From: Giorgio Ravera Date: Mon, 11 Aug 2025 20:48:05 +0000 (+0200) Subject: Additional changes X-Git-Url: http://git.giorgioravera.it/?a=commitdiff_plain;h=87e0909f387639910d394e205a3084736bc23bd7;p=apache.git Additional changes --- diff --git a/sites-available/001-default-ssl.conf b/sites-available/001-default-ssl.conf deleted file mode 100644 index 4432645..0000000 --- a/sites-available/001-default-ssl.conf +++ /dev/null @@ -1,145 +0,0 @@ - - - ServerAdmin giorgio@giorgioravera.it - - #DocumentRoot /var/www/html - DocumentRoot /var/www/www.giorgioravera.it/htdocs - - Options FollowSymlinks - AllowOverride All - - ScriptAlias /cgi-bin /var/www/www.giorgioravera.it/cgi-bin - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/error.log - ErrorLog /var/www/www.giorgioravera.it/log/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - CustomLog /var/www/www.giorgioravera.it/log/access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/giorgioravera.it/cert.pem - SSLCertificateKeyFile /etc/ssl/giorgioravera.it/privkey.pem - #SSLCertificateFile /etc/letsencrypt/live/server.giorgioravera.it/cert.pem - #SSLCertificateKeyFile /etc/letsencrypt/live/server.giorgioravera.it/privkey.pem - - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - #SSLCertificateChainFile /etc/letsencrypt/live/server.giorgioravera.it/chain.pem - SSLCertificateChainFile /etc/ssl/giorgioravera.it/chain.pem - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/ssl/giorgioravera.it/ca.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - # BrowserMatch "MSIE [2-6]" \ - # nokeepalive ssl-unclean-shutdown \ - # downgrade-1.0 force-response-1.0 - - - diff --git a/sites-available/001-default-ssl.conf b/sites-available/001-default-ssl.conf new file mode 120000 index 0000000..9935b37 --- /dev/null +++ b/sites-available/001-default-ssl.conf @@ -0,0 +1 @@ +default-ssl.conf \ No newline at end of file diff --git a/sites-available/asterisk.giorgioravera.it.conf b/sites-available/asterisk.giorgioravera.it.conf index 92107f2..a07b783 100644 --- a/sites-available/asterisk.giorgioravera.it.conf +++ b/sites-available/asterisk.giorgioravera.it.conf @@ -9,12 +9,9 @@ ServerName asterisk.giorgioravera.it ServerAdmin giorgio@giorgioravera.it - ProxyPass / http://asterisk.giorgioravera.it/ - ProxyPassReverse / http://asterisk.giorgioravera.it/ - - #SSLProxyEngine on - #ProxyPass / https://asterisk.giorgioravera.it/ - #ProxyPassReverse / https://asterisk.giorgioravera.it/ + SSLProxyEngine on + ProxyPass / https://asterisk.giorgioravera.it/ + ProxyPassReverse / https://asterisk.giorgioravera.it/ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. diff --git a/sites-available/docker.giorgioravera.it.conf b/sites-available/docker.giorgioravera.it.conf index 4754a09..226008a 100644 --- a/sites-available/docker.giorgioravera.it.conf +++ b/sites-available/docker.giorgioravera.it.conf @@ -9,12 +9,12 @@ ServerName docker.giorgioravera.it ServerAdmin giorgio@giorgioravera.it - ProxyPass / http://docker.giorgioravera.it:9000/ - ProxyPassReverse / http://docker.giorgioravera.it:9000/ + #ProxyPass / http://docker.giorgioravera.it:9000/ + #ProxyPassReverse / http://docker.giorgioravera.it:9000/ - #SSLProxyEngine on - #ProxyPass / https://docker.giorgioravera.it/ - #ProxyPassReverse / https://docker.giorgioravera.it/ + SSLProxyEngine on + ProxyPass / https://docker.giorgioravera.it/ + ProxyPassReverse / https://docker.giorgioravera.it/ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. diff --git a/sites-available/home.giorgioravera.it.conf b/sites-available/home.giorgioravera.it.conf index 9e192bd..d7ee487 100644 --- a/sites-available/home.giorgioravera.it.conf +++ b/sites-available/home.giorgioravera.it.conf @@ -32,8 +32,8 @@ # modules, e.g. #LogLevel info ssl:warn - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined + ErrorLog ${APACHE_LOG_DIR}/error_home.log + CustomLog ${APACHE_LOG_DIR}/access_home.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to diff --git a/sites-available/phpldapadmin.conf b/sites-available/phpldapadmin.conf index a279ac5..ed7777c 100644 --- a/sites-available/phpldapadmin.conf +++ b/sites-available/phpldapadmin.conf @@ -9,7 +9,7 @@ ServerName ldap.giorgioravera.it ServerAdmin giorgio@giorgioravera.it - DocumentRoot /usr/share/phpldapadmin/ + DocumentRoot /usr/share/phpldapadmin/htdocs # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. diff --git a/sites-available/pve.giorgioravera.it.conf b/sites-available/pve.giorgioravera.it.conf index 10feeda..c1a9bb1 100644 --- a/sites-available/pve.giorgioravera.it.conf +++ b/sites-available/pve.giorgioravera.it.conf @@ -23,8 +23,8 @@ # modules, e.g. #LogLevel info ssl:warn - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined + ErrorLog ${APACHE_LOG_DIR}/error_pve.log + CustomLog ${APACHE_LOG_DIR}/access_pve.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to diff --git a/sites-available/webssh.giorgioravera.it.conf b/sites-available/webssh.giorgioravera.it.conf index 1ace5e5..d7989f3 100644 --- a/sites-available/webssh.giorgioravera.it.conf +++ b/sites-available/webssh.giorgioravera.it.conf @@ -45,8 +45,8 @@ # modules, e.g. #LogLevel info ssl:warn - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined + ErrorLog ${APACHE_LOG_DIR}/error_webssh.log + CustomLog ${APACHE_LOG_DIR}/access_webssh.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to