diff --git a/LICENSE b/LICENSE
index 9d53cbc5176..6c2462d6eb3 100644
--- a/LICENSE
+++ b/LICENSE
@@ -224,7 +224,7 @@ Within the patches/systemvm/debian/config/etc/apache2 directory
ports.conf
sites-available/default
sites-available/default-ssl
- vhostexample.conf
+ vhost.template
Within the patches/systemvm/debian/config/etc/ssh/ directory
licensed under the BSD (2-clause) http://www.opensource.org/licenses/BSD-2-Clause (as follows)
diff --git a/pom.xml b/pom.xml
index 5ecce935811..b244f17b288 100644
--- a/pom.xml
+++ b/pom.xml
@@ -895,7 +895,7 @@
systemvm/patches/debian/config/etc/apache2/ports.conf
systemvm/patches/debian/config/etc/apache2/sites-available/default
systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
- systemvm/patches/debian/config/etc/apache2/vhostexample.conf
+ systemvm/patches/debian/config/etc/apache2/vhost.template
systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl
systemvm/patches/debian/config/etc/vpcdnsmasq.conf
systemvm/patches/debian/config/etc/ssh/sshd_config
diff --git a/systemvm/patches/debian/config/etc/apache2/vhostexample.conf b/systemvm/patches/debian/config/etc/apache2/vhost.template
similarity index 92%
rename from systemvm/patches/debian/config/etc/apache2/vhostexample.conf
rename to systemvm/patches/debian/config/etc/apache2/vhost.template
index 70cb7dc2c23..dd9c58ad107 100644
--- a/systemvm/patches/debian/config/etc/apache2/vhostexample.conf
+++ b/systemvm/patches/debian/config/etc/apache2/vhost.template
@@ -87,6 +87,8 @@
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+ SSLHonorCipherOrder on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
index 003af485e89..496a0e7876a 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
@@ -41,12 +41,11 @@ class CsApache(CsApp):
CsHelper.service("apache2", "restart")
def setup(self):
- CsHelper.copy_if_needed("/etc/apache2/vhostexample.conf",
+ CsHelper.copy_if_needed("/etc/apache2/vhost.template",
"/etc/apache2/sites-enabled/vhost-%s.conf" % self.ip)
file = CsFile("/etc/apache2/sites-enabled/vhost-%s.conf" % (self.ip))
file.search("", "\t" % (self.ip))
- file.search("", "\t" % (self.ip))
file.search("", "\t" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
@@ -60,6 +59,11 @@ class CsApache(CsApp):
"-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 80 -j ACCEPT" % (self.dev, self.ip)
])
+ self.fw.append([
+ "", "front",
+ "-A INPUT -i %s -d %s/32 -p tcp -m tcp -m state --state NEW --dport 443 -j ACCEPT" % (self.dev, self.ip)
+ ])
+
class CsPasswdSvc():
"""
diff --git a/tools/whisker/LICENSE b/tools/whisker/LICENSE
index da8aaedfd9e..6bc400e7d5d 100644
--- a/tools/whisker/LICENSE
+++ b/tools/whisker/LICENSE
@@ -2774,7 +2774,7 @@ Within the patches/systemvm/debian/config/etc/apache2 directory
ports.conf
sites-available/default
sites-available/default-ssl
- vhostexample.conf
+ vhost.template
Within the patches/systemvm/debian/config/etc/ssh/ directory
licensed under the BSD (2-clause) http://www.opensource.org/licenses/BSD-2-Clause (as follows)
diff --git a/tools/whisker/descriptor-for-packaging.xml b/tools/whisker/descriptor-for-packaging.xml
index 01e60269f48..e76e5e2080d 100644
--- a/tools/whisker/descriptor-for-packaging.xml
+++ b/tools/whisker/descriptor-for-packaging.xml
@@ -2460,7 +2460,7 @@ Copyright (c) 2012 The Apache Software Foundation
-
+
diff --git a/tools/whisker/descriptor.xml b/tools/whisker/descriptor.xml
index da38b186c10..6996efeac02 100644
--- a/tools/whisker/descriptor.xml
+++ b/tools/whisker/descriptor.xml
@@ -2444,7 +2444,7 @@ Copyright (c) 2012 The Apache Software Foundation
-
+