[Fusionforge-commits] FusionForge branch feature/concurrent-ssh-http-for-scm updated. b886d7bcb29f9eb02be58c7362f66b0617dc83d7
Roland Mas
lolando at fusionforge.org
Fri Oct 17 11:49:40 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, feature/concurrent-ssh-http-for-scm has been updated
via b886d7bcb29f9eb02be58c7362f66b0617dc83d7 (commit)
from 5aa9253b3a6382b1b0ea3b2fea3cde9185af0edf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b886d7bcb29f9eb02be58c7362f66b0617dc83d7
Author: Roland Mas <lolando at debian.org>
Date: Fri Oct 17 11:49:34 2014 +0200
Generate (and use) a specific SSL certificate for the SCM host.
diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh
index 06ed0b2..58a854b 100755
--- a/src/post-install.d/web/web.sh
+++ b/src/post-install.d/web/web.sh
@@ -58,7 +58,8 @@ case "$1" in
echo "*** Note: please install $config_path/httpd.conf in your Apache configuration"
fi
- # Generate SSL cert if needed
+ # Generate SSL certs if needed
+ web_host=$(forge_get_config web_host)
cert=$config_path/ssl-cert.pem
key=$config_path/ssl-cert.key
if [ ! -e $key ] ; then
@@ -66,7 +67,13 @@ case "$1" in
chmod 600 $key
fi
if [ ! -e $cert ] ; then
- openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -out $cert
+ openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$web_host" -out $cert
+ fi
+
+ scm_host=$(forge_get_config scm_host)
+ scmcert=$config_path/ssl-cert-scm.pem
+ if [ ! -e $scmcert ] ; then
+ openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$scm_host" -out $scmcert
fi
# Setup Docman/FRS/Tracker attachments
diff --git a/src/templates/httpd.conf.d/20-vhosts-scm.conf b/src/templates/httpd.conf.d/20-vhosts-scm.conf
index 93396e9..7b7579b 100644
--- a/src/templates/httpd.conf.d/20-vhosts-scm.conf
+++ b/src/templates/httpd.conf.d/20-vhosts-scm.conf
@@ -15,5 +15,5 @@
Include {core/config_path}/httpd.conf.d/vhost-scm.inc
Include {core/config_path}/httpd.conf.d/block-trace.inc
Include {core/config_path}/httpd.conf.d/log.inc
- Include {core/config_path}/httpd.conf.d/ssl-on.inc
+ Include {core/config_path}/httpd.conf.d/ssl-on-scm.inc
</VirtualHost>
diff --git a/src/templates/httpd.conf.d/ssl-on-scm.inc b/src/templates/httpd.conf.d/ssl-on-scm.inc
new file mode 100644
index 0000000..0ae2322
--- /dev/null
+++ b/src/templates/httpd.conf.d/ssl-on-scm.inc
@@ -0,0 +1,25 @@
+# Not using IfModule: the name changes between distros
+# and user can disable SSL in ssl-on.inc
+#<IfModule mod_ssl.c>
+ SSLEngine on
+
+ SSLCertificateFile {core/config_path}/ssl-cert-scm.pem
+ SSLCertificateKeyFile {core/config_path}/ssl-cert.key
+ # Add extra SSL configuration (e.g. SSLCACertificatePath) here
+
+ <Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars
+ </Files>
+
+ <Directory "/usr/lib/cgi-bin">
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+#</IfModule>
+
+<IfModule apache_ssl.c>
+ SSLEnable
+
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</IfModule>
-----------------------------------------------------------------------
Summary of changes:
src/post-install.d/web/web.sh | 11 +++++++++--
src/templates/httpd.conf.d/20-vhosts-scm.conf | 2 +-
.../httpd.conf.d/{ssl-really-on.inc => ssl-on-scm.inc} | 2 +-
3 files changed, 11 insertions(+), 4 deletions(-)
copy src/templates/httpd.conf.d/{ssl-really-on.inc => ssl-on-scm.inc} (91%)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list