Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Enable SNI for keys

Browse source
This commit is contained in:
Nick Bebout 2013-08-23 02:07:24 +00:00
parent 605866f5cc
commit 7ed979cbd4
2 changed files with 20 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
files/keyserver/sks.conf
View file

@ -1,5 +1,6 @@
ServerName keys.fedoraproject.org
Listen 80.239.156.219:11371
NameVirtualHost *:443
<ifModule !mod_proxy.c>
LoadModule proxy_module modules/mod_proxy.so
@ -36,16 +37,29 @@ Listen 80.239.156.219:11371
Deny from all
</Directory>
<IfModule mod_ssl.c>
#<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
ServerAlias keys01.fedoraproject.org
SSLEngine on
SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName pool.sks-keyservers.net
ServerAlias sks-keyservers.net
ServerAlias *.sks-keyservers.net
SSLEngine on
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
</VirtualHost>
<VirtualHost *:11371>
ServerAdmin sysadmin-keys-members@fedoraproject.org
@ -54,4 +68,4 @@ Listen 80.239.156.219:11371
ProxyPassReverse / http://127.0.0.1:11371/
SetEnv proxy-nokeepalive 1
</VirtualHost>
</IfModule>
#</IfModule>

4
files/keyserver/ssl.conf
View file

@ -75,8 +75,8 @@ SSLCryptoDevice builtin
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
# ProxyPass / http://localhost:11371/
# ProxyPassReverse / http://localhost:11371/
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel