--- a/README Wed Jul 20 09:52:49 2011 +0200
+++ b/README Wed Jul 20 10:04:17 2011 +0200
@@ -25,6 +25,7 @@
[...]
+ # $EDITOR /etc/apache2/sites-available/ius-dav # see ssl-dav-vhost-apache-example.conf
# $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-admin-vhost-apache-example.conf
# htpasswd [-c] $PREFIX/etc/ius-dav-htpasswd/htpasswd.admin ius-dav-htpasswd-admin
# htpasswd -c $PREFIX/etc/ius-dav-htpasswd/htpasswd.dav ius-dav-htpasswd-master # when using a master user
--- a/TODO Wed Jul 20 09:52:49 2011 +0200
+++ b/TODO Wed Jul 20 10:04:17 2011 +0200
@@ -1,3 +1,5 @@
+* write documentation for installation on non vhost/without itk
+* check for presence of at least one configuration file?
* find a better name (passwd something?)
* dont hardcode configuration snippets
* move config snippets to /var or /srv?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ssl-dav-vhost-apache-example.conf Wed Jul 20 10:04:17 2011 +0200
@@ -0,0 +1,58 @@
+# replace $PREFIX (usually with /usr or /usr/local)
+<IfModule mod_ssl.c>
+# note that you will need a wildcard certificate if you want namebased virtual
+# hosts + ssl
+<VirtualHost *:443>
+
+ DocumentRoot "/path/to/dav-base-directory"
+ AssignUserId "ius-dav" "ius-dav"
+
+ ServerAdmin webmaster@localhost
+ ServerName ius-dav.domain.tld
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/ius-dav.domain.tld/ssl_access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem
+ SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+ # no access to the webdav base directory is required
+ <Directory "/path/to/dav-base-directory">
+ Order Deny,Allow
+ Deny from all
+ </Directory>
+ # /usr/local/etc/ius-dav-htpasswd or /etc/ius-dav-htpasswd for example
+ Include "/path/to/ius-dav-htpasswd-conf-dir/apache.d/*.conf"
+
+</VirtualHost>
+</IfModule>