commit 4cfd64960ebbaa7bf0b270c5ec87fb6a18fc3bb8
Author: Elan Ruusamäe <[email protected]>
Date: Sun Oct 29 02:35:23 2017 +0300
add ssl dir where to keep ssl related files
secure permission, to ensure files with weak permissions aren't
accessible
lighttpd.spec | 3 ++-
ssl.conf | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
---
diff --git a/lighttpd.spec b/lighttpd.spec
index 92b27d8..1d3fe35 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -1005,7 +1005,7 @@ export LIGHTTPD_TEST_PORT=$((2048 + RANDOM % 10))
%install
rm -rf $RPM_BUILD_ROOT
install -d
$RPM_BUILD_ROOT{%{_lighttpddir}/{cgi-bin,html},/etc/{logrotate.d,rc.d/init.d,sysconfig,monit}}
\
- $RPM_BUILD_ROOT%{_sysconfdir}/{conf,vhosts,webapps}.d \
+ $RPM_BUILD_ROOT%{_sysconfdir}/{{conf,vhosts,webapps}.d,ssl} \
$RPM_BUILD_ROOT{/var/log/{%{name},archive/%{name}},/var/run/%{name}} \
$RPM_BUILD_ROOT%{_datadir}/lighttpd/errordocs \
$RPM_BUILD_ROOT/var/lib/lighttpd \
@@ -1245,6 +1245,7 @@ fi
%dir %attr(750,root,root) %{_sysconfdir}/conf.d
%dir %attr(750,root,root) %{_sysconfdir}/vhosts.d
%dir %attr(750,root,root) %{_sysconfdir}/webapps.d
+%dir %attr(700,root,root) %{_sysconfdir}/ssl
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size)
%{_sysconfdir}/%{name}.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size)
%{_sysconfdir}/mime.types.conf
%attr(640,root,lighttpd) %config(noreplace) %verify(not md5 mtime size)
%{_sysconfdir}/*.user
diff --git a/ssl.conf b/ssl.conf
index 41564f5..c63822b 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -15,12 +15,12 @@ $SERVER["socket"] == ":443" {
# (Should contain both the private key and the certificate)
## If you have a .crt and a .key file, cat them together into a single
PEM file:
## $ cat lighttpd.key lighttpd.crt > lighttpd.pem
- ssl.pemfile = "/etc/lighttpd/server.pem"
+ ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
# ssl.ca-file: path to the CA file for support of chained certificates
-# ssl.ca-file = "/etc/certs/ca-certificates.crt"
+# ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
# for DH/DHE ciphers, dhparam should be >= 2048-bit
-# ssl.dh-file = "/path/to/dhparam.pem"
+# ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
# ssl.ec-curve = "secp384r1"
# Compression is by default off at compile-time, but use if needed
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/85a9ac3063e1b572e172696db5c7586feea11581
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
