adding ssl.conf and apache2.conf for Jessie

jessie/apache2.conf

@@ -0,0 +1,81 @@
+# AUTO GENERATED FILE
+# Modify template in /etc/alternc/templates/
+# and launch alternc.install if you want 
+# to modify this file.
+#
+# This module is loaded in /etc/apache/modules, and enabled by apache-modconf 
+# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
+
+# Define the default user and group for mpm-itk
+AssignUserId www-data www-data
+
+# Deny access to the root filesystem
+<Directory />
+  Options FollowSymLinks
+  AllowOverride None
+  Order allow,deny
+  Deny from all
+</Directory>
+#### End security parameters
+
+ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+<Directory "/usr/lib/cgi-bin">
+  AllowOverride None
+  Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+  Order allow,deny
+  Allow from all
+</Directory>
+
+
+<Directory /usr/share/alternc/panel/admin/>
+  Order allow,deny
+  Allow from all
+
+  php_admin_flag safe_mode_gid off
+  php_admin_flag safe_mode off
+  AddDefaultCharset UTF-8
+# open_basedir allows access to specifics directories. We need to grant access to these directories for alternc, awstats, mailman...
+  php_admin_value open_basedir /usr/share/alternc-mailman/patches/:/etc/alternc/:/run/alternc:/var/run/alternc/:/usr/share/alternc/panel/:%%ALTERNC_HTML%%/:/tmp:/usr/share/php/:/var/cache/alternc-webalizer/:/etc/locale.gen:%%ALTERNC_LOGS%%:/etc/awstats/:/var/log/alternc/:/var/lib/alternc/panel/
+
+</Directory>
+
+
+<Directory %%ALTERNC_HTML%% >
+  AllowOverride AuthConfig FileInfo Limit Options Indexes
+  Options -Indexes +Includes -FollowSymLinks +MultiViews +SymLinksIfOwnerMatch
+  Order allow,deny
+  Allow from all
+  php_admin_flag safe_mode_gid off
+  php_admin_flag safe_mode off
+  php_admin_flag enable_dl off
+
+  php_admin_value disable_functions chmod,chown,chgrp,link,symlink
+  php_admin_value safe_mode_exec_dir /usr/lib/alternc/safe_mode_exec_dir
+  php_admin_value disable_functions chgrp,link,symlink
+  php_admin_value sendmail_path /usr/lib/alternc/sendmail
+
+  # Default upload_tmp_dir is /tmp . Be carefull, this value MUST be surcharged
+  # by the vhost to be a directory INSIDE the home of the user. If you don't do
+  # that, ACLs could be "strange" or inexistent.
+  php_admin_value upload_tmp_dir /tmp 
+</Directory>
+
+<Directory /usr/share/phpmyadmin>
+  AllowOverride AuthConfig Options FileInfo Limit Indexes
+  Options Indexes Includes FollowSymLinks MultiViews
+  Order allow,deny
+  Allow from all
+</Directory>
+<Directory /usr/share/squirrelmail>
+  AllowOverride AuthConfig Options FileInfo Limit Indexes
+  Options Indexes Includes FollowSymLinks MultiViews
+  Order allow,deny
+  Allow from all
+</Directory>
+
+<VirtualHost *:80>
+  Include /etc/alternc/bureau.conf
+</VirtualHost>
+
+# Now we include all the generated configuration
+Include /var/lib/alternc/apache-vhost/vhosts_all.conf

jessie/patch.sh

@@ -15,3 +15,5 @@ popd
 cp vhost.conf ../etc/alternc/templates/apache2/
 cp bureau.conf ../etc/alternc/templates/alternc/
 cp alternc.install ../install/
+cp apache2.conf ../etc/alternc/templates/alternc/
+cp ssl.conf ../ssl/

jessie/ssl.conf

@@ -0,0 +1,91 @@
+# ############################################################################
+#           WARNING : this file is overwritten by alternc.install. 
+#        Edit /etc/alternc/templates/apache2/mods-available/ instead.
+# ############################################################################
+
+<IfModule mod_ssl.c>
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+#   (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache         dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+#SSLMutex  file:${APACHE_RUN_DIR}/ssl_mutex
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate. See the
+#   ciphers(1) man page from the openssl package for list of all available
+#   options.
+#   Enable only secure ciphers:
+#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM
+# Other possible ciphersuite (requires wheezy-version of apache2 at least)
+ #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
+
+#   Speed-optimized SSL Cipher configuration:
+#   If speed is your main concern (on busy HTTPS servers e.g.),
+#   you might want to force clients to specific, performance
+#   optimized ciphers. In this case, prepend those ciphers
+#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+#   Caveat: by giving precedence to RC4-SHA and AES128-SHA
+#   (as in the example below), most connections will no longer
+#   have perfect forward secrecy - if the server's key is
+#   compromised, captures of past or future traffic must be
+#   considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+SSLHonorCipherOrder on
+
+# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
+#SSLProtocol all -SSLv2
+SSLProtocol all -SSLv2 -SSLv3
+
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+SSLStrictSNIVHostCheck Off
+
+</IfModule>