Univention Bugzilla – Attachment 10122 Details for
Bug 49844
apache2/hsts setting is not used in univention-letsencrypt.conf
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (git:fbest/49844-hsts)
49844.patch (text/plain), 1.88 KB, created by
Florian Best
on 2019-07-16 09:53:47 CEST
(
hide
)
Description:
patch (git:fbest/49844-hsts)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2019-07-16 09:53:47 CEST
Size:
1.88 KB
patch
obsolete
>commit e59a915d528ff8dce44105a5ec573f2e001ee1e8 >Author: Florian Best <best@univention.de> >Date: Tue Jul 16 09:52:51 2019 +0200 > > Bug #49844: add HSTS to letsencrypt virtual hosts > >diff --git a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf b/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf >index 00c61a4..36e55d8 100644 >--- a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf >+++ b/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf >@@ -27,6 +27,11 @@ except AttributeError as e: > domains = [] > > if configRegistry.is_true('letsencrypt/services/apache2'): >+ try: >+ with open('/etc/univention/templates/files/etc/apache2/sites-available/ssl.d/10hsts') as fd: >+ hsts = run_filter(fd.read(), configRegistry) >+ except IOERror: >+ hsts = '' > for domain in domains: > if domain == fqdn: > continue >@@ -51,12 +56,14 @@ if configRegistry.is_true('letsencrypt/services/apache2'): > SSLCertificateKeyFile {key} > > {docker_apps_reverse_proxy} >+ {hsts} > > </VirtualHost>""".format( > domain=domain, > cert=cert_path, > key=key_path, >- docker_apps_reverse_proxy = docker_apps_reverse_proxy >+ docker_apps_reverse_proxy=docker_apps_reverse_proxy, >+ hsts=hsts, > )) > @!@ > </IfModule> >diff --git a/univention-letsencrypt/debian/control b/univention-letsencrypt/debian/control >index fe64e36..22c46f8 100644 >--- a/univention-letsencrypt/debian/control >+++ b/univention-letsencrypt/debian/control >@@ -10,7 +10,7 @@ Build-Depends: debhelper (>> 7), > > Package: univention-letsencrypt > Architecture: all >-Depends: python, univention-config >+Depends: python, univention-config, univention-apache > Recommends: apache2 > Description: univention-letsencrypt - automatically request SSL certificates > This package contains acme_tiny.py for semi-automatic request of SSL
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10122">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49844
: 10122