diff options
| -rw-r--r-- | apache2/conf.d/local-git.conf | 27 | ||||
| -rw-r--r-- | apache2/conf.d/local-ikiwiki-multilang.conf | 7 | ||||
| -rw-r--r-- | apache2/conf.d/local-ikiwiki.conf | 8 | ||||
| -rw-r--r-- | apache2/conf.d/local-ssl.conf | 16 | ||||
| -rwxr-xr-x | postfix/postfix.sh | 8 |
5 files changed, 48 insertions, 18 deletions
diff --git a/apache2/conf.d/local-git.conf b/apache2/conf.d/local-git.conf index 04d79bb..2140bc2 100644 --- a/apache2/conf.d/local-git.conf +++ b/apache2/conf.d/local-git.conf @@ -1,8 +1,29 @@ AddDefaultCharset UTF-8 -Alias /gitweb.css /var/www/gitweb.css -Alias /git-favicon.png /var/www/git-favicon.png -Alias /git-logo.png /var/www/git-logo.png +<Directory /srv/git> + Options FollowSymLinks + AllowOverride None + Order allow,deny + allow from all +</Directory> + +<Directory /usr/lib/cgi-bin> + Options ExecCgi + AllowOverride None + Order allow,deny + allow from all +</Directory> + +Alias /gitweb.css /usr/share/gitweb/gitweb.css +Alias /git-favicon.png /usr/share/gitweb/git-favicon.png +Alias /git-logo.png /usr/share/gitweb/git-logo.png + +<Directory /usr/share/gitweb> + Options None + AllowOverride None + Order allow,deny + allow from all +</Directory> RewriteEngine on RewriteRule ^/(\?.*)?$ /usr/lib/cgi-bin/gitweb.cgi%{REQUEST_URI} [T=application/x-httpd-cgi,L,NS] diff --git a/apache2/conf.d/local-ikiwiki-multilang.conf b/apache2/conf.d/local-ikiwiki-multilang.conf new file mode 100644 index 0000000..086d653 --- /dev/null +++ b/apache2/conf.d/local-ikiwiki-multilang.conf @@ -0,0 +1,7 @@ +<Location /> + Options -Indexes +MultiViews + DirectoryIndex index +</Location> +AddLanguage da .da + +AddDefaultCharset UTF-8 diff --git a/apache2/conf.d/local-ikiwiki.conf b/apache2/conf.d/local-ikiwiki.conf index 6c7b73e..987e434 100644 --- a/apache2/conf.d/local-ikiwiki.conf +++ b/apache2/conf.d/local-ikiwiki.conf @@ -1,10 +1,6 @@ <Location /> - Options -Indexes +MultiViews - DirectoryIndex index + Options None + DirectoryIndex index.html </Location> -AddLanguage da .da AddDefaultCharset UTF-8 - -RewriteEngine On -RewriteRule ^((.*/)?[^\.]+)(\.html|/)$ $1.da.html [R] diff --git a/apache2/conf.d/local-ssl.conf b/apache2/conf.d/local-ssl.conf index 4665362..4e1de50 100644 --- a/apache2/conf.d/local-ssl.conf +++ b/apache2/conf.d/local-ssl.conf @@ -1,17 +1,23 @@ SSLEngine on SSLCertificateFile /etc/ssl/certs/apache2.pem SSLCertificateKeyFile /etc/ssl/private/apache2.pem -SSLCACertificatePath /etc/ssl/certs -#SSLCARevocationPath /etc/apache2/ssl.crl +SSLCACertificatePath /etc/ssl/certs/ +#SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + #SSLVerifyClient require #SSLVerifyDepth 10 -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars -</Files> -<Directory "/usr/lib/cgi-bin"> +</FilesMatch> +<Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> +BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + #CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 1b728f9..2b923e0 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -69,7 +69,7 @@ dkimproxy= if [ "1" = "$amavis" ] && [ -x /usr/bin/dkimsign ]; then dkimproxy=1 else - echo >&2 "WARNING: Avoiding/disabling DKIMproxy setup: not installed or fully configured." + echo >&2 "WARNING: Avoiding/disabling DKIMproxy setup: not installed." fi catfilefromownrealm() { @@ -222,9 +222,9 @@ if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then $postconf -c "$tempdir" -e 'smtpd_tls_CApath = /etc/ssl/certs' $postconf -c "$tempdir" -e 'lmtp_tls_CApath = /etc/ssl/certs' $postconf -c "$tempdir" -e 'smtpd_tls_key_file = /etc/ssl/private/postfix.pem' - $postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache' + $postconf -c "$tempdir" -e 'smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache' $postconf -c "$tempdir" -e 'smtpd_tls_session_cache_timeout = 3600s' - $postconf -c "$tempdir" -e 'tls_random_exchange_name = ${queue_directory}/prng_exch' + $postconf -c "$tempdir" -e 'tls_random_exchange_name = ${data_directory}/prng_exch' $postconf -c "$tempdir" -e 'smtpd_tls_auth_only = yes' $postconf -c "$tempdir" -e 'smtpd_sasl_auth_enable = no' # SASL is enabled explicitly with TLS transport $postconf -c "$tempdir" -e 'smtpd_sasl_security_options = noanonymous' @@ -248,7 +248,7 @@ if [ -n "$sasl2" ] && [ -n "$sslcert" ]; then $postconf -c "$tempdir" -e 'smtp_use_tls = yes' $postconf -c "$tempdir" -e 'smtp_tls_CApath = /etc/ssl/certs' $postconf -c "$tempdir" -e 'smtp_tls_note_starttls_offer = no' # Enable to collect info for smtp_tls_per_site option - $postconf -c "$tempdir" -e 'smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache' + $postconf -c "$tempdir" -e 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache' # Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic) $postconf -c "$tempdir" -e 'smtpd_tls_ask_ccert = no' # Force using TLS for peers |