[Eisfair] certs 1.6.1
Stefan Welte
post at stefan-welte.de
Di Apr 10 13:27:06 CEST 2018
Hallo Jürgen,
Am 09.04.2018 um 19:33 schrieb Juergen Edner:
> vielleicht sollten wir uns einmal bei Stefan auf dem Server
> aufschalten um nach der Fehlerursache zu forschen, so er diese
> Möglichkeit zulässt. Mit der aktuellen Ratestunde kommen wir
> ja nicht weiter.
ist mir nicht recht.
> Darüber hinaus würde ich erst einmal mit einer minimalen
> Webserver-Konfigurationsdatei beginnen bevor ich mich in
> VHost-Konfigurationen vertiefe und dann langsam steigern.
mit /etc/default.d/apache2 eine Minimalkonfiguration ohne vhost derzeit in Betrieb:
#------------------------------------------------------------------------------
# /etc/config.d/apache2 - configuration file for apache2
#
# Creation : 2006-07-31 schlotze
# Last Update: 2018-04-09 root
#
# Copyright (c) 2008-2010 Sebastian Scholze <sebastian at eisfair.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Start Apache2 Webserver during startup
#------------------------------------------------------------------------------
START_APACHE2='yes' # Start the Apache Webserver
# yes=ON / no=OFF (default)
#------------------------------------------------------------------------------
# General settings
#------------------------------------------------------------------------------
APACHE2_PORT='80' # TCP/IP port
APACHE2_SERVER_ADMIN='webmaster at foo.bar'
# Email address of webmaster
APACHE2_SERVER_NAME='www.weltes.goip.de'
# FQND of the server e.g.
# meineis.eisfair.net
APACHE2_SERVER_SIGNATURE='Email' # On/Off/Email
APACHE2_DOCUMENT_ROOT='/var/www/htdocs'
# Web root
#------------------------------------------------------------------------------
# Gerneral SSL Settings
#------------------------------------------------------------------------------
APACHE2_SSL='yes' # Start SSL-Engine?
APACHE2_SSL_PORT='443' # Port on which SSL should run
APACHE2_SSL_LOGDIR='/var/www/log/' # SSL error and access logfiles directory
# !!!DON'T FORGET TO APPEND A SLASH!!!
APACHE2_SSL_OSCP='no' # Use OSCP Stabling?
#------------------------------------------------------------------------------
# Special Settings
#------------------------------------------------------------------------------
APACHE2_DIRECTORY_INDEX='index.html index.htm'
# Default document
APACHE2_HOSTNAME_LOOKUPS='yes' # Resolve IPs in logfile?
APACHE2_VIEW_DIRECTORY_CONTENT='yes' # If there's no index.html view files in dir
APACHE2_ACCESS_CONTROL_TYPE_ALL='yes' # Default setting is yes. Access ist granted
# for all
APACHE2_ACCESS_CONTROL_TYPE_IP='no' # If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_ACCESS_CONTROL_TYPE_HOST='no' # If set to yes, access is controlled via
# HOSTNAME
APACHE2_ACCESS_CONTROL_TYPE_LOCAL='no' # If set to yes, only localhost has access
APACHE2_ACCESS_CONTROL_IP='192.168.6.1/24'
APACHE2_ACCESS_CONTROL_HOST='eis'
APACHE2_ENABLE_SSI='no' # Enable SSI 'yes' or 'no'
APACHE2_ENABLE_HTTP2='no' # Enable mod_http2 'yes' or 'no'
#------------------------------------------------------------------------------
# Error and Access Logs
#------------------------------------------------------------------------------
APACHE2_ERROR_LOG='/var/www/log/error_log'
# Error log file
APACHE2_ACCESS_LOG='/var/www/log/access_log'
