PURPOSE_="Generate config files needed for Evergreen-ILS Cluster"
SYNOPSIS_="$NAME_"
REQUIRES_="standard GNU commands, apt, dpkg"
- VERSION_="1.79"
- DATE_="2010-11-23; last update: 2017-06-20"
+ VERSION_="1.80"
+ DATE_="2010-11-23; last update: 2017-08-30"
AUTHOR_="Andy Witter <awitter@georgialibraries.org>"
URL_="http://evergreen-ils.org"
CATEGORY_="devel"
openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key -subj "/CN=$CLUSTERDOMAINNAME"
echo;echo;echo "Certificate for $CLUSTERDOMAINNAME"
openssl x509 -in server.crt -text -noout
+ openssl dhparam -out dhparams.pem 2048
sleep 2
cd "${WD}"
else
openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key -subj "/CN=$CLUSTERDOMAINNAME"
echo;echo;echo "Certificate for $CLUSTERDOMAINNAME"
openssl x509 -in server.crt -text -noout
+ openssl dhparam -out dhparams.pem 2048
sleep 2
cd "${WD}"
fi
fi
eval cp -f $TEMPLATEDIR/eg_fstab_head ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc
eval cp -f ${CERT_DIR}/server.* ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
+
[ -e "${CERT_DIR}/ca.crt" ] && eval cp -f "${CERT_DIR}/ca.crt" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
+ [ -e "${CERT_DIR}/dhparams.pem" ] && eval cp -f "${CERT_DIR}/dhparams.pem" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
[ -e "${CUSTOMDIR}/zips.txt" ] && eval cp -f "${CUSTOMDIR}/zips.txt" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/data/zips.txt
eval cp -f $TEMPLATEDIR/opensrf_core.xml ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/conf
eval sed -i "s^UTILITY01_IP^$UTILITY01_IP^g" ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/etc/eg_fstab_head
eval cp -f $TEMPLATEDIR/eg_fstab_head ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc
eval cp -f ${CERT_DIR}/server.* ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
[ -e "${CERT_DIR}/ca.crt" ] && eval cp -f "${CERT_DIR}/ca.crt" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
+ [ -e "${CERT_DIR}/dhparams.pem" ] && eval cp -f "${CERT_DIR}/dhparams.pem" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/etc/apache2/ssl
[ -e "${CUSTOMDIR}/zips.txt" ] && eval cp -f "${CUSTOMDIR}/zips.txt" ${OUTDIR}/\$BRICKHOSTNAME${BRICK}/\$BRICKHOSTNAME${BRICK}-head/openils/var/data/zips.txt
eval sed -i "s^UTILITY01_IP^$UTILITY01_IP^g" ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/etc/eg_fstab_head
eval sed -i "s^UTILITY02_IP^$UTILITY02_IP^g" ${OUTDIR}/$(eval echo \$BRICKHOSTNAME${BRICK})/$(eval echo \$BRICKHOSTNAME${BRICK})-head/etc/eg_fstab_head
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
+
}
server {
# Use the same SSL certificate as Apache.
ssl_certificate /etc/apache2/ssl/server.crt;
ssl_certificate_key /etc/apache2/ssl/server.key;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ ssl_prefer_server_ciphers on;
+ ssl_dhparam /etc/apache2/ssl/dhparams.pem;
location / {
proxy_pass https://localhost:7443;
projects / contrib / pines / genasys.git / commitdiff