diff options
author | Holger Levsen <holger@layer-acht.org> | 2014-04-06 12:26:57 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2014-04-06 12:26:57 +0200 |
commit | 170365e0685a76ad2bbc36320a41f03f4f2b73db (patch) | |
tree | a3e29d7329147386002dab80fa70a4f239fed736 | |
parent | 15291316104221dadf044451e01e6f43ab333517 (diff) | |
download | jenkins.debian.net-170365e0685a76ad2bbc36320a41f03f4f2b73db.tar.xz |
use SSL
-rw-r--r-- | etc/apache2/sites-available/jenkins.debian.net | 17 | ||||
-rw-r--r-- | etc/shorewall/rules | 2 | ||||
-rwxr-xr-x | update_jdn.sh | 1 |
3 files changed, 18 insertions, 2 deletions
diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net index d329c049..4b8aa586 100644 --- a/etc/apache2/sites-available/jenkins.debian.net +++ b/etc/apache2/sites-available/jenkins.debian.net @@ -1,5 +1,19 @@ +NameVirtualHost *:80 <VirtualHost *:80> - ServerAdmin webmaster@localhost + ServerName jenkins.debian.net + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] +</VirtualHost> + +NameVirtualHost *:443 +<VirtualHost *:443> + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + ServerName jenkins.debian.net + ServerAdmin holger@layer-acht.org DocumentRoot /var/www <Directory /> @@ -19,6 +33,7 @@ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all + SSLOptions +StdEnvVars </Directory> # allow certain params only from alioth (token is used to trigger builds) diff --git a/etc/shorewall/rules b/etc/shorewall/rules index 4b95dd6f..7e998cba 100644 --- a/etc/shorewall/rules +++ b/etc/shorewall/rules @@ -27,6 +27,6 @@ Ping(DROP) net $FW ACCEPT $FW net icmp # incoming http and ssh are allowed -ACCEPT net $FW tcp 80 +ACCEPT net $FW tcp 80,443 ACCEPT net $FW tcp 22 diff --git a/update_jdn.sh b/update_jdn.sh index a84d4248..270444c1 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -46,6 +46,7 @@ if [ ! -e /etc/apache2/mods-enabled/proxy.load ] ; then sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite + sudo a2enmod ssl fi sudo chown root.root /etc/sudoers.d/jenkins ; sudo chmod 700 /etc/sudoers.d/jenkins sudo ln -sf /etc/apache2/sites-available/jenkins.debian.net /etc/apache2/sites-enabled/000-default |