diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2011-03-12 17:06:56 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2011-03-12 17:06:56 -0500 |
commit | 962c3f572905f3266b77b414eeb86880899ea03a (patch) | |
tree | c2ee1d7df18ba9d33f8185114676197d9660b9f9 /config/apache_mod_security | |
parent | 6ef4b499789533aafb87b94b090dd9812a74ab3d (diff) | |
download | pfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.tar.gz pfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.tar.bz2 pfsense-packages-962c3f572905f3266b77b414eeb86880899ea03a.zip |
Adding patch from Matthew J Dovey for site proxy, certificatefiles and HTTPS cert options
Diffstat (limited to 'config/apache_mod_security')
-rw-r--r-- | config/apache_mod_security/apache_mod_security.inc | 22 | ||||
-rw-r--r-- | config/apache_mod_security/apache_mod_security.xml | 36 |
2 files changed, 58 insertions, 0 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index f89c7ed1..1349ab8c 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -279,6 +279,10 @@ EOF; $local_ip_port = $global_listen; // Do not add entries twice. if(!in_array($local_ip_port, $processed)) { + // explicit bind if not global ip:port + if ($local_ip_port != $global_listen) { + $mod_proxy .= "Listen $local_ip_port\n"; + } $mod_proxy .= "NameVirtualHost $local_ip_port\n"; $processed[] = $local_ip_port; } @@ -337,8 +341,26 @@ EOF; $backend_sites = " balancer://{$sitename}\n"; $sitename = ""; // we are not using sitename in this case } + // Set SSL items + if($ams['siteurl']) + $siteurl = $ams['siteurl']; + if($ams['certificatefile']) + $certificatefile = $ams['certificatefile']; + if($ams['certificatekeyfile']) + $certificatekeyfile = $ams['certificatekeyfile']; + if($ams['certificatechainfile']) + $certificatechainfile = $ams['certificatechainfile']; // Begin VirtualHost $mod_proxy .= "\n<VirtualHost {$local_ip_port}>\n"; + if($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) { + $mod_proxy .= " SSLEngine on\n"; + if ($certificatefile) + $mod_proxy .= " SSLCertificateFile /usr/local/etc/apache22/$certificatefile\n"; + if ($certificatekeyfile) + $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/apache22/$certificatekeyfile\n"; + if ($certificatechainfile) + $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/apache22/$certificatechainfile\n"; + } if($additionalsitehostnames) $mod_proxy .= " ServerAlias $additionalsitehostnames\n"; if($serveradmin) diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index ef56609b..f2cba156 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -134,6 +134,42 @@ <type>input</type> </field> <field> + <fielddescr>Certificate File</fielddescr> + <fieldname>certificatefile</fieldname> + <description> + <![CDATA[ + Name of certificate file under /usr/local/apache22/etc/<br/> + (required if Protocol is https) + ]]> + </description> + <size>40</size> + <type>input</type> + </field> + <field> + <fielddescr>Certificate Key File</fielddescr> + <fieldname>certificatekeyfile</fieldname> + <description> + <![CDATA[ + Name of certificate key file under /usr/local/apache22/etc/<br/> + (required if Protocol is https) + ]]> + </description> + <size>40</size> + <type>input</type> + </field> + <field> + <fielddescr>Certificate Chain File</fielddescr> + <fieldname>certificatechainfile</fieldname> + <description> + <![CDATA[ + Name of certificate chain file under /usr/local/apache22/etc/<br/> + (not required) + ]]> + </description> + <size>40</size> + <type>input</type> + </field> + <field> <fielddescr>Preserve Proxy hostname</fielddescr> <fieldname>preserveproxyhostname</fieldname> <description> |