From 170365e0685a76ad2bbc36320a41f03f4f2b73db Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Sun, 6 Apr 2014 12:26:57 +0200 Subject: use SSL --- etc/apache2/sites-available/jenkins.debian.net | 17 ++++++++++++++++- etc/shorewall/rules | 2 +- update_jdn.sh | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net index d329c049..4b8aa586 100644 --- a/etc/apache2/sites-available/jenkins.debian.net +++ b/etc/apache2/sites-available/jenkins.debian.net @@ -1,5 +1,19 @@ +NameVirtualHost *:80 - ServerAdmin webmaster@localhost + ServerName jenkins.debian.net + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] + + +NameVirtualHost *:443 + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + ServerName jenkins.debian.net + ServerAdmin holger@layer-acht.org DocumentRoot /var/www @@ -19,6 +33,7 @@ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all + SSLOptions +StdEnvVars # allow certain params only from alioth (token is used to trigger builds) diff --git a/etc/shorewall/rules b/etc/shorewall/rules index 4b95dd6f..7e998cba 100644 --- a/etc/shorewall/rules +++ b/etc/shorewall/rules @@ -27,6 +27,6 @@ Ping(DROP) net $FW ACCEPT $FW net icmp # incoming http and ssh are allowed -ACCEPT net $FW tcp 80 +ACCEPT net $FW tcp 80,443 ACCEPT net $FW tcp 22 diff --git a/update_jdn.sh b/update_jdn.sh index a84d4248..270444c1 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -46,6 +46,7 @@ if [ ! -e /etc/apache2/mods-enabled/proxy.load ] ; then sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite + sudo a2enmod ssl fi sudo chown root.root /etc/sudoers.d/jenkins ; sudo chmod 700 /etc/sudoers.d/jenkins sudo ln -sf /etc/apache2/sites-available/jenkins.debian.net /etc/apache2/sites-enabled/000-default -- cgit v1.2.3-70-g09d2