From b1dfce5353c69bcb2d343b3bddf5b27182b288a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Such=C3=BD?= <msuchy@redhat.com>
Date: Wed, 15 Jan 2014 13:29:09 +0000
Subject: [PATCH] setup copr-be to use https

selfigned certs, not stored here.
It will be replaced in matter of days by properly signed certs, which we store in private repo
---
 files/copr/lighttpd/lighttpd.conf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/files/copr/lighttpd/lighttpd.conf b/files/copr/lighttpd/lighttpd.conf
index 4b89ba4cd9..e154917436 100644
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@@ -90,7 +90,7 @@ server.port = 80
 ##
 ## Use IPv6?
 ##
-server.use-ipv6 = "enable"
+server.use-ipv6 = "disable"
 
 ##
 ## bind to a specific IP
@@ -445,3 +445,11 @@ server.upload-dirs = ( "/var/tmp" )
 #include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
 ##
 #######################################################################
+
+$SERVER["socket"] == ":443" {
+  ssl.engine = "enable"
+  ssl.pemfile = "/etc/lighttpd/copr-be.pem"
+  ssl.ca-file = "/etc/lighttpd/copr-be.crt"
+  ssl.disable-client-renegotiation = "enable"
+  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+}