summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-10-19tighten conf snippet local-securityheaders to always set Referrer-Policy ↵Jonas Smedegaard
Content-Security-Policy Permissions-Policy (not only on success)
2020-10-19fix set (not add) HSTS headerJonas Smedegaard
2020-10-19rename conf snippet local-ssl to local-tlsJonas Smedegaard
2020-10-19set HSTS header in conf snippet local-securityheaders (not local-ssl), and ↵Jonas Smedegaard
enable preload unless _NO_HSTS_PRELOAD is set
2020-10-18add hack for mods snippet sslJonas Smedegaard
2020-10-18add snippet local-securityheadersJonas Smedegaard
2020-10-17modernize mods snippet deflate to cover text/javascriptJonas Smedegaard
2020-10-17fix use tabs in mods snippet deflate diffJonas Smedegaard
2020-10-17fix use tabs in mods snippet deflateJonas Smedegaard
2020-10-17modernize mods snippet deflate, and extend to cover application/wasmJonas Smedegaard
2020-10-17modernize mods snippet gnutls; drop outdated conf.d snippet local-gnutlsJonas Smedegaard
2020-10-17move conf snippet local-multilang to conf-available from conf.dJonas Smedegaard
2020-10-13fix undefine all defined variablesJonas Smedegaard
2020-10-12disable OCSP stapling with mod_gnutls unless explicitly enabled with ↵Jonas Smedegaard
variable _OCSP_RESPONSE, and provide cron script to prefetch files for _OCSP_RESPONSE
2020-10-12fix define dummy _TLS_HOST _default_ for vhost snippet 0_defaultJonas Smedegaard
2020-10-11have apache2 example vhost snippets include snippet local-ssl from ↵Jonas Smedegaard
conf-available, and drop obsolete snippet conf.d/local-ssl.conf
2020-10-11drop apache2 snippet local-log-origin, and streamline log options for sample ↵Jonas Smedegaard
vhosts
2020-10-11fix separate default vhost 0_default from (new) example vhost ↵Jonas Smedegaard
zzz_wrong.example.com
2020-10-11fix syntax errorJonas Smedegaard
2020-10-11fix syntax errorJonas Smedegaard
2020-10-11fix syntax errorsJonas Smedegaard
2020-10-11enable HSTS by defaultJonas Smedegaard
2020-10-11ensure TLS settings are applied only when both wanted and possibleJonas Smedegaard
2020-10-11fix load default https site _after_ http site (otherwise all http sites will ↵Jonas Smedegaard
be TLS encrypted)
2020-10-11fix add extension .conf to apache2 site snippetsJonas Smedegaard
2020-10-11use mod_gnutls when available (not mod_ssl)Jonas Smedegaard
2020-10-11drop obsolete and unused optionsJonas Smedegaard
2020-10-11use optional variables _HOST _TLSHOST _TLS_CERT_CHAIN _TLS_KEY, and if ↵Jonas Smedegaard
either are set then enable options SSLCertificateFile SSLCertificateKeyFile
2020-10-11modernize to use pyzor ping (not pyzor discover)Jonas Smedegaard
2020-10-11fix TLS_CHAIN_FILES file extensionJonas Smedegaard
2020-10-11modernize to use TLS_CHAIN_FILES (not TLS_CERT TLS_KEY)Jonas Smedegaard
2020-10-11supersede TLS_CERT TLS_KEY by redpill config mailhostJonas Smedegaard
2020-10-11tidy: rename internal supported-feature variablesJonas Smedegaard
2020-10-11tidy: resolve redpill config paths before supported featuresJonas Smedegaard
2020-10-11generalize overridable variables $AMAVIS_MAXPROC $DKIMPROXY_MAXPROC_OUTJonas Smedegaard
2020-10-10update coverageJonas Smedegaard
2020-10-10support quoted string in function getperlvarfromfile()Jonas Smedegaard
2020-10-10tidy: use read -r (to please shellcheck)Jonas Smedegaard
2020-10-10tidy: disambiguate non-array variableJonas Smedegaard
2020-10-10fix use printf (not non-posix echo -n)Jonas Smedegaard
2020-10-10support overridable variable $FORCEJonas Smedegaard
2020-10-10tidy: avoid useless use of cat, and wrap some long linesJonas Smedegaard
2020-10-10tidy: explicitly escape non-shell postconf variablesJonas Smedegaard
2020-10-10fix quote variables, and drop unneeded quotesJonas Smedegaard
2020-10-10tidy: avoid deprecated backtick subshellJonas Smedegaard
2020-10-10generalize variable $thisrealm, and improve uppercasingJonas Smedegaard
2020-10-10generalize overridable variables $REDPILL $REALMJonas Smedegaard
2020-10-10generalize overridable variables $TLS_CERT $TLS_KEYJonas Smedegaard
2020-10-10fix provide TLS certificate for outbound opportunistic encryption only when ↵Jonas Smedegaard
available
2020-10-09reload/restart postfix with command service (not invoke-rc.d)Jonas Smedegaard