# Access log file
#------------------------------------------------------------------------------
# Scrip Aliases [DON'T FORGET TO APPEND A SLASH (/) AFTER PATHNAMES!]
#------------------------------------------------------------------------------
APACHE2_SCRIPT_ALIAS='/cgi-bin/'
APACHE2_SCRIPT_DIR='/var/www/cgi-bin/' # Root where to put the CGIs in
#------------------------------------------------------------------------------
# Error Documents
#------------------------------------------------------------------------------
APACHE2_ERROR_DOCUMENT_N='0' # no. costum of Error Documents
APACHE2_ERROR_DOCUMENT_1_ERROR='404' # HTTP-Error number
APACHE2_ERROR_DOCUMENT_1_DOCUMENT='/404error.html'
# HTML-Document to view
#------------------------------------------------------------------------------
# Directory Settings + Aliases
#------------------------------------------------------------------------------
APACHE2_DIR_N='2' # No. of dirs
APACHE2_DIR_1_ACTIVE='yes' # Dir Active? yes/no
APACHE2_DIR_1_ALIAS='yes' # Create an alias?
APACHE2_DIR_1_ALIAS_NAME='/icons/' # Name of alias
APACHE2_DIR_1_PATH='/usr/local/apache2/icons/'
# Name of 1. dir
APACHE2_DIR_1_AUTH_NAME='' # Name of the area to protect
APACHE2_DIR_1_AUTH_TYPE='Basic' # Authentication type: Basic or Digest
APACHE2_DIR_1_AUTH_N='0' # No. of usernames
APACHE2_DIR_1_ACCESS_CONTROL_TYPE_ALL='yes'
# Default setting is yes. Access ist granted
# for all
APACHE2_DIR_1_ACCESS_CONTROL_TYPE_IP='no'
# If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_DIR_1_ACCESS_CONTROL_TYPE_HOST='no'
# If set to yes, access is controlled via
# HOSTNAME
APACHE2_DIR_1_ACCESS_CONTROL_TYPE_LOCAL='no'
# If set to yes, only localhost has access
APACHE2_DIR_1_ACCESS_CONTROL_IP='192.168.6.1/24'
APACHE2_DIR_1_ACCESS_CONTROL_HOST='eis'
APACHE2_DIR_1_CGI='none' # !NOT YES! Possibilities are: 'none' '.pl'
# '.cgi'
APACHE2_DIR_1_SSI='no' # Allow Server Side Includes?
APACHE2_DIR_1_VIEW_DIR_CONTENT='no' # View files in dir if no index.html
APACHE2_DIR_1_WEBDAV='no' # Enable WebDav
APACHE2_DIR_2_ACTIVE='no' # Dir Active? yes/no
APACHE2_DIR_2_ALIAS='no' # Create an alias?
APACHE2_DIR_2_ALIAS_NAME='' # Name of alias
APACHE2_DIR_2_PATH='/var/www/htdocs/geheim/'
# Name of 1. dir
APACHE2_DIR_2_AUTH_NAME='Members only!'
# Name of the area to protect
APACHE2_DIR_2_AUTH_TYPE='Basic' # Authentication type: Basic or Digest
APACHE2_DIR_2_AUTH_N='0' # No. of usernames
APACHE2_DIR_2_AUTH_1_USER='user' # User no. 1.
APACHE2_DIR_2_AUTH_1_PASS='secret' # Password for user 1.
APACHE2_DIR_2_ACCESS_CONTROL_TYPE_ALL='yes'
# Default setting is yes. Access ist granted
# for all
APACHE2_DIR_2_ACCESS_CONTROL_TYPE_IP='no'
# If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_DIR_2_ACCESS_CONTROL_TYPE_HOST='no'
# If set to yes, access is controlled via
# HOSTNAME
APACHE2_DIR_2_ACCESS_CONTROL_TYPE_LOCAL='no'
# If set to yes, only localhost has access
APACHE2_DIR_2_ACCESS_CONTROL_IP='192.168.6.1/24'
APACHE2_DIR_2_ACCESS_CONTROL_HOST='eis'
APACHE2_DIR_2_CGI='none' # !NOT YES! Possibilities are: 'none' '.pl'
# '.cgi'
APACHE2_DIR_2_SSI='no' # Allow Server Side Includes?
