Skip to content

Commit d4b75bc

Browse files
author
Marius Burkard
committed
Merge branch 'Patch_Updating_ISPConfig_interface_vhost_SSL_options' into 'stable-3.1'
 Patch updating isp config interface vhost ssl options Based on the mozilla SSL config generator https://mozilla.github.io/server-side-tls/ssl-config-generator/ See merge request !330
2 parents d192349 + 473f061 commit d4b75bc

File tree

1 file changed

+48
-38
lines changed

1 file changed

+48
-38
lines changed

install/tpl/apache_ispconfig.vhost.master

Lines changed: 48 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -8,101 +8,111 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
88

99
<VirtualHost _default_:<tmpl_var name="vhost_port">>
1010
ServerAdmin webmaster@localhost
11-
11+
1212
<FilesMatch "\.ph(p3?|tml)$">
1313
SetHandler None
1414
</FilesMatch>
15-
15+
1616
<IfModule mod_fcgid.c>
1717
DocumentRoot /var/www/ispconfig/
1818
SuexecUserGroup ispconfig ispconfig
1919
<Directory /var/www/ispconfig/>
2020
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
2121
AllowOverride AuthConfig Indexes Limit Options FileInfo
22-
<FilesMatch "\.php$">
23-
SetHandler fcgid-script
24-
</FilesMatch>
22+
<FilesMatch "\.php$">
23+
SetHandler fcgid-script
24+
</FilesMatch>
2525
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
2626
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
27-
Require all granted
28-
<tmpl_else>
27+
Require all granted
28+
<tmpl_else>
2929
Order allow,deny
3030
Allow from all
31-
</tmpl_if>
31+
</tmpl_if>
3232
</Directory>
3333
IPCCommTimeout 7200
34-
MaxRequestLen 15728640
34+
MaxRequestLen 15728640
3535
</IfModule>
36-
36+
3737
<IfModule mpm_itk_module>
3838
DocumentRoot /usr/local/ispconfig/interface/web/
39-
AssignUserId ispconfig ispconfig
39+
AssignUserId ispconfig ispconfig
4040
AddType application/x-httpd-php .php
4141
<Directory /usr/local/ispconfig/interface/web>
4242
# php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
4343
Options +FollowSymLinks
4444
AllowOverride None
4545
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
46-
Require all granted
47-
<tmpl_else>
46+
Require all granted
47+
<tmpl_else>
4848
Order allow,deny
4949
Allow from all
50-
</tmpl_if>
51-
php_value magic_quotes_gpc 0
50+
</tmpl_if>
51+
php_value magic_quotes_gpc 0
5252
</Directory>
5353
</IfModule>
54-
54+
5555
# ErrorLog /var/log/apache2/error.log
5656
# CustomLog /var/log/apache2/access.log combined
5757
ServerSignature Off
58-
58+
5959
<IfModule mod_security2.c>
6060
SecRuleEngine Off
6161
</IfModule>
6262

6363
# SSL Configuration
6464
<tmpl_var name="ssl_comment">SSLEngine On
65+
<tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
66+
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv3
67+
<tmpl_else>
6568
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
69+
</tmpl_if>
6670
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
6771
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
6872
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
6973

70-
<tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
74+
<tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
7175
<tmpl_var name="ssl_comment">SSLHonorCipherOrder On
76+
<tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
77+
<tmpl_var name="ssl_comment">SSLCompression Off
78+
</tmpl_if>
79+
<tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
80+
<tmpl_var name="ssl_comment">SSLSessionTickets Off
81+
</tmpl_if>
7282

7383
<IfModule mod_headers.c>
7484
Header always add Strict-Transport-Security "max-age=15768000"
7585
</IfModule>
7686

77-
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
78-
<tmpl_var name="ssl_comment">SSLUseStapling on
87+
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
88+
<tmpl_var name="ssl_comment">SSLUseStapling On
7989
<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
80-
<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
81-
</tmpl_if>
90+
<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
91+
</tmpl_if>
8292
</VirtualHost>
8393

84-
<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
94+
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
8595
<IfModule mod_ssl.c>
8696
<tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
8797
</IfModule>
8898
</tmpl_if>
8999

90100
<Directory /var/www/php-cgi-scripts>
91-
AllowOverride None
92-
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
93-
Require all denied
94-
<tmpl_else>
95-
Order Deny,Allow
96-
Deny from all
97-
</tmpl_if>
101+
AllowOverride None
102+
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
103+
Require all denied
104+
<tmpl_else>
105+
Order Deny,Allow
106+
Deny from all
107+
</tmpl_if>
98108
</Directory>
99109

100110
<Directory /var/www/php-fcgi-scripts>
101-
AllowOverride None
102-
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
103-
Require all denied
104-
<tmpl_else>
105-
Order Deny,Allow
106-
Deny from all
107-
</tmpl_if>
108-
</Directory>
111+
AllowOverride None
112+
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
113+
Require all denied
114+
<tmpl_else>
115+
Order Deny,Allow
116+
Deny from all
117+
</tmpl_if>
118+
</Directory>

0 commit comments

Comments
 (0)