From 28cd07d1a75c4e9dcaecac49efee0091f2fc62fa Mon Sep 17 00:00:00 2001
From: A. Täffner <darkalex@firesplash.de>
Date: Thu, 07 Apr 2016 05:30:49 -0400
Subject: [PATCH] Implemented a checkbox "enable DNSSEC" in DNS-Wizard. This Checkbox can be enabled or disabled by template.

---
 install/tpl/apache_ispconfig.vhost.master |   27 +++++++++++++++++++++++----
 1 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
index bf2fe9e..4503811 100644
--- a/install/tpl/apache_ispconfig.vhost.master
+++ b/install/tpl/apache_ispconfig.vhost.master
@@ -1,4 +1,3 @@
-
 ######################################################
 # This virtual host contains the configuration
 # for the ISPConfig controlpanel
@@ -20,7 +19,9 @@
     <Directory /var/www/ispconfig/>
       Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
       AllowOverride AuthConfig Indexes Limit Options FileInfo
-      AddHandler fcgid-script .php
+	  <FilesMatch "\.php$">
+		  SetHandler fcgid-script
+	  </FilesMatch>
       FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
       <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
 	  Require all granted
@@ -61,11 +62,30 @@
 
   # SSL Configuration
   <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
   <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
   <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
+  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+
+  <IfModule mod_headers.c>
+    Header always add Strict-Transport-Security "max-age=15768000"
+  </IfModule>
+
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling on
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors off
+</tmpl_if>
 </VirtualHost>
+
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+  <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
 
 <Directory /var/www/php-cgi-scripts>
     AllowOverride None
@@ -85,5 +105,4 @@
     Order Deny,Allow
     Deny from all
 	</tmpl_if>
-</Directory>
-
+</Directory>
\ No newline at end of file

--
Gitblit v1.9.1