X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fdefault-ssl;h=37ddad3d11f142a3b23f7765485d7d3f5f843f05;hb=2587c8d61609bb7df9d8feeca820bbaceb6a49de;hp=fa0b0ab5ba834b20841ae7ab462f7cf7293dd656;hpb=9a6ba7ed4fda4382f2611ad703ed26f1e28bfa50;p=sysconfig%2Fapache2.git

diff --git a/sites-available/default-ssl b/sites-available/default-ssl
index fa0b0ab..37ddad3 100644
--- a/sites-available/default-ssl
+++ b/sites-available/default-ssl
@@ -1,43 +1,6 @@
 <IfModule mod_ssl.c>
-<VirtualHost _default_:443>
-	ServerAdmin webmaster@localhost
-
-	DocumentRoot /var/www
-	<Directory />
-		Options FollowSymLinks
-		AllowOverride None
-	</Directory>
-	<Directory /var/www/>
-		Options Indexes FollowSymLinks MultiViews
-		AllowOverride None
-		Order allow,deny
-		allow from all
-	</Directory>
-
-	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-	<Directory "/usr/lib/cgi-bin">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-		Order allow,deny
-		Allow from all
-	</Directory>
-
-	ErrorLog /var/log/apache2/error.log
-
-	# Possible values include: debug, info, notice, warn, error, crit,
-	# alert, emerg.
-	LogLevel warn
-
-	CustomLog /var/log/apache2/ssl_access.log combined
-
-	Alias /doc/ "/usr/share/doc/"
-	<Directory "/usr/share/doc/">
-		Options Indexes MultiViews FollowSymLinks
-		AllowOverride None
-		Order deny,allow
-		Deny from all
-		Allow from 127.0.0.0/255.0.0.0 ::1/128
-	</Directory>
+<VirtualHost *:443>
+	Include sites-common/default
 
 	#   SSL Engine Switch:
 	#   Enable/Disable SSL for this virtual host.
@@ -48,8 +11,10 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
-	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	SSLCertificateFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
+	SSLCertificateChainFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt
+	#SSLCertificateFile    /etc/ssl/certs/general-web.crt
+	SSLCertificateKeyFile /etc/ssl/private/general-web.key
 
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
@@ -162,9 +127,11 @@
 	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 	#   "force-response-1.0" for this.
-	BrowserMatch ".*MSIE.*" \
+	BrowserMatch "MSIE [2-6]" \
 		nokeepalive ssl-unclean-shutdown \
 		downgrade-1.0 force-response-1.0
+	# MSIE 7 and newer should be able to use keepalive
+	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
 </VirtualHost>
 </IfModule>