From a2be5db483c8c8b07c119b91add10783e6cf113c Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 17 May 2018 00:51:29 +0200 Subject: [PATCH] Further adjustment for initiativenserver. --- install_mailman.sh | 82 +++++++--------------------------------------- 1 file changed, 11 insertions(+), 71 deletions(-) diff --git a/install_mailman.sh b/install_mailman.sh index 2c02a4f..5e8101f 100755 --- a/install_mailman.sh +++ b/install_mailman.sh @@ -21,6 +21,13 @@ _REQUIRED_DEB_PACKAGES="python python-dev python-dnspython" _DOMAINS="lists.aktionsbuendnis-brandenburg.de|83.223.86.117|2a01:30:0:13:2c5:48ff:feee:f21d|/usr/local/apache2/conf/vhosts lists.initiativenserver.de|83.223.86.117|2a01:30:0:13:2c5:48ff:feee:f21d|/usr/local/apache2/conf/vhosts" + +_SSL_CERT_AKTIONSBUENDNIS="/var/lib/dehydrated/certs/lists.aktionsbuendnis-brandenburg.de/fullchain.pem" +_SSL_KEY_AKTIONSBUENDNIS="/var/lib/dehydrated/certs/lists.aktionsbuendnis-brandenburg.de/privkey.pem" + +_SSL_CERT_INITIATIVENSERVER="/var/lib/dehydrated/certs/lists.initiativenserver.de/fullchain.pem" +_SSL_KEY_INITIATIVENSERVER="/var/lib/dehydrated/certs/lists.initiativenserver.de/privkey.pem" + ## - ## - Ende: Default values @@ -1321,7 +1328,7 @@ for domain in $WEBSERVER_DOMAINS ; do # -- $hostname -- # - + ServerAdmin $WEBSERVER_ADMIN_EMAIL @@ -1333,7 +1340,7 @@ for domain in $WEBSERVER_DOMAINS ; do - + ServerAdmin $WEBSERVER_ADMIN_EMAIL @@ -1362,76 +1369,9 @@ for domain in $WEBSERVER_DOMAINS ; do SSLEngine on - ## - don't support weak ciphers - SSLProtocol ALL -SSLv2 - SSLHonorCipherOrder On - SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH - #SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA:HIGH:!MD5:!aNULL:!EDH - SSLCertificateFile /usr/local/apache2/conf/lists.aktionsbuendnis-brandenburg.crt - SSLCertificateKeyFile /usr/local/apache2/conf/lists.aktionsbuendnis-brandenburg.key - SSLCertificateChainFile /usr/local/apache2/conf/SSL123_CA_Bundle.pem - - ErrorLog /var/log/apache2/$hostname-error.log - CustomLog /var/log/apache2/$hostname-access.log combined - - - - -## ------ -## - IPv6 -## ------ - - - - ServerAdmin $WEBSERVER_ADMIN_EMAIL - - ServerName $hostname - - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] - - - - - - ServerAdmin $WEBSERVER_ADMIN_EMAIL - - ServerName $hostname - - RewriteEngine on - RewriteCond %{HTTPS} =on - RewriteRule ^/$ https://%{SERVER_NAME}/mailman/listinfo [R=301,L] - - - AddDefaultCharset Off - - - Alias /pipermail/ $_link/archives/public/ - - Alias /icons/ $_link/icons/ - - $_allow_from - - - ScriptAlias /mailman/ $_link/cgi-bin/ - - Options ExecCGI - $_allow_from - - - SSLEngine on - - ## - don't support weak ciphers - SSLProtocol ALL -SSLv2 - SSLHonorCipherOrder On - SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH - #SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA:HIGH:!MD5:!aNULL:!EDH - - SSLCertificateFile /usr/local/apache2/conf/lists.aktionsbuendnis-brandenburg.crt - SSLCertificateKeyFile /usr/local/apache2/conf/lists.aktionsbuendnis-brandenburg.key - SSLCertificateChainFile /usr/local/apache2/conf/SSL123_CA_Bundle.pem + SSLCertificateFile $_SSL_CERT_AKTIONSBUENDNIS + SSLCertificateKeyFile $_SSL_KEY_AKTIONSBUENDNIS ErrorLog /var/log/apache2/$hostname-error.log CustomLog /var/log/apache2/$hostname-access.log combined