smeserver/smeserver-apache
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme

Browse Source 
- add X-Content-Type-Options nosniff [SME: 12835]
- add Strict Transport Security support HSTS [SME: 12815]
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
- add referrer-Policy same-origin [SME: 12817]
- add OCSP Stapling support [SME: 12819]
- add CSP Content-Security-Policy support [SME: 9567]
- add .well-known and .well-known/security.txt [SME: 12818]
This commit is contained in:
Jean-Philippe Pialasse 2024-12-28 23:07:10 -05:00
parent 1183147ca0
commit 460bba0655
20 changed files with 129 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

321
additional/e-smith-apache.spec
View File

@ -1,321 +0,0 @@
Summary: e-smith server and gateway - apache module
%define name e-smith-apache
Name: %{name}
%define version 1.1.2
%define release 01
Version: %{version}
Release: %{release}
License: GPL
Vendor: Mitel Networks Corporation
Group: Networking/Daemons
Source: %{name}-%{version}.tar.gz
Packager: e-smith developers <bugs@e-smith.com>
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
Requires: e-smith-base >= 4.15.1
Requires: e-smith-daemontools >= 1.7.1-01
Conflicts: e-smith-ibays < 1.0.2
AutoReqProv: no
BuildRequires: e-smith-devtools >= 1.11.0-12
%description
e-smith server and gateway software - apache module.
%changelog
* Wed Nov 17 2004 Mark Knox <markk@e-smith.com>
- [1.1.2-01]
- Picking up new directory. MN00056429.
* Wed Nov 17 2004 Mark Knox <markk@e-smith.com>
- [1.1.1-03]
- Added empty ValidFrom defaults fragment [markk MN00056429]
* Tue Nov 9 2004 Charlie Brady <charlieb@e-smith.com>
- [1.1.1-02]
- Modify config and run script for compatibility with apache 2. Most of these
changes were contributed by Shad Lords. [charlieb MN00051144]
* Mon Oct 4 2004 Charlie Brady <charlieb@e-smith.com>
- [1.1.1-01]
- New development stream for apache 2 - 1.1.1
* Fri Sep 3 2004 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-23]
- Clean BuildRequires. [charlieb MN00043055]
* Tue Jul 13 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-22]
- Updated modPerl templates to remove use of esmith::config.
[msoulier MN00039579]
* Tue Jun 22 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-21]
- Added RewriteCond statements to previous RewriteRules to exclude localhost,
so ssh port-forwarding is not broken. [msoulier MN00020885]
* Fri Jun 18 2004 Tony Clayton <apc@e-smith.com>
- [1.1.0-20]
- Fix LoadModule fragment from last patch [tonyc 11348]
* Mon Jun 14 2004 Tony Clayton <apc@e-smith.com>
- [1.1.0-19]
- Add modPerl service and httpd.conf templates [tonyc 11348]
* Mon May 10 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-18]
- Adding rewrite rules to prevent plaintext access to the server manager.
[msoulier MN00020885]
* Thu May 6 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-17]
- Added httpd-admin's remoteaccess list to permissible networks for
server-resources. [msoulier MN00024949]
* Mon Feb 23 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-16]
- Backing-out last change. [msoulier dpar-21489]
* Mon Feb 23 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-15]
- Added restart-httpd-graceful to domain-* events. [msoulier dpar-21489]
* Wed Feb 18 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-14]
- Updating requires to e-smith-daemontools. [msoulier 7629]
* Wed Feb 18 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-13]
- Updating restart-httpd-graceful to use new daemontools sigusr1 option.
[msoulier 7629]
* Wed Jan 21 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-12]
- Staggering the symlinks a little farther. [msoulier 9955]
* Wed Jan 21 2004 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-11]
- Adding symlinks to the service-domain-create event for httpd restart.
[msoulier 9955]
* Tue Dec 9 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-10]
- Fixed another error in the specfile, resulting in incorrect file
permissions. [msoulier 7629]
- Updated action scripts for supervise. [msoulier 7629]
* Tue Dec 9 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-09]
- Fixed an error in the specfile. [msoulier 7629]
* Tue Dec 9 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-08]
- Updated createlinks for daemontools. [msoulier 7629]
* Tue Dec 9 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-07]
- Putting httpd-e-smith under supervision. [msoulier 7629]
* Thu Sep 18 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-06]
- Added a null-string return value to the end of 00Setup, ensure no output
from that fragment. [msoulier 9803]
* Wed Sep 3 2003 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-05]
- Use implementation class, not virtual class in VirtualHosts/00Setup fragment.
[charlieb 9803]
* Wed Sep 3 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-04]
- Added a 75AddType05.exe fragment to specify a proper mime-type for .exe
files. [msoulier 9866]
* Fri Aug 29 2003 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-03]
- Allow TemplatePath property in domain record to specify an alternate template
subdir for virtual host content specification (e.g. to proxypass a domain).
[charlieb 8409]
* Fri Aug 29 2003 Charlie Brady <charlieb@e-smith.com>
- [1.1.0-02]
- Changed the VirtualHosts subtemplate to pass the domain object instead of db handle,
and modified VirtualHosts/00Setup fragment to convert it to the right class.
Fix scoping problem with the blessed object. [charlieb 9803]
* Fri Aug 29 2003 Michael Soulier <msoulier@e-smith.com>
- [1.1.0-01]
- rolling to dev stream - 1.1.0
* Fri Aug 29 2003 Michael Soulier <msoulier@e-smith.com>