APACHE2_DIR_2_VIEW_DIR_CONTENT='no' # View files in dir if no index.html
APACHE2_DIR_2_WEBDAV='no' # Enable WebDav
#------------------------------------------------------------------------------
# Virtual Hosts
#------------------------------------------------------------------------------
APACHE2_VHOST_N='1' # no. of virtual hosts
APACHE2_VHOST_1_ACTIVE='no' # Should the VHost be active?
APACHE2_VHOST_1_IP='*' # '*' or ip address
APACHE2_VHOST_1_PORT='80' # Port
APACHE2_VHOST_1_SERVER_NAME='foo' # server name
APACHE2_VHOST_1_SERVER_ALIAS='*.foo' # server alias, may be empty
APACHE2_VHOST_1_SERVER_ADMIN='webmaster at foo.bar'
# email of webmaster
APACHE2_VHOST_1_DOCUMENT_ROOT='/var/www/foo/htdocs'
# document root
APACHE2_VHOST_1_SCRIPT_ALIAS='/cgi-bin/'
# script alias
APACHE2_VHOST_1_SCRIPT_DIR='/var/www/foo/cgi-bin/'
# directory to use
APACHE2_VHOST_1_ERROR_LOG='/var/www/log/foo_error_log'
# error log
APACHE2_VHOST_1_ACCESS_LOG='/var/www/log/foo_access_log'
# access log
APACHE2_VHOST_1_ACCESS_CONTROL_TYPE_ALL='yes'
# Default setting is yes. Access ist granted
# for all
APACHE2_VHOST_1_ACCESS_CONTROL_TYPE_IP='no'
# If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_VHOST_1_ACCESS_CONTROL_TYPE_HOST='no'
# If set to yes, access is controlled via
# HOSTNAME
APACHE2_VHOST_1_ACCESS_CONTROL_TYPE_LOCAL='no'
# If set to yes, only localhost has access
APACHE2_VHOST_1_ACCESS_CONTROL_IP='192.168.6.1/24'
APACHE2_VHOST_1_ACCESS_CONTROL_HOST='eis'
APACHE2_VHOST_1_VIEW_DIRECTORY_CONTENT='no'
APACHE2_VHOST_1_ENABLE_SSI='no'
APACHE2_VHOST_1_MOD_CACHE='no' # Enable mod_cache for current vhost
APACHE2_VHOST_1_DIR_N='1'
APACHE2_VHOST_1_DIR_1_ACTIVE='yes'
APACHE2_VHOST_1_DIR_1_ALIAS='no' # Create an alias?
APACHE2_VHOST_1_DIR_1_ALIAS_NAME='' # Name of alias
APACHE2_VHOST_1_DIR_1_PATH='/var/www/htdocs/geheim'
# Name of 1. dir
APACHE2_VHOST_1_DIR_1_AUTH_NAME='Members only!'
# Name of the area to protect
APACHE2_VHOST_1_DIR_1_AUTH_TYPE='Basic'
# Authentication type: Basic or Digest
APACHE2_VHOST_1_DIR_1_AUTH_N='0' # No. of usernames
APACHE2_VHOST_1_DIR_1_AUTH_1_USER='user'
APACHE2_VHOST_1_DIR_1_AUTH_1_PASS='secret'
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_TYPE_ALL='yes'
# Default setting is yes. Access ist granted
# for all
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_TYPE_IP='no'
# If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_TYPE_HOST='no'
# If set to yes, access is controlled via
# HOSTNAME
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_TYPE_LOCAL='no'
# If set to yes, only localhost has access
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_IP='192.168.6.1/24'
APACHE2_VHOST_1_DIR_1_ACCESS_CONTROL_HOST='eis'
APACHE2_VHOST_1_DIR_1_CGI='none' # !NOT YES! Possibilities are: 'none' '.pl'
# '.cgi'
APACHE2_VHOST_1_DIR_1_SSI='no' # Allow Server Side Includes?
APACHE2_VHOST_1_DIR_1_VIEW_DIR_CONTENT='no'
# View files in dir if no index.html
APACHE2_VHOST_1_DIR_1_WEBDAV='no' # Enable WebDav
APACHE2_VHOST_1_DIR_2_ACTIVE=''
APACHE2_VHOST_1_DIR_2_ALIAS='' # Create an alias?
