--- a/README Wed Jul 20 09:45:58 2011 +0200
+++ b/README Wed Jul 20 09:52:49 2011 +0200
@@ -25,7 +25,7 @@
[...]
- # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-vhost-apache-example.conf
+ # $EDITOR /etc/apache2/sites-available/ius-dav-htpasswd # see ssl-admin-vhost-apache-example.conf
# htpasswd [-c] $PREFIX/etc/ius-dav-htpasswd/htpasswd.admin ius-dav-htpasswd-admin
# htpasswd -c $PREFIX/etc/ius-dav-htpasswd/htpasswd.dav ius-dav-htpasswd-master # when using a master user
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ssl-admin-vhost-apache-example.conf Wed Jul 20 09:52:49 2011 +0200
@@ -0,0 +1,62 @@
+# replace $PREFIX (usually with /usr or /usr/local)
+<IfModule mod_ssl.c>
+# note that you will need a wildcard certificate if you want namebased virtual
+# hosts + ssl
+<VirtualHost *:443>
+
+ DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin"
+ AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd"
+
+ ServerAdmin webmaster@localhost
+ ServerName ius-dav-htpasswd.domain.tld
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem
+ SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+ # local cgi scripts
+ <Directory "$PREFIX/lib/ius-dav-htpasswd/cgi-bin">
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.0/8
+ AuthType "Basic"
+ AuthName "ius-dav-htpasswd"
+ AuthUserFile "/path/to/ius-dav-admin-htpasswd"
+ Require valid-user
+ SetHandler cgi-script
+ </Directory>
+
+</VirtualHost>
+</IfModule>
--- a/ssl-vhost-apache-example.conf Wed Jul 20 09:45:58 2011 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-# replace $PREFIX (usually with /usr or /usr/local)
-<IfModule mod_ssl.c>
-# note that you will need a wildcard certificate if you want namebased virtual
-# hosts + ssl
-<VirtualHost *:443>
-
- DocumentRoot "$PREFIX/lib/ius-dav-htpasswd/cgi-bin"
- AssignUserId "ius-dav-htpasswd" "ius-dav-htpasswd"
-
- ServerAdmin webmaster@localhost
- ServerName ius-dav-htpasswd.domain.tld
-
- ErrorLog /var/log/apache2/error.log
- LogLevel warn
- CustomLog /var/log/apache2/ius-dav-htpasswd.domain.tld/ssl_access.log combined
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/wildcard-certificate.pem
- SSLCertificateKeyFile /etc/ssl/private/key-for-wildcard-certificate.pem
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch ".*MSIE.*" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
- # local cgi scripts
- <Directory "$PREFIX/lib/ius-dav-htpasswd/cgi-bin">
- Order Deny,Allow
- Deny from all
- Allow from 127.0.0.0/8
- AuthType "Basic"
- AuthName "ius-dav-htpasswd"
- AuthUserFile "/path/to/ius-dav-admin-htpasswd"
- Require valid-user
- SetHandler cgi-script
- </Directory>
-
-</VirtualHost>
-</IfModule>