- [1.0.0-04]
- Added a 00Setup fragment to VirtualHosts to process the %domainsdb hash back
into an esmith::DomainsDB object. [msoulier 9803]
* Mon Aug 25 2003 Michael Soulier <msoulier@e-smith.com>
- [1.0.0-03]
- Added a reference to the domains db in the extra data for processing the
VirtualHosts fragments. [msoulier 9803]
* Fri Aug 1 2003 Michael Soulier <msoulier@e-smith.com>
- [1.0.0-02]
- Fixed a precedence error that broke virtual hosts in apache.
[msoulier 9640]
* Wed Jul 9 2003 Charlie Brady <charlieb@e-smith.com>
- [1.0.0-01]
- Setting to release version number - 1.0.0
* Wed Jul 9 2003 Michael Soulier <msoulier@e-smith.com>
- [0.2.0-04]
- Fixed breakage in admin web server when a local network with a 32-bit subnet
mask is used. [msoulier 9259]
* Thu Jul 3 2003 Charlie Brady <charlieb@e-smith.com>
- [0.2.0-03]
- Fix log noise problem in expansion of httpd.conf template. [charlieb 9269]
* Wed Jul 2 2003 Charlie Brady <charlieb@e-smith.com>
- [0.2.0-02]
- List primary domain as first (default) virtual domain in apache config.
Include $SystemName.domain.name in ServerAlias directive. [charlieb 9241]
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com>
- [0.2.0-01]
- Changing version to stable stream number - 0.2.0
* Thu Jun 12 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.2-01]
- Add order to migrate fragments [gordonr 9015]
* Wed Jun 11 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-02]
- Fixed Conflicts header - should be <, not <= [gordonr 8903]
* Fri Jun 6 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.1-01]
- Shuffled some httpd.conf fragments to e-smith-ibays [gordonr 8903]
* Wed May 28 2003 Michael Soulier <msoulier@e-smith.com>
- [0.1.0-19]
- Moving httpd-e-smith init script to e-smith-apache. [msoulier 8852]
* Tue Apr 29 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-18]
- Do an explicit die if the httpd-e-smith record is missing from the
config db, rather than an implicit die due to an invalid object
reference [gordonr 8609]
* Wed Apr 9 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-17]
- Relocated conf-httpd from e-smith-base [gordonr 8150]
* Fri Apr 4 2003 Mark Knox <markk@e-smith.com>
- [0.1.0-16]
- Moved restart-httpd-* actions from base [markk 5509]
* Fri Apr 4 2003 Mark Knox <markk@e-smith.com>
- [0.1.0-15]
- Moved db config fragments here from e-smith-base [markk 5509]
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-14]
- Make /server-resources/ browsable from LAN [gordonr 6620]
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-13]
- Delete Apache ReadmeName directive [gordonr 6313]
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-12]
- Fixed broken conf-httpd-e-smith links in post-{install,upgrade} [gordonr 7960]
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.0-11]
- Deleted ./etc/httpd/conf/httpd.conf/template-begin
deleted ./etc/httpd/conf/srm.conf/template-begin
deleted ./etc/httpd/conf/access.conf/template-begin [lijied 3295]
* Mon Mar 17 2003 Lijie Deng <lijied@e-smith.com>
- [0.1.0-10]
- Delete empty template-end file [lijied 3295]
* Wed Mar 12 2003 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-09]
- Remove more references to primary and wwwpublic in favour
of the "Primary" i-bay. There is still some special case code,
which might go later if it turns out not to be needed.
[charlieb 5652]
* Tue Mar 11 2003 Mark Knox <markk@e-smith.com>
- [0.1.0-08]
- Fixed a missing quote in 27ManagerProxyPass [markk 7635]
* Tue Mar 11 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-07]
- Pass externalSSLAccess and localAccess to VirtualDomains fragments so they don't
need to recalculate these values [gordonr 7635]
- Use early return from 27ManagerProxyPass and new DB interface [gordonr 7635]
* Mon Mar 10 2003 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-06]
- Remove special case handling for /home/e-smith/files/primary in Apache
configuration. Migrate code and db entries for wwwpublic to Public.
[charlieb 5652]
* Fri Mar 7 2003 Charlie Brady <charlieb@e-smith.com>
- [0.1.0-05]
- Replace deprecated CONFREF with MORE_DATA in processTemplate call in
VirtualHosts fragment of httpd.conf templates. Fixes template
expansion breakage (I'm not sure what broke it, but this fixes it.)
[charlieb]
- Add default config db fragments to set type and status. Remove redundant
conf-httpd-e-smith script. [charlieb 1507]
* Fri Jan 24 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-04]
- Move SSL initialisation to global context [gordonr 1432]
* Fri Jan 24 2003 Gordon Rowell <gordonr@e-smith.com>
- [0.1.0-03]
- Use default SSL certificate of $SystemName.$DomainName [gordonr 4874]
* Wed Jan 8 2003 Mark Knox <markk@e-smith.com>
- [0.1.0-02]
- Added conf-httpd-e-smith action linked to the same events as conf-startup
in e-smith-base [markk 6428]
* Mon Jan 06 2003 Mark Knox <m_knox@mitel.com>
- [0.1.0-01]
- Initial release, split out from e-smith-base [markk 6428]
%prep
%setup
%pre
%post
%build
perl createlinks
mkdir -p root/service
ln -s /var/service/httpd-e-smith root/service/httpd-e-smith
mkdir -p root/var/service/httpd-e-smith/supervise
touch root/var/service/httpd-e-smith/down
%install
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
--dir /var/service/httpd-e-smith 'attr(01755,root,root)' \
--file /var/service/httpd-e-smith/down 'attr(0644,root,root)' \
--file /var/service/httpd-e-smith/run 'attr(0755,root,root)' \
> e-smith-%{version}-filelist
echo "%doc COPYING" >> e-smith-%{version}-filelist
%clean
rm -rf $RPM_BUILD_ROOT
%files -f e-smith-%{version}-filelist
%defattr(-,root,root)

1
contriborbase
View File

@ -1 +0,0 @@
sme10

8
createlinks
View File

@ -6,6 +6,7 @@ use esmith::Build::CreateLinks qw(:all);
#--------------------------------------------------
my $event = "smeserver-apache-update";
templates2events("/etc/httpd/conf/httpd.conf", $event);
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
event_link("systemd-reload", $event, "89");
event_link("systemd-default", $event, "88");
@ -16,6 +17,7 @@ templates2events("/etc/logrotate.d/httpd", $event);
#--------------------------------------------------
my $event = "console-save";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/httpd/conf/httpd.conf", $event);
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
@ -143,6 +145,7 @@ safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-s
$event = "remoteaccess-update";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/httpd/conf/httpd.conf", $event);
safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
@ -152,6 +155,7 @@ safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-s
$event = "email-update";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/httpd/conf/httpd.conf", $event);
safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
@ -161,6 +165,7 @@ safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-s
$event = "logrotate";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
#--------------------------------------------------
@ -168,6 +173,7 @@ safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-s
#--------------------------------------------------
$event = "ssl-update";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/httpd/conf/httpd.conf", $event);
safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
@ -176,6 +182,7 @@ safe_symlink("reload", "root/etc/e-smith/events/$event/services2adjust/httpd-e-s
#--------------------------------------------------
$event = "post-install";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/logrotate.d/httpd", $event);
#--------------------------------------------------
@ -183,5 +190,6 @@ templates2events("/etc/logrotate.d/httpd", $event);
#--------------------------------------------------
$event = "post-upgrade";
templates2events("/var/www/html/.well-known/acme-challenge/security.txt", $event);
templates2events("/etc/logrotate.d/httpd", $event);

