diff -r a14d0bfd2e21 -r 85a89053a279 ssl-admin-vhost-apache-example.conf --- a/ssl-admin-vhost-apache-example.conf Tue Jul 15 15:39:57 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,63 +0,0 @@ -# replace $PREFIX (usually with /usr or /usr/local) - -# note that you will need a wildcard certificate if you want namebased virtual -# hosts + ssl - - - DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin" - AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd" - - ServerAdmin webmaster@localhost - ServerName ius-dav-htpasswd.domain.tld - - ErrorLog /var/log/apache2/error.log - LogLevel warn - CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem - SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - - # local cgi scripts - - Order Deny,Allow - Deny from all - Allow from 127.0.0.0/8 - AuthType "Basic" - AuthName "ius-dav-htpasswd" - AuthUserFile "/path/to/ius-dav-admin-htpasswd" - Require valid-user - Options +ExecCGI - SetHandler cgi-script - - - -