From c3189ce6c7301c3ec17878fd3918f31d0d3cb18a Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Wed, 04 May 2016 07:27:53 -0400
Subject: [PATCH] Merge branch 'stable-3.1'
---
install/tpl/apache_ispconfig.vhost.master | 86 ++++++++++++++++++++++++-------------------
1 files changed, 48 insertions(+), 38 deletions(-)
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index 4503811..6b71378 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -8,101 +8,111 @@
<VirtualHost _default_:<tmpl_var name="vhost_port">>
ServerAdmin webmaster@localhost
-
+
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
-
+
<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
- <FilesMatch "\.php$">
- SetHandler fcgid-script
- </FilesMatch>
+ <FilesMatch "\.php$">
+ SetHandler fcgid-script
+ </FilesMatch>
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
+ Require all granted
+ <tmpl_else>
Order allow,deny
Allow from all
- </tmpl_if>
+ </tmpl_if>
</Directory>
IPCCommTimeout 7200
- MaxRequestLen 15728640
+ MaxRequestLen 15728640
</IfModule>
-
+
<IfModule mpm_itk_module>
DocumentRoot /usr/local/ispconfig/interface/web/
- AssignUserId ispconfig ispconfig
+ AssignUserId ispconfig ispconfig
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
# php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
Options +FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
+ Require all granted
+ <tmpl_else>
Order allow,deny
Allow from all
- </tmpl_if>
- php_value magic_quotes_gpc 0
+ </tmpl_if>
+ php_value magic_quotes_gpc 0
</Directory>
</IfModule>
-
+
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
-
+
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
+ <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
+ <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3
+ <tmpl_else>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
+ </tmpl_if>
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
- <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
+ <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+ <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
+ <tmpl_var name="ssl_comment">SSLCompression Off
+ </tmpl_if>
+ <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
+ <tmpl_var name="ssl_comment">SSLSessionTickets Off
+ </tmpl_if>
<IfModule mod_headers.c>
Header always add Strict-Transport-Security "max-age=15768000"
</IfModule>
-<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
- <tmpl_var name="ssl_comment">SSLUseStapling on
+ <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+ <tmpl_var name="ssl_comment">SSLUseStapling On
<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
- <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
-</tmpl_if>
+ <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
+ </tmpl_if>
</VirtualHost>
-<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<IfModule mod_ssl.c>
<tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>
<Directory /var/www/php-cgi-scripts>
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all denied
- <tmpl_else>
- Order Deny,Allow
- Deny from all
- </tmpl_if>
+ AllowOverride None
+ <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+ Require all denied
+ <tmpl_else>
+ Order Deny,Allow
+ Deny from all
+ </tmpl_if>
</Directory>
<Directory /var/www/php-fcgi-scripts>
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all denied
- <tmpl_else>
- Order Deny,Allow
- Deny from all
- </tmpl_if>
-</Directory>
\ No newline at end of file
+ AllowOverride None
+ <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+ Require all denied
+ <tmpl_else>
+ Order Deny,Allow
+ Deny from all
+ </tmpl_if>
+</Directory>
--
Gitblit v1.9.1