Add cgit role - git webfrontend

author: Christian Franke <nobody@nowhere.ws> 2015-08-28 15:38:36 +0200
committer: Christian Franke <nobody@nowhere.ws> 2015-08-28 15:38:36 +0200
commit: 1eb35a1e69d9a9f3f43340b9ea46d95bb2c1a0e8 (patch)
tree: c2f50624ccf38999896e66c9f270a96ee4cbb5cb /roles/cgit/templates/ssl.conf.j2
parent: 6474bb9964d8a57b050e597a451fa40a3e5148f0 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/roles/cgit/templates/ssl.conf.j2 b/roles/cgit/templates/ssl.conf.j2
new file mode 100644
index 0000000..c6b8fe3
--- /dev/null
+++ b/roles/cgit/templates/ssl.conf.j2
@@ -0,0 +1,20 @@
+SSLEngine		On
+
+SSLCertificateChainFile	/etc/apache2/sites/{{ git_server_name }}/ssl/chain.pem
+SSLCertificateFile	/etc/apache2/sites/{{ git_server_name }}/ssl/cert.pem
+SSLCertificateKeyFile	/etc/apache2/sites/{{ git_server_name }}/ssl/key.pem
+
+SSLEngine On
+SSLHonorCipherOrder on
+SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+SSLCompression off
+
+#Header always set Strict-Transport-Security "max-age=15984000"
+
+SSLOptions		StdEnvVars
+
+BrowserMatch "MSIE [2-6]" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
author	Christian Franke <nobody@nowhere.ws>	2015-08-28 15:38:36 +0200
committer	Christian Franke <nobody@nowhere.ws>	2015-08-28 15:38:36 +0200
commit	1eb35a1e69d9a9f3f43340b9ea46d95bb2c1a0e8 (patch)
tree	c2f50624ccf38999896e66c9f270a96ee4cbb5cb /roles/cgit/templates/ssl.conf.j2
parent	6474bb9964d8a57b050e597a451fa40a3e5148f0 (diff)