Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Finish SSL changes for sks

Browse source
This commit is contained in:
Nick Bebout 2014-10-21 00:07:37 +00:00
parent 585752e8cb
commit 499ab100c9
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/keyserver/files/sks.conf
View file

@ -48,13 +48,15 @@ NameVirtualHost *:443
<VirtualHost *:443> <VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org ServerName keys.fedoraproject.org
ServerAlias keys01.fedoraproject.org ServerAlias keys02.fedoraproject.org
SSLEngine on SSLEngine on
SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ProxyPass / http://localhost:11371/ ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/ ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1 SetEnv proxy-nokeepalive 1
@ -70,6 +72,8 @@ NameVirtualHost *:443
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ProxyPass / http://localhost:11371/ ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/ ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1 SetEnv proxy-nokeepalive 1