- Instead of just the sites that have successfully obtain certificate. This
allows customization of configuration for those sites (especially useful when
testing where LE certs are not obtained).
Tests:
- When a domain is added to the system, an apache TLS configuration is created
for the domain even though the domain does not have a successfully obtained LE
cert.
- When a domain is removed, the TLS configuration for the domain is removed.
- Add a domain without the patches. Apply the patches and restart the service.
The domain added signals are fired during the startup. This results in site
specific TLS configuration files getting created and Apache reloads. When the
service is restarted, the files are not created and Apache is not reloaded.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Can be used to set the 'Expires:' header to cache static files for a long
time.
Tests:
- Without the patch 'a2query -m expires' shows that the module is not installed.
Applying the patches and restarting services shows that Apache app's setup is
run and 'a2query -m expires' shows that module is enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- DAV can simplify hosting the Feather Wiki app.
- It can also potentially be used to share folders over HTTP to clients such a
GNOME/KDE file mangers.
- Enabling the modules by default should have few disadvantages other than
slight increase in memory. It needs to be enabled with 'DAV on' directive on the
specific directories.
Tests:
- Running the service after patch run apache setup and the modules are enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2264.
- Set apache-auth fail2ban jail's backend to read from journal instead of
syslog. Tweak the regex matching to deal with the custom format.
- Adjust the apache error log format to remove unnecessary timestamp. It causes
problems for fail2ban regex matching.
- There was an error in the earlier patch the make apache log into journald.
Configuration for TLS sites still contained ErrorLog and CustomLog directives.
Remove them.
- There is also file with CustomLog directive that logs for other vhosts.
- For some reason, for custom error log format, %T - thread ID did not work and
had to switch to %{g}T global thread ID.
- Added journalmatch to improve performance by matching the regular expressions
against only specific journal entries.
Tests:
- In a container, apply the patch, run setup and start FreedomBox. Apache app is
updated to new version. Apache web server is reloaded. The
other-vhosts-access-log configuration is disabled.
- On a production machine, remove the directives in
freedombox-tls-site-macro.conf and disabling other-vhosts-access-log stopped the
logging into /var/log/apache2/ directory.
- Use TTRSS /tt-rss-app/ URL and type wrong credentials for 10 times. The client
is banned for 10 minutes. Repeat after unban. Client is banned again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup works when a new container is created
- When transmission is enabled/disabled, the web configuration for it is
enabled/disabled.
- When radicale is enabled/disabled, the uwsgi configuration for it is
enabled/disabled.
- Sharing web configuration is disabled during backup and re-enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
