Commit Graph

595 Commits

Author SHA1 Message Date
Stephen Gallagher
2038991f8c Handle edge-cases in gencerts
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
2017-10-03 10:04:03 +01:00
Joe Orton
140992d5b1 Fix conditional. 2017-10-03 10:04:03 +01:00
Joe Orton
1f4f47bb29 Ignore more. 2017-10-03 10:04:03 +01:00
Joe Orton
41a6265259 Remove condition on localhost-ca.crt, tweak description. 2017-10-03 10:04:03 +01:00
Joe Orton
74a4babeac Fix MPM defaults if building on RHEL, fix touch -r for 00-mpm.conf. 2017-10-03 10:04:03 +01:00
Stephen Gallagher
76ede692d8 Require sscg 2.2.0 for creating service and CA certificates together
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-03 10:04:03 +01:00
Jeroen van Meeuwen (Ergo Project)
b20eb97391 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-10-03 10:04:03 +01:00
Joe Orton
45393c8877 use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
2017-10-03 10:04:03 +01:00
Stephen Gallagher
f0c4143d98 Generate SSL keys on service start
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-03 10:04:03 +01:00
Joe Orton
e5ce62e7b4 httpd.service(5) update: show how to ungracefully stop/restart 2017-10-03 10:03:22 +01:00
Joe Orton
5c1fc79a5a Update links to Fedora home page. 2017-10-03 10:03:22 +01:00
Joe Orton
8b3e8259a7 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-10-03 10:03:22 +01:00
Joe Orton
abf387add2 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-10-03 10:03:22 +01:00
Joe Orton
6d96e6a193 add notes on enabling httpd_graceful_shutdown boolean for prefork 2017-10-03 09:16:29 +01:00
Joe Orton
d31ea66d9d drop Requires(post) for mod_ssl 2017-09-22 16:20:54 +01:00
Joe Orton
962c800331 better error handling in httpd-ssl-gencerts (#1494556)
Resolves: rhbz#1494556
2017-09-22 15:48:42 +01:00
Stephen Gallagher
eec4cf442f
Handle edge-cases in gencerts
Make sure that we exit with success if the files already exist and
that we exit with failure and a message if only one or the other
is present.
2017-09-22 10:37:53 -04:00
Joe Orton
c094ba4827 Fix conditional. 2017-09-22 08:06:39 +01:00
Joe Orton
5ec11c5a4f Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/httpd 2017-09-22 08:05:04 +01:00
Joe Orton
ad89c85e8b Ignore more. 2017-09-22 08:04:57 +01:00
Joe Orton
87cc93ad96 Remove condition on localhost-ca.crt, tweak description. 2017-09-22 08:04:10 +01:00
Joe Orton
ccd2dc5050 Fix MPM defaults if building on RHEL, fix touch -r for 00-mpm.conf. 2017-09-22 08:03:13 +01:00
Stephen Gallagher
d614e8aa11
Require sscg 2.2.0 for creating service and CA certificates together
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-21 14:55:16 -04:00
Jeroen van Meeuwen (Ergo Project)
fd03d5ee37 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-09-21 19:32:53 +02:00
Jeroen van Meeuwen (Ergo Project)
10a87792e5 Address CVE-2017-9798 by applying upstream patch
Reference RHBZ #1490344
2017-09-21 19:28:15 +02:00
Joe Orton
6a77761740 use sscg defaults; append CA cert to generated cert
document httpd-init.service in httpd-init.service(8)
2017-09-21 16:41:20 +01:00
Stephen Gallagher
180ad320f4
Generate SSL keys on service start
This defers the creation of self-signed SSL certificates to the
first time that httpd starts up. This has several advantages:

* Waiting until the first boot will help avoid some issues with
  limited entropy in the install process.
* The certificates can be regenerated automatically whenever they
  are removed, which helps with tools such as virt-sysprep
* The certificates are now generated by SSCG, which produces a
  limited-trust CA alongside it that can be safely imported by a
  client.

For more information on SSCG, see:
https://sgallagh.wordpress.com/2016/05/02/self-signed-ssltls-certificates-why-they-are-terrible-and-a-better-alternative/

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-09-20 15:00:20 -04:00
Joe Orton
870b71c4f0 httpd.service(5) update: show how to ungracefully stop/restart 2017-09-19 12:46:35 +01:00
Joe Orton
d5e6805c26 Update links to Fedora home page. 2017-09-19 12:36:38 +01:00
Joe Orton
e2185159ed move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-09-19 10:08:07 +01:00
Joe Orton
a7a88382f7 move httpd.service.d, httpd.socket.d dirs to -filesystem 2017-09-19 10:02:32 +01:00
Joe Orton
b022e3b523 add new content-length filter (upstream PR 61222) 2017-09-13 14:21:17 +01:00
Joe Orton
ddabcffa42 Switch to https:// URLs. 2017-08-04 13:19:55 +01:00
Fedora Release Engineering
da66bed0cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 23:33:12 +00:00
Fedora Release Engineering
bd989fa784 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 12:53:42 +00:00
Joe Orton
adcaa34289 update mod_systemd (r1802251) 2017-07-18 09:25:14 +01:00
Joe Orton
e9d2120fbf switch to event by default for Fedora 27 and later (#1471708)
Resolves: rhbz#1471708
2017-07-17 11:39:57 +01:00
Joe Orton
3150aa97f5 Shorter text in httpd.service. 2017-07-14 12:57:43 +01:00
Joe Orton
6de83362da Fix grammar. 2017-07-14 12:57:43 +01:00
Petr Písař
70d2b4ee4f perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:54:15 +02:00
Luboš Uhliarik
06cde88ecf Resolves: #1469959 - httpd update cleaned out /etc/sysconfig 2017-07-12 11:42:25 +02:00
Luboš Uhliarik
c6fd35316d new version 2.4.27 2017-07-10 15:25:44 +02:00
Joe Orton
1205ddb60b mod_proxy_fcgi: fix further regressions (PR 61202) 2017-06-30 17:01:34 +01:00
Luboš Uhliarik
fd6452a0f2 new version 2.4.26 2017-06-19 11:48:36 +02:00
Joe Orton
fce414a1c1 move unit man pages to section 8, add as Documentation= in units 2017-06-05 16:55:45 +01:00
Joe Orton
6fd8793087 Updated httpd.service man page text. 2017-05-26 16:51:56 +01:00
Joe Orton
ae962f359b License under AL2. 2017-05-19 11:47:21 +01:00
Joe Orton
bbb988f0f4 add httpd.service.xml to Sources. 2017-05-19 11:10:34 +01:00
Joe Orton
710b63c5e0 add httpd.service(5) and httpd.socket(5) man pages 2017-05-19 11:04:53 +01:00
Joe Orton
dbcbdf8a73 require mod_http2, now packaged separately 2017-05-16 10:00:54 +01:00