maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Allow selecting new keysize, fixes #1594

Browse Source 
Prepare database and cron for HSTS, refs #1593
Added option to re-use key and CSR for Let's Encrypt

Signed-off-by: Florian Aders <eleras@froxlor.org>
This commit is contained in:
Florian Aders
2016-02-19 17:35:44 +01:00
parent e3a594f3e7
commit e621e02f92
18 changed files with 163 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/configfiles/gentoo.xml
View File

@@ -66,8 +66,8 @@
</file>
<file name="/etc/apache2/modules.d/80_acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Order allow,deny
Allow from all
</Directory>
@@ -96,8 +96,8 @@ Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/a
</file>
<file name="/etc/apache2/modules.d/80_acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Require all granted
</Directory>
]]>
@@ -126,6 +126,7 @@ server.modules = (
"mod_auth",
"mod_fastcgi",
"mod_cgi",
"mod_setenv",
"mod_accesslog"
)
@@ -168,7 +169,7 @@ fastcgi.server = (
)
)
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
]]>
</content>
@@ -265,7 +266,7 @@ fastcgi_param REDIRECT_STATUS 200;
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
alias {{settings.system.letsencryptchallengepath}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;

10
lib/configfiles/jessie.xml
View File

@@ -41,6 +41,7 @@
<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
<command><![CDATA[a2enmod headers]]></command>
</commands>
</general>
<!-- HTTP Apache -->
@@ -69,8 +70,8 @@
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Require all granted
</Directory>
]]>
@@ -89,6 +90,7 @@ server.modules = (
"mod_compress",
"mod_redirect",
"mod_rewrite",
"mod_setenv",
)
server.document-root = "/var/www"
@@ -107,7 +109,7 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
@@ -286,7 +288,7 @@ fastcgi_param REDIRECT_STATUS 200;
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
alias {{settings.system.letsencryptchallengepath}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;

10
lib/configfiles/precise.xml
View File

@@ -41,6 +41,7 @@
<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
<command><![CDATA[a2enmod headers]]></command>
</commands>
</general>
<!-- HTTP Apache -->
@@ -67,8 +68,8 @@
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Order allow,deny
Allow from all
</Directory>
@@ -97,6 +98,7 @@ server.modules = (
"mod_auth",
"mod_fastcgi",
"mod_cgi",
"mod_setenv",
"mod_accesslog"
)
@@ -136,7 +138,7 @@ fastcgi.server = (
)
)
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
#### external configuration files
## mimetype mapping
@@ -245,7 +247,7 @@ fastcgi_param REDIRECT_STATUS 200;
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
alias {{settings.system.letsencryptchallengepath}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;

5
lib/configfiles/rhel_centos.xml
View File

@@ -41,6 +41,7 @@
<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
<command><![CDATA[a2enmod headers]]></command>
</commands>
</general>
<!-- HTTP Apache -->
@@ -49,8 +50,8 @@
<include>//service[@type='http']/general/commands</include>
<file name="/etc/httpd/conf.d/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Require all granted
</Directory>
]]>

14
lib/configfiles/trusty.xml
View File

@@ -41,6 +41,7 @@
<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
<command><![CDATA[a2enmod headers]]></command>
</commands>
</general>
<!-- HTTP Apache -->
@@ -67,8 +68,8 @@
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Order Deny,Allow
Deny from All
</Directory>
@@ -97,8 +98,8 @@ Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/a
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Require all granted
</Directory>
]]>
@@ -126,6 +127,7 @@ server.modules = (
"mod_auth",
"mod_fastcgi",
"mod_cgi",
"mod_setenv",
"mod_accesslog"
)
@@ -165,7 +167,7 @@ fastcgi.server = (
)
)
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
#### external configuration files
## mimetype mapping
@@ -274,7 +276,7 @@ fastcgi_param REDIRECT_STATUS 200;
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
alias {{settings.system.letsencryptchallengepath}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;

14
lib/configfiles/wheezy.xml
View File

@@ -41,6 +41,7 @@
<content><![CDATA[mkdir -p {{settings.system.deactivateddocroot}}]]></content>
</command>
<command><![CDATA[a2dismod userdir]]></command>
<command><![CDATA[a2enmod headers]]></command>
</commands>
</general>
<!-- HTTP Apache -->
@@ -67,8 +68,8 @@
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Order Deny,Allow
Deny from All
</Directory>
@@ -97,8 +98,8 @@ Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/a
</file>
<file name="/etc/apache2/conf-enabled/acme.conf">
<content><![CDATA[
Alias "/.well-known/acme-challenge" "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge"
<Directory "/var/www/.well-known/acme-challenge">
Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge"
<Directory "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge">
Require all granted
</Directory>
]]>
@@ -116,6 +117,7 @@ server.modules = (
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite",
)
@@ -135,7 +137,7 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
alias.url += ("/.well-known/acme-challenge/" => "{{const.FROXLOR_INSTALL_DIR}}/.well-known/acme-challenge/")
alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/")
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
@@ -314,7 +316,7 @@ fastcgi_param REDIRECT_STATUS 200;
<file name="/etc/nginx/conf.d/acme.conf">
<content><![CDATA[
location /.well-known/acme-challenge {
alias {{const.FROXLOR_INSTALL_DIR}};
alias {{settings.system.letsencryptchallengepath}};
location ~ /.well-known/acme-challenge/(.*) {
default_type text/plain;