You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2021/04/08 10:13:35 UTC
svn commit: r1888512 - /spamassassin/trunk/build/automc/apache2-le-ssl.conf
Author: hege
Date: Thu Apr 8 10:13:35 2021
New Revision: 1888512
URL: http://svn.apache.org/viewvc?rev=1888512&view=rev
Log:
Update sa-vm apache conf
Modified:
spamassassin/trunk/build/automc/apache2-le-ssl.conf
Modified: spamassassin/trunk/build/automc/apache2-le-ssl.conf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/build/automc/apache2-le-ssl.conf?rev=1888512&r1=1888511&r2=1888512&view=diff
==============================================================================
--- spamassassin/trunk/build/automc/apache2-le-ssl.conf (original)
+++ spamassassin/trunk/build/automc/apache2-le-ssl.conf Thu Apr 8 10:13:35 2021
@@ -15,8 +15,13 @@ SSLStaplingCache "shmcb:/var/log/apache2
ErrorLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-error.log
CustomLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-access.log combined
+ DocumentRoot /var/www/ruleqa.spamassassin.org
+ ServerAdmin webmaster@spamassassin.org
+
RewriteEngine On
RewriteCond %{HTTPS} !=on
+ RewriteCond %{REMOTE_ADDR} !^(?:127\.0\.0\.1|10\..*)$
+ RewriteCond %{REQUEST_URI} !=/robots.txt
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
@@ -37,9 +42,15 @@ SSLStaplingCache "shmcb:/var/log/apache2
SSLCertificateKeyFile /etc/letsencrypt/live/spamassassin.org/privkey.pem
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1f&hsts=false&guideline=5.4
# intermediate configuration
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- SSLHonorCipherOrder off
+ #SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ #SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ #SSLHonorCipherOrder off
+ #SSLSessionTickets off
+ #SSLUseStapling On
+ # old configuration
+ SSLProtocol all -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
+ SSLHonorCipherOrder on
SSLSessionTickets off
SSLUseStapling On
@@ -98,3 +109,89 @@ SSLStaplingCache "shmcb:/var/log/apache2
</VirtualHost>
</IfModule>
+#
+# spamassassin.org -> spamassassin.apache.org redirects
+#
+
+<VirtualHost *:80>
+ ServerName spamassassin.org
+ ServerAlias www.spamassassin.org
+
+ ErrorLog ${APACHE_LOG_DIR}/spamassassin.org-error.log
+ CustomLog ${APACHE_LOG_DIR}/spamassassin.org-access.log combined
+
+ RewriteEngine On
+ RewriteRule ^ https://spamassassin.apache.org/ [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName spamassassin.org
+ ServerAlias www.spamassassin.org
+
+ ErrorLog ${APACHE_LOG_DIR}/spamassassin.org-error.log
+ CustomLog ${APACHE_LOG_DIR}/spamassassin.org-access.log combined
+
+ RewriteEngine On
+ RewriteRule ^ https://spamassassin.apache.org/ [R,L]
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/spamassassin.org/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/spamassassin.org/privkey.pem
+ # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1f&hsts=false&guideline=5.4
+ # intermediate configuration
+ #SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ #SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ #SSLHonorCipherOrder off
+ #SSLSessionTickets off
+ #SSLUseStapling On
+ # old configuration
+ SSLProtocol all -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
+ SSLHonorCipherOrder on
+ SSLSessionTickets off
+ SSLUseStapling On
+
+</VirtualHost>
+
+#
+# wiki.spamassassin.org -> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/
+#
+
+<VirtualHost *:80>
+ ServerName wiki.spamassassin.org
+
+ ErrorLog ${APACHE_LOG_DIR}/wiki.spamassassin.org-error.log
+ CustomLog ${APACHE_LOG_DIR}/wiki.spamassassin.org-access.log combined
+
+ RewriteEngine On
+ RewriteRule ^ https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName wiki.spamassassin.org
+
+ ErrorLog ${APACHE_LOG_DIR}/wiki.spamassassin.org-error.log
+ CustomLog ${APACHE_LOG_DIR}/wiki.spamassassin.org-access.log combined
+
+ RewriteEngine On
+ RewriteRule ^ https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ [R,L]
+
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/spamassassin.org/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/spamassassin.org/privkey.pem
+ # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1f&hsts=false&guideline=5.4
+ # intermediate configuration
+ #SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ #SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ #SSLHonorCipherOrder off
+ #SSLSessionTickets off
+ #SSLUseStapling On
+ # old configuration
+ SSLProtocol all -SSLv3
+ SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
+ SSLHonorCipherOrder on
+ SSLSessionTickets off
+ SSLUseStapling On
+
+</VirtualHost>
+