APACHE2_VHOST_1_DIR_2_ALIAS_NAME='' # Name of alias
APACHE2_VHOST_1_DIR_2_PATH='' # Name of 1. dir
APACHE2_VHOST_1_DIR_2_AUTH_NAME='' # Name of the area to protect
APACHE2_VHOST_1_DIR_2_AUTH_TYPE='' # Authentication type: Basic or Digest
APACHE2_VHOST_1_DIR_2_AUTH_N='' # No. of usernames
APACHE2_VHOST_1_DIR_2_AUTH_1_USER=''
APACHE2_VHOST_1_DIR_2_AUTH_1_PASS=''
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_TYPE_ALL=''
# Default setting is yes. Access ist granted
# for all
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_TYPE_IP=''
# If set to yes, access is controlled via
# IPADDRESS and/or NETWORK
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_TYPE_HOST=''
# If set to yes, access is controlled via
# HOSTNAME
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_TYPE_LOCAL=''
# If set to yes, only localhost has access
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_IP=''
APACHE2_VHOST_1_DIR_2_ACCESS_CONTROL_HOST=''
APACHE2_VHOST_1_DIR_2_CGI='' # !NOT YES! Possibilities are: 'none' '.pl'
# '.cgi'
APACHE2_VHOST_1_DIR_2_SSI='' # Allow Server Side Includes?
APACHE2_VHOST_1_DIR_2_VIEW_DIR_CONTENT=''
# View files in dir if no index.html
APACHE2_VHOST_1_DIR_2_WEBDAV='' # Enable WebDav
APACHE2_VHOST_1_SSL='no' # activate SSL
APACHE2_VHOST_1_SSL_PORT='443' # activate SSL
APACHE2_VHOST_1_SSL_USESTS='no' # activate STS
APACHE2_VHOST_1_SSL_USESTS_SUBDOMAINS=''
# activate STS for subdomains
APACHE2_VHOST_1_SSL_FORCE='no' # redirect to https://
APACHE2_VHOST_1_SSL_CERT_NAME='apache' # Name of the cert.
#------------------------------------------------------------------------------
# Log-file handling
#------------------------------------------------------------------------------
APACHE2_LOG_LEVEL='warn' # warning level
APACHE2_LOG_COUNT='10' # number of log files to save
APACHE2_LOG_INTERVAL='weekly' # logrotate interval: daily, weekly, monthly
#------------------------------------------------------------------------------
# Settings for performance tuning
#------------------------------------------------------------------------------
APACHE2_MAX_KEEP_ALIVE_TIMEOUT='15'
APACHE2_MAX_KEEP_ALIVE_REQUESTS='100'
APACHE2_MAX_CLIENTS='250'
APACHE2_MAX_REQUESTS_PER_CHILD='10000'
#------------------------------------------------------------------------------
# Settings for apache modules
#------------------------------------------------------------------------------
APACHE2_MOD_CACHE='no' # Enable mod_cache for APACHE2_DOCUMENT_ROOT
APACHE2_MOD_COMPAT='yes' # Enable mod_compat for compatibility with
# old directives
#------------------------------------------------------------------------------
# Settings for Header
#------------------------------------------------------------------------------
APACHE2_HEADER_NOSNIFF='no' # Set X-Content-Type-Options nosniff
APACHE2_HEADER_XSSPROTECTION='no' # set X-Xss-Protection
APACHE2_HEADER_SAMEORIGIN='no' # X-Frame-Options SAMEORIGIN
#------------------------------------------------------------------------------
# End of Apache2 Configuraton
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# End
#------------------------------------------------------------------------------
aber leider identisches Problem mit https.
> Was mir gerade einfällt, wurde schon geprüft, ob der User
> _wwwwrun_ auf die zu verwendende Zertifikatsdatei lesend
> zugreifen kann. Vielleicht sind ja die Pfad- oder Datei-
> rechte nicht korrekt gesetzt?
als Nutzer wwwrun sind mit "cat" alle drei Dateien anzeigbar.
Stefan
Mehr Informationen über die Mailingliste Eisfair