# HG changeset patch # User Matthias Förste # Date 1311000253 -7200 # Node ID c988058104dd502ecbd5614d7a64c1792c2e2548 # Parent 10c4e30a62afa556e937d42bdd86783212b69c0b added README and ssl vhost sample configuration diff -r 10c4e30a62af -r c988058104dd README --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/README Mon Jul 18 16:44:13 2011 +0200 @@ -0,0 +1,31 @@ +Installation (on debian): + + * install dependencies + # perl ./Build.PL && ./Build equivs + # dpkg -i libius-dav-htpasswd-perl-deps_*_all.deb + # aptitude install + # aptitude install apache2-mpm-itk sudo + + * preinst + # mkdir -p $PREFIX/lib/ius-dav-htpasswd + # useradd -d $PREFIX/lib/ius-dav-htpasswd -m -r -U -s /bin/true ius-dav-htpasswd + # passwd -l ius-dav-htpasswd + + * installation + + # perl ./Build.PL && ./Build test && ./Build install + + # visudo + + [...] + + ius-dav-htpasswd debian-lenny = (root) NOPASSWD: $PREFIX/bin/ius-dav-htuseradd, $PREFIX/bin/ius-dav-htuserdel + + [...] + + # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-vhost-apache-example.conf + # htpasswd [-c] $PREFIX/etc/ius-dav-htpasswd/htpasswd.admin ius-dav-htpasswd-admin + # htpasswd -c $PREFIX/etc/ius-dav-htpasswd/htpasswd.dav ius-dav-htpasswd-master # when using a master user + + # ln -s /usr/local/bin/ius-dav-htuserexpiry /etc/cron.daily/ + diff -r 10c4e30a62af -r c988058104dd ssl-vhost-apache-example.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ssl-vhost-apache-example.conf Mon Jul 18 16:44:13 2011 +0200 @@ -0,0 +1,62 @@ +# replace $PREFIX (usually with /usr or /usr/local) + +# note that you will need a wildcard certificate if you want namebased virtual +# hosts + ssl + + + DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin" + AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd" + + ServerAdmin webmaster@localhost + ServerName ius-dav-htpasswd.domain.tld + + ErrorLog /var/log/apache2/error.log + LogLevel warn + CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem + SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + # local cgi scripts + + Order Deny,Allow + Deny from all + Allow from 127.0.0.0/8 + AuthType "Basic" + AuthName "ius-dav-htpasswd" + AuthUserFile "/path/to/ius-dav-admin-htpasswd" + Require valid-user + SetHandler cgi-script + + + +