You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2020/12/16 18:54:19 UTC

[myfaces-tobago] branch master updated: enable https for tobago-vm.apache.org

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git


The following commit(s) were added to refs/heads/master by this push:
     new ef098c1  enable https for tobago-vm.apache.org
ef098c1 is described below

commit ef098c14836cb88e495a48589a2b9808238cd3ec
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Wed Dec 16 19:51:43 2020 +0100

    enable https for tobago-vm.apache.org
---
 .../tobago-vm/docker/apache-proxy/000-default.conf |  8 ++++----
 .../{000-default.conf => 001-ssl.conf}             | 22 ++++++++++++++--------
 .../main/tobago-vm/docker/apache-proxy/Dockerfile  | 15 ++++++++-------
 .../src/main/tobago-vm/docker/docker-compose.yml   |  2 +-
 4 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf
index 608b956..71a36d6 100644
--- a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf
+++ b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf
@@ -20,11 +20,11 @@ ServerName tobago-vm.apache.org
 
 <VirtualHost *:80>
 
-	ServerName tobago-vm.apache.org
-	ServerAdmin dev@myfaces.apache.org
+  ServerName tobago-vm.apache.org
+  ServerAdmin dev@myfaces.apache.org
 
-	ErrorLog ${APACHE_LOG_DIR}/error.log
-	CustomLog ${APACHE_LOG_DIR}/access.log combined
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
 
 # Permanent external links:
   Redirect temp /intro.html             /demo-4-release/content/10-intro/intro.xhtml
diff --git a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/001-ssl.conf
similarity index 88%
copy from tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf
copy to tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/001-ssl.conf
index 608b956..456c0a2 100644
--- a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/000-default.conf
+++ b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/001-ssl.conf
@@ -13,18 +13,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ServerTokens ProductOnly
-ServerSignature Off
+MDCertificateAgreement accepted
+MDomain tobago-vm.apache.org
 
-ServerName tobago-vm.apache.org
+<VirtualHost *:443>
 
-<VirtualHost *:80>
+  ServerName tobago-vm.apache.org
+  ServerAdmin dev@myfaces.apache.org
 
-	ServerName tobago-vm.apache.org
-	ServerAdmin dev@myfaces.apache.org
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
 
-	ErrorLog ${APACHE_LOG_DIR}/error.log
-	CustomLog ${APACHE_LOG_DIR}/access.log combined
+  SSLEngine on
+  # no certificates specification
+  SSLProtocol +TLSv1.2 +TLSv1.3
+  SSLHonorCipherOrder on
+  SSLCipherSuite 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+
+  Protocols h2 http/1.1 acme-tls/1
 
 # Permanent external links:
   Redirect temp /intro.html             /demo-4-release/content/10-intro/intro.xhtml
diff --git a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/Dockerfile b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/Dockerfile
index 55d561e..5336410 100644
--- a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/Dockerfile
+++ b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/apache-proxy/Dockerfile
@@ -15,16 +15,18 @@
 
 FROM debian:buster-slim
 
+RUN echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/buster-backports.list
+
 RUN apt-get update \
  && apt-get upgrade -y \
- && apt-get install -y less vim apache2 \
+ && apt-get install -y less vim \
+ && apt-get install -y -t buster-backports apache2 \
  && apt-get clean \
- && rm -rf /var/lib/apt/lists/* \
- && a2enmod proxy proxy_http
+ && rm -rf /var/lib/apt/lists/*
+
+RUN a2enmod proxy proxy_http ssl md
 
-# todo: SSL
-#COPY 000-default.conf 001-ssl.conf /etc/apache2/sites-enabled/
-COPY 000-default.conf /etc/apache2/sites-enabled/
+COPY 000-default.conf 001-ssl.conf /etc/apache2/sites-enabled/
 COPY *.html /var/www/html/
 COPY *.css *.css.map /var/www/html/
 
@@ -39,4 +41,3 @@ RUN mkdir -p ${APACHE_RUN_DIR} ${APACHE_LOG_DIR}
 EXPOSE 80
 
 CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
-
diff --git a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/docker-compose.yml b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/docker-compose.yml
index 40d7a9a..f916e12 100644
--- a/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/docker-compose.yml
+++ b/tobago-example/tobago-example-demo/src/main/tobago-vm/docker/docker-compose.yml
@@ -19,7 +19,7 @@ services:
     build: apache-proxy
     ports:
       - "80:80"
-# todo     - "443:443"
+      - "443:443"
     logging:
       options:
         max-size: "1m"