Compare commits
4 Commits
11_0_0-10_
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| eeca8ec342 | |||
| 57202723f1 | |||
| 1bfad8c651 | |||
| aecee0e087 |
@@ -1 +0,0 @@
|
|||||||
disabled
|
|
||||||
5
root/etc/e-smith/db/configuration/migrate/apache
Normal file
5
root/etc/e-smith/db/configuration/migrate/apache
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
# delete old httpd-e-smith apache properties
|
||||||
|
$DB->get('httpd-e-smith')->delete_prop($_) for ( qw(SSLv2 ) );
|
||||||
|
|
||||||
|
}
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
# notify for systemd
|
|
||||||
LoadModule systemd_module modules/mod_systemd.so
|
|
||||||
|
|
||||||
@@ -4,10 +4,12 @@
|
|||||||
proxy_http
|
proxy_http
|
||||||
alias
|
alias
|
||||||
rewrite
|
rewrite
|
||||||
|
access_compat
|
||||||
authn_core
|
authn_core
|
||||||
authz_core
|
authz_core
|
||||||
authz_host
|
authz_host
|
||||||
authz_user
|
authz_user
|
||||||
|
authnz_external
|
||||||
authn_file
|
authn_file
|
||||||
authn_anon
|
authn_anon
|
||||||
auth_digest
|
auth_digest
|
||||||
@@ -15,9 +17,12 @@
|
|||||||
authz_groupfile
|
authz_groupfile
|
||||||
authnz_ldap
|
authnz_ldap
|
||||||
ldap
|
ldap
|
||||||
|
dav
|
||||||
|
dav_fs
|
||||||
proxy_wstunnel
|
proxy_wstunnel
|
||||||
mpm_prefork
|
mpm_prefork
|
||||||
socache_dbm
|
socache_dbm
|
||||||
|
systemd
|
||||||
unixd
|
unixd
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
{
|
|
||||||
|
|
||||||
$OUT .= load_modules(qw(
|
|
||||||
access_compat
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
|
|
||||||
# Extra Modules
|
|
||||||
LoadModule authnz_external_module modules/mod_authnz_external.so
|
|
||||||
|
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
{
|
{
|
||||||
|
use esmith::ssl;
|
||||||
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
|
# When updating CipherSuite both e-smith-apache and smeserver-qpsmtpd templates should be updated.
|
||||||
$OUT = "SSLCipherSuite ";
|
$OUT = "SSLCipherSuite ";
|
||||||
$OUT .= $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4';
|
$OUT .= $modSSL{CipherSuite} || $smeCiphers;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,9 +1,5 @@
|
|||||||
{
|
{
|
||||||
|
use esmith::ssl;
|
||||||
# Specify which SSL Protocols to accept for this context
|
# Specify which SSL Protocols to accept for this context
|
||||||
$OUT .= "SSLProtocol all";
|
$OUT .= "SSLProtocol ". SSLprotoApache() ;
|
||||||
$OUT .= " -SSLv2" unless (${'httpd-e-smith'}{'SSLv2'} || 'disabled') eq 'enabled';
|
|
||||||
$OUT .= " -SSLv3" unless (${'httpd-e-smith'}{'SSLv3'} || 'disabled') eq 'enabled';
|
|
||||||
$OUT .= " -TLSv1" unless (${'httpd-e-smith'}{'TLSv1'} || 'disabled') eq 'enabled';
|
|
||||||
$OUT .= " -TLSv1.1" unless (${'httpd-e-smith'}{'TLSv1.1'} || 'disabled') eq 'enabled';
|
|
||||||
$OUT .= " -TLSv1.2" unless (${'httpd-e-smith'}{'TLSv1.2'} || 'enabled') eq 'enabled';
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
SSLUseStapling On
|
SSLUseStapling On
|
||||||
SSLStaplingCache dbm:/run/httpd/ssl_stapling(32768)
|
SSLStaplingCache dbm:/run/httpd/ssl_stapling
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
header setifempty X-Permitted-Cross-Domain-Policies "none"
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
Header setifempty Cross-Origin-Embedder-Policy "unsafe-none; report-to='default'"
|
||||||
|
Header setifempty Cross-Origin-Embedder-Policy-Report-Only "unsafe-none; report-to='default'"
|
||||||
|
Header setifempty Cross-Origin-Opener-Policy "unsafe-none"
|
||||||
|
Header setifempty Cross-Origin-Opener-Policy-Report-Only "unsafe-none; report-to='default'"
|
||||||
|
Header setifempty Cross-Origin-Resource-Policy "same-site"
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
Header setifempty Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"
|
||||||
@@ -4,5 +4,5 @@ Encryption: {
|
|||||||
# Encryption: https://example.com/pgp-key.txt
|
# Encryption: https://example.com/pgp-key.txt
|
||||||
# Encryption: dns:5d2d37ab76d47d36._openpgpkey.example.com?type=OPENPGPKEY
|
# Encryption: dns:5d2d37ab76d47d36._openpgpkey.example.com?type=OPENPGPKEY
|
||||||
# Encryption: openpgp4fpr:5f2de5521c63a801ab59ccb603d49de44b29100f
|
# Encryption: openpgp4fpr:5f2de5521c63a801ab59ccb603d49de44b29100f
|
||||||
${'httpd-e-smith'}{'SecurityEncryption'}||'none'}
|
${'httpd-e-smith'}{'SecurityEncryption'}||'openpgp4fpr:'}
|
||||||
|
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ Documentation=man:apachectl(8)
|
|||||||
Type=notify
|
Type=notify
|
||||||
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
|
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
|
||||||
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
|
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
|
||||||
ExecStartPre=-/sbin/e-smith/expand-template /var/www/html/.well-known/acme-challenge/security.txt
|
ExecStartPre=-/sbin/e-smith/expand-template /var/www/html/.well-known/security.txt
|
||||||
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
|
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
|
||||||
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
|
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
|
||||||
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful
|
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
|
|||||||
%define name smeserver-apache
|
%define name smeserver-apache
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
%define version 11.0.0
|
%define version 11.0.0
|
||||||
%define release 10
|
%define release 14
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: %{release}%{?dist}
|
Release: %{release}%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
@@ -74,7 +74,23 @@ if [ $1 -gt 1 ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
|
* Thu Feb 20 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
|
||||||
|
- load mod dav and dav_fs by default [SME: 2269]
|
||||||
|
- regroup multiple mod fragments in less fragments
|
||||||
|
|
||||||
|
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
|
||||||
|
- use esmith::ssl to set ciphers and protocol [SME: 12821]
|
||||||
|
improve cipher order to get strongers first
|
||||||
|
drop SSLv2
|
||||||
|
|
||||||
|
* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
|
||||||
|
- fix OCSP Stapling support [SME: 12819]
|
||||||
|
- fix .well-known/security.txt [SME: 12818]
|
||||||
|
- add X-Permitted-Cross-Domain-Policies header [SME: 12857]
|
||||||
|
- add Cross-Origin headers [SME: 12856]
|
||||||
|
- add Permissions-Policy header [SME: 12855]
|
||||||
|
|
||||||
|
* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
|
||||||
- add X-Content-Type-Options nosniff [SME: 12835]
|
- add X-Content-Type-Options nosniff [SME: 12835]
|
||||||
- add Strict Transport Security support HSTS [SME: 12815]
|
- add Strict Transport Security support HSTS [SME: 12815]
|
||||||
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
|
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
|
||||||
|
|||||||
Reference in New Issue
Block a user