ansible/roles/keyserver/files/sks.conf
2015-12-01 18:40:25 +00:00

91 lines
3.8 KiB
Text

ServerName keys.fedoraproject.org
Listen 140.211.169.202:11371
NameVirtualHost *:443
<ifModule !mod_proxy.c>
LoadModule proxy_module modules/mod_proxy.so
</IfModule>
<IfModule !mod_proxy_http.c>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfModule>
<IfModule !mod_proxy_balancer.c>
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfModule>
<IfModule !mod_headers.c>
LoadModule headers_module modules/mod_headers.so
</IfModule>
<IfModule !mod_authz_host.c>
LoadModule authz_host_module modules/mod_authz_host.so
</IfModule>
<IfModule !mod_log_config.c>
LoadModule log_config_module modules/mod_log_config.so
</IfModule>
<IfModule !mod_env.c>
LoadModule env_module modules/mod_env.so
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<VirtualHost *:80>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</VirtualHost>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
ServerAlias keys02.fedoraproject.org
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
SSLEngine on
SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>
<VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName pool.sks-keyservers.net
ServerAlias sks-keyservers.net
ServerAlias *.sks-keyservers.net
SSLEngine on
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ProxyPass / http://localhost:11371/
ProxyPassReverse / http://localhost:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>
<VirtualHost *:11371>
ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
SetEnv proxy-nokeepalive 1
ProxyVia Full
</VirtualHost>