Mercurial Mercurial > hg > ius > dav-htpasswd / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl-dav-vhost-apache-example.conf
branchfoerste
changeset 65 85a89053a279
parent 64 a14d0bfd2e21
equal deleted inserted replaced
64:a14d0bfd2e21 65:85a89053a279 
     1 # replace $PREFIX (usually with /usr or /usr/local)
 
       
     2 <IfModule mod_ssl.c>
 
       
     3 # note that you will need a wildcard certificate if you want namebased virtual
 
       
     4 # hosts + ssl
 
       
     5 <VirtualHost *:443>
 
       
     6 
       
     7 	DocumentRoot "/path/to/dav-base-directory"
 
       
     8 	AssignUserId "ius-dav" "ius-dav"
 
       
     9 
       
    10 	ServerAdmin webmaster@localhost
 
       
    11 	ServerName ius-dav.domain.tld
 
       
    12 	
       
    13 	ErrorLog /var/log/apache2/error.log
 
       
    14 	LogLevel warn
 
       
    15 	CustomLog /var/log/apache2/ius-dav.domain.tld/ssl_access.log combined
 
       
    16 
       
    17 	SSLEngine on
 
       
    18 	SSLCertificateFile    /etc/ssl/certs/wildcard-certificate.pem
 
       
    19 	SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem
 
       
    20 
       
    21 	#   SSL Protocol Adjustments:
 
       
    22 	#   The safe and default but still SSL/TLS standard compliant shutdown
 
       
    23 	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
 
       
    24 	#   the close notify alert from client. When you need a different shutdown
 
       
    25 	#   approach you can use one of the following variables:
 
       
    26 	#   o ssl-unclean-shutdown:
 
       
    27 	#     This forces an unclean shutdown when the connection is closed, i.e. no
 
       
    28 	#     SSL close notify alert is send or allowed to received.  This violates
 
       
    29 	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
 
       
    30 	#     this when you receive I/O errors because of the standard approach where
 
       
    31 	#     mod_ssl sends the close notify alert.
 
       
    32 	#   o ssl-accurate-shutdown:
 
       
    33 	#     This forces an accurate shutdown when the connection is closed, i.e. a
 
       
    34 	#     SSL close notify alert is send and mod_ssl waits for the close notify
 
       
    35 	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
 
       
    36 	#     practice often causes hanging connections with brain-dead browsers. Use
 
       
    37 	#     this only for browsers where you know that their SSL implementation
 
       
    38 	#     works correctly.
 
       
    39 	#   Notice: Most problems of broken clients are also related to the HTTP
 
       
    40 	#   keep-alive facility, so you usually additionally want to disable
 
       
    41 	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
 
       
    42 	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 
       
    43 	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 
       
    44 	#   "force-response-1.0" for this.
 
       
    45 	BrowserMatch ".*MSIE.*" \
 
       
    46 		nokeepalive ssl-unclean-shutdown \
 
       
    47 		downgrade-1.0 force-response-1.0
 
       
    48 
       
    49         # no access to the webdav base directory is required
 
       
    50         <Directory "/path/to/dav-base-directory">
 
       
    51                 Order Deny,Allow
 
       
    52                 Deny from all
 
       
    53         </Directory>
 
       
    54         # /usr/local/etc/ius-dav-htpasswd or /etc/ius-dav-htpasswd for example
 
       
    55         Include "/path/to/ius-dav-htpasswd-conf-dir/apache.d/*.conf"
 
       
    56 
       
    57 </VirtualHost>
 
       
    58 </IfModule>
ius/dav-htpasswd