# HG changeset patch # User IBBoard # Date 1467142602 -3600 # Node ID b35a9df52965d50856d65a2612fef73def360b89 # Parent 951cd2b66abd2ca86967a947680cf6341adfe389 Make sure that custom config comes before site configs diff -r 951cd2b66abd -r b35a9df52965 modules/website/files/zzz-0-custom.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/website/files/zzz-0-custom.conf Tue Jun 28 20:36:42 2016 +0100 @@ -0,0 +1,88 @@ +SSLProtocol ALL -SSLv2 -SSLv3 +SSLHonorCipherOrder On +SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS + +DirectoryIndex index.php index.html + +AddType image/x-icon .ico + +ExpiresActive On +ExpiresByType image/jpeg "access plus 2 weeks" +ExpiresByType image/gif "access plus 2 weeks" +ExpiresByType image/png "access plus 2 weeks" +ExpiresByType text/css "access plus 1 week" +ExpiresByType text/javascript "access plus 1 month" +ExpiresByType application/javascript "access plus 1 month" +ExpiresByType application/x-javascript "access plus 1 month" +ExpiresByType image/x-icon "access plus 1 month" + + + AddOutputFilterByType DEFLATE text/plain + AddOutputFilterByType DEFLATE text/html + AddOutputFilterByType DEFLATE text/xml + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE text/javascript + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/javascript + AddOutputFilterByType DEFLATE application/x-javascript + + +WSGISocketPrefix run/wsgi + +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 +SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + +KeepAlive On +KeepAliveTimeout 5 +MaxKeepAliveRequests 50 + +Header unset ETag +FileETag None + + + + + Order Allow,Deny + Deny from all + + = 2.4> + Require all denied + + + + + Order Deny,Allow + Allow from all + + = 2.4> + Require all granted + + + + + Order Allow,Deny + Deny from all + + = 2.4> + Require all denied + + + +# "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue + + header set X-Clacks-Overhead "GNU Terry Pratchett" + + + + + Require all denied + + + +ServerTokens Minor \ No newline at end of file diff -r 951cd2b66abd -r b35a9df52965 modules/website/files/zzz-custom.conf --- a/modules/website/files/zzz-custom.conf Sat Jun 04 14:08:19 2016 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,82 +0,0 @@ -SSLProtocol ALL -SSLv2 -SSLv3 -SSLHonorCipherOrder On -SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS - -DirectoryIndex index.php index.html - -AddType image/x-icon .ico - -ExpiresActive On -ExpiresByType image/jpeg "access plus 2 weeks" -ExpiresByType image/gif "access plus 2 weeks" -ExpiresByType image/png "access plus 2 weeks" -ExpiresByType text/css "access plus 1 week" -ExpiresByType text/javascript "access plus 1 month" -ExpiresByType application/javascript "access plus 1 month" -ExpiresByType application/x-javascript "access plus 1 month" -ExpiresByType image/x-icon "access plus 1 month" - - - AddOutputFilterByType DEFLATE text/plain - AddOutputFilterByType DEFLATE text/html - AddOutputFilterByType DEFLATE text/xml - AddOutputFilterByType DEFLATE text/css - AddOutputFilterByType DEFLATE text/javascript - AddOutputFilterByType DEFLATE application/xml - AddOutputFilterByType DEFLATE application/xhtml+xml - AddOutputFilterByType DEFLATE application/rss+xml - AddOutputFilterByType DEFLATE application/javascript - AddOutputFilterByType DEFLATE application/x-javascript - - -WSGISocketPrefix run/wsgi - -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 -SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown - -KeepAlive On -KeepAliveTimeout 5 -MaxKeepAliveRequests 50 - -Header unset ETag -FileETag None - - - - - Order Allow,Deny - Deny from all - - = 2.4> - Require all denied - - - - - Order Deny,Allow - Allow from all - - = 2.4> - Require all granted - - - - - Order Allow,Deny - Deny from all - - = 2.4> - Require all denied - - - -# "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue - - header set X-Clacks-Overhead "GNU Terry Pratchett" - - -ServerTokens Minor \ No newline at end of file diff -r 951cd2b66abd -r b35a9df52965 modules/website/manifests/init.pp --- a/modules/website/manifests/init.pp Sat Jun 04 14:08:19 2016 +0100 +++ b/modules/website/manifests/init.pp Tue Jun 28 20:36:42 2016 +0100 @@ -68,8 +68,12 @@ notify => Service['httpd']; } file { '/etc/httpd/conf.d/zzz-custom.conf': + ensure => absent, + notify => Service['httpd']; + } + file { '/etc/httpd/conf.d/zzz-0-custom.conf': ensure => present, - source => "puppet:///modules/website/zzz-custom.conf", + source => "puppet:///modules/website/zzz-0-custom.conf", notify => Service['httpd']; } file { '/etc/httpd/conf.d/php.conf':