WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-12 10:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a8cb95ecaf94de7a9e2a46432e91ccaa57909574
fedora-infra_ansible/roles/keyserver/templates/sks.conf
Patrick Uiterwijk f1dd7a7432 Unify all ssl cipher suite configurations 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-08-31 19:28:26 +00:00

92 lines
2.8 KiB
Plaintext
Raw Blame History

ServerName keys.fedoraproject.org
Listen 140.211.169.202:11371
NameVirtualHost *:443
<ifModule !mod_proxy.c>
LoadModule proxy_module modules/mod_proxy.so
</IfModule>
<IfModule !mod_proxy_http.c>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfModule>
<IfModule !mod_proxy_balancer.c>
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfModule>
<IfModule !mod_headers.c>
LoadModule headers_module modules/mod_headers.so
</IfModule>
<IfModule !mod_authz_host.c>
LoadModule authz_host_module modules/mod_authz_host.so
</IfModule>
<IfModule !mod_log_config.c>
LoadModule log_config_module modules/mod_log_config.so
</IfModule>
<IfModule !mod_env.c>
LoadModule env_module modules/mod_env.so
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<VirtualHost *:80>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</VirtualHost>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
ServerAlias keys02.fedoraproject.org
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
SSLEngine on
SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName pool.sks-keyservers.net
ServerAlias sks-keyservers.net
ServerAlias *.sks-keyservers.net
SSLEngine on
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
SSLProtocol {{ ssl_protocols }}
SSLCipherSuite {{ ssl_ciphers }}
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>
<VirtualHost *:11371>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink