summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2014-04-06 12:26:57 +0200
committerHolger Levsen <holger@layer-acht.org>2014-04-06 12:26:57 +0200
commit170365e0685a76ad2bbc36320a41f03f4f2b73db (patch)
treea3e29d7329147386002dab80fa70a4f239fed736
parent15291316104221dadf044451e01e6f43ab333517 (diff)
downloadjenkins.debian.net-170365e0685a76ad2bbc36320a41f03f4f2b73db.tar.xz
use SSL
-rw-r--r--etc/apache2/sites-available/jenkins.debian.net17
-rw-r--r--etc/shorewall/rules2
-rwxr-xr-xupdate_jdn.sh1
3 files changed, 18 insertions, 2 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net
index d329c049..4b8aa586 100644
--- a/etc/apache2/sites-available/jenkins.debian.net
+++ b/etc/apache2/sites-available/jenkins.debian.net
@@ -1,5 +1,19 @@
+NameVirtualHost *:80
<VirtualHost *:80>
- ServerAdmin webmaster@localhost
+ ServerName jenkins.debian.net
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+NameVirtualHost *:443
+<VirtualHost *:443>
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ ServerName jenkins.debian.net
+ ServerAdmin holger@layer-acht.org
DocumentRoot /var/www
<Directory />
@@ -19,6 +33,7 @@
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
+ SSLOptions +StdEnvVars
</Directory>
# allow certain params only from alioth (token is used to trigger builds)
diff --git a/etc/shorewall/rules b/etc/shorewall/rules
index 4b95dd6f..7e998cba 100644
--- a/etc/shorewall/rules
+++ b/etc/shorewall/rules
@@ -27,6 +27,6 @@ Ping(DROP) net $FW
ACCEPT $FW net icmp
# incoming http and ssh are allowed
-ACCEPT net $FW tcp 80
+ACCEPT net $FW tcp 80,443
ACCEPT net $FW tcp 22
diff --git a/update_jdn.sh b/update_jdn.sh
index a84d4248..270444c1 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -46,6 +46,7 @@ if [ ! -e /etc/apache2/mods-enabled/proxy.load ] ; then
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
+ sudo a2enmod ssl
fi
sudo chown root.root /etc/sudoers.d/jenkins ; sudo chmod 700 /etc/sudoers.d/jenkins
sudo ln -sf /etc/apache2/sites-available/jenkins.debian.net /etc/apache2/sites-enabled/000-default