +79,7 @@ SSLRandomSeed connect builtin
 #
 SSLCryptoDevice builtin
 #SSLCryptoDevice ubsec
+<% end -%>

 ##
 ## SSL Virtual Host Context
@ -109,14 +116,14 @@ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
 # the certificate is encrypted, then you will be prompted for a
 # pass phrase.  Note that a kill -HUP will prompt again.  A new
 # certificate can be generated using the genkey(1) command.
-SSLCertificateFile /etc/pki/tls/certs/<%= site_fqdn %>.crt
+SSLCertificateFile <%= apache_ssldir %>/certs/<%= site_fqdn %>.crt

 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile /etc/pki/tls/private/<%= site_fqdn %>.key
+SSLCertificateKeyFile <%= apache_ssldir %>/private/<%= site_fqdn %>.key

 #   Server Certificate Chain:
 #   Point SSLCertificateChainFile at a file containing the
@ -126,7 +133,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/<%= site_fqdn %>.key
 #   when the CA certificates are directly appended to the server
 #   certificate for convinience.
 <% if ssl_chain != "" -%>
-SSLCertificateChainFile /etc/pki/tls/certs/<%= site_fqdn %>.chain.crt
+SSLCertificateChainFile <%= apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt
 <% end -%>

 #   Certificate Authority (CA):