3
root/etc/e-smith/templates.metadata/var/www/html/.well-known/acme-challenge/security.txt Normal file
View File

@ -0,0 +1,3 @@
UID="root"
GID="apache"
PERMS=0640

2
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL36SSLStapling Normal file
View File

@ -0,0 +1,2 @@
SSLUseStapling On
SSLStaplingCache dbm:/run/httpd/ssl_stapling(32768)

1
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38nosniff Normal file
View File

@ -0,0 +1 @@
Header setifempty X-Content-Type-Options nosniff

1
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38referer Normal file
View File

@ -0,0 +1 @@
Header setifempty Referrer-Policy "same-origin"

3
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38xframe Normal file
View File

@ -0,0 +1,3 @@
# prevent clickjacking attacks
Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN

18
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/79well-known Normal file
View File

@ -0,0 +1,18 @@
# Alias for letsencrypt, security.txt and mailconfig ...
Alias /.well-known/ /var/www/html/.well-known/
# do not proxy request to acme-challenge and security.txt
ProxyPass /.well-known/security.txt !
ProxyPass /.well-known/acme-challenge !
<Directory "/var/www/html/.well-known">
Options None
AllowOverride None
Require all granted
AddDefaultCharset off
Satisfy any
</Directory>
<Directory /var/www/html/.well-known/acme-challenge/>
Header set Content-Type "application/jose+json"
Require all granted
Satisfy any
</Directory>

15
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/12HSTS Normal file
View File

@ -0,0 +1,15 @@
{
# return if not SSL
return " # skipping SSL certificate\n" unless $port eq "$httpsPort";
# return unless we have a real certificate (however, here we assume that one will not set manually a self signed one...)
# by the way accessing with an ip will fail.
#my $ssl_file_crt = $domains->get_prop($virtualHost, "DomainSSLCertificateFile") || $modSSL{'crt'} || "disabled";
#return " # HSTS incompatible with self signed certificate\n" unless ($ssl_file_crt ne "disabled" && -e $ssl_file_crt);
# return unless enabled for domain
return " # HSTS disabled\n"; unless ( ($domains->get_prop($virtualHost, "HSTS") || "enabled") eq 'enabled');
# if setting preload you need max-age>= 1years in second and includeSubDomains enabled.
my $preload = (($domains->get_prop($virtualHost, "HSTSpreload") || "disabled") eq 'enabled')? "; preload" : "";
# default to 1 years in second to access to preload; suggested 2 years.
my $age = ($domains->get_prop($virtualHost, "HSTSage") )? $domains->get_prop($virtualHost, "HSTSage") : "31536000";
$OUT = 'Header always set Strict-Transport-Security "max-age=$age; includeSubDomains $preload' ;
}

12
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28security.txt Normal file
View File

@ -0,0 +1,12 @@
{
# vim: ft=perl:
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
$plainTextAccess = ${'httpd-admin'}{PermitPlainTextAccess} || 'no';
$OUT = '';
if (($port eq $httpPort) && ($haveSSL eq 'yes') && ($plainTextAccess ne 'yes'))
{
$OUT .= " RewriteRule ^/.well-known/security.txt\$) https://%{HTTP_HOST}/.well-known/security.txt [L,R]\n";
}
}

11
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30csp Normal file
View File

@ -0,0 +1,11 @@
{
use esmith::DomainsDB;
my $db = esmith::DomainsDB->open_ro;
my $CSP = $db->get_prop($virtualHost, "CSP") || "default-src 'self' https://www.$virtualHost https://$virtualHost; style-src 'self' https://*.$virtualHost; script-src 'self' https://*.$virtualHost; worker-src 'self' https://*.$virtualHost; frame-ancestors 'self' https://*.$virtualHost; base-uri 'self' https://*.$virtualHost; form-action 'self' https://*.$virtualHost ";
return " # CSP disabled for this host\n" if ($CSP eq "disabled");
if ($CSP ne '')
{
$OUT .= " # Content-Security-Policy; only if not set by content\n";
$OUT .= " Header setifempty Content-Security-Policy \"$CSP\"\n";
}
}

