From 29deff66d7dfad609e429a14ad6917b79de5de50 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 6 Jul 2010 00:06:32 +0200
Subject: improve vhosts / ssl stuff

- facter out ssl things in a seperate file
- introduce 1 vhost per file config
---
 files/conf.d/ssl.conf | 6 ++++++
 files/lighttpd.conf   | 2 ++
 2 files changed, 8 insertions(+)
 create mode 100644 files/conf.d/ssl.conf

(limited to 'files')

diff --git a/files/conf.d/ssl.conf b/files/conf.d/ssl.conf
new file mode 100644
index 0000000..291fce5
--- /dev/null
+++ b/files/conf.d/ssl.conf
@@ -0,0 +1,6 @@
+$SERVER["socket"] == ":443" {
+     ssl.engine             = "enable" 
+     ssl.pemfile            = "/etc/ssl/private/lighttpd.pem"
+     ssl.use-sslv2          = "disable"
+     ssl.cipher-list        = "HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH"
+}
diff --git a/files/lighttpd.conf b/files/lighttpd.conf
index 2e0b68e..c84faa8 100644
--- a/files/lighttpd.conf
+++ b/files/lighttpd.conf
@@ -324,4 +324,6 @@ server.groupname           = "lighttpd"
 
 ## include configuration snippets, usually provided by packages
 include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
+# include vhost snippets
+include_shell "find /etc/lighttpd/vhosts.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
 
-- 
cgit v1.2.3