9
root/etc/e-smith/templates/var/www/html/.well-known/acme-challenge/security.txt/10contact Normal file
View File

@ -0,0 +1,9 @@
# Our security address
Contact: {
# some examples
# Contact: mailto:security@example.com
# Contact: mailto:security%2Buri%2Bencoded@example.com
# Contact: tel:+1-201-555-0123
# Contact: https://example.com/security-contact.html
${'httpd-e-smith'}{'SecurityContact'}||"mailto:admin@$DomainName"}

8
root/etc/e-smith/templates/var/www/html/.well-known/acme-challenge/security.txt/20encryption Normal file
View File

@ -0,0 +1,8 @@
# Our openPGP key
Encryption: {
# some example
# Encryption: https://example.com/pgp-key.txt
# Encryption: dns:5d2d37ab76d47d36._openpgpkey.example.com?type=OPENPGPKEY
# Encryption: openpgp4fpr:5f2de5521c63a801ab59ccb603d49de44b29100f
${'httpd-e-smith'}{'SecurityEncryption'}||'none'}

15
root/etc/e-smith/templates/var/www/html/.well-known/acme-challenge/security.txt/30expires Normal file
View File

@ -0,0 +1,15 @@
# Expiration date of this policy
Expires: {
use strict;
use warnings;
use esmith::ConfigDB;
use DateTime;
my $db = esmith::ConfigDB->open or die "Could not open config db";
# Obtain the TimeZone configuration database value
my $timezone = $db->get("TimeZone")->value||"US/eastern";
my $dt = DateTime->now(time_zone => $timezone);
$dt->set_year($dt->year()+1);
$dt->set_time_zone('UTC');
$OUT = $dt."z" ;
}

8
root/etc/e-smith/templates/var/www/html/.well-known/acme-challenge/security.txt/40language Normal file
View File

@ -0,0 +1,8 @@
# Prefered Languages
Preferred-Languages: { substr( ($sysconfig{Language}||"en"),0,2) }
{
# see https://securitytxt.org/ for more fields
# Acknowledgments : https://
# Policy : https://
# Hiring : https://
}

0
root/etc/e-smith/templates/var/www/html/.well-known/acme-challenge/security.txt/template-begin Normal file
View File

1
root/usr/lib/systemd/system/httpd-e-smith.service
View File

@ -8,6 +8,7 @@ Documentation=man:apachectl(8)
Type=notify
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
ExecStartPre=-/sbin/e-smith/expand-template /var/www/html/.well-known/acme-challenge/security.txt
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful

0
root/var/www/html/.well-known/acme-challenge/.gitignore vendored Normal file
View File

15
smeserver-apache.spec
View File

@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
%define name smeserver-apache
Name: %{name}
%define version 11.0.0
%define release 7
%define release 8
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@ -18,6 +18,7 @@ Requires: smeserver-lib >= 1.15.1-19
Requires: smeserver-daemontools >= 1.7.1-01
Requires: mod_ssl
Requires: mod_authnz_external
Requires: perl-DateTime
Obsoletes: distcache <= 1.4.5
Obsoletes: mod_auth_external
Obsoletes: e-smith-proxypass
@ -51,6 +52,9 @@ rm -rf $RPM_BUILD_ROOT
--dir /var/service/httpd-e-smith 'attr(01755,root,root)' \
--file /var/service/httpd-e-smith/down 'attr(0644,root,root)' \
--file /var/service/httpd-e-smith/run 'attr(0755,root,root)' \
--ignoredir /var/www/html/ --ignoredir /var/www/ \
--dir /var/www/html/.well-known 'attr(0701,root,root)' \
--dir /var/www/html/.well-known/acme-challenge 'attr(0755,root,root)' \
> e-smith-%{version}-filelist
echo "%doc COPYING" >> e-smith-%{version}-filelist
@ -70,6 +74,15 @@ if [ $1 -gt 1 ] ; then
fi
%changelog
* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
- add X-Content-Type-Options nosniff [SME: 12835]
- add Strict Transport Security support HSTS [SME: 12815]
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
- add referrer-Policy same-origin [SME: 12817]
- add OCSP Stapling support [SME: 12819]
- add CSP Content-Security-Policy support [SME: 9567]
- add .well-known and .well-known/security.txt [SME: 12818]
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-7.sme
- Update createlinks to create smeserver-package-update event[SME: 12579]