From ae8cd145b9da0cd7bee158376695244fd887f894 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Sep 2018 13:44:57 +0300 Subject: [PATCH] Fixed HTTPS on CentOS --- agent/alpine/docker-entrypoint.sh | 3 ++ agent/centos/docker-entrypoint.sh | 3 ++ agent/ubuntu/docker-entrypoint.sh | 3 ++ java-gateway/alpine/docker-entrypoint.sh | 3 ++ java-gateway/centos/docker-entrypoint.sh | 3 ++ java-gateway/ubuntu/docker-entrypoint.sh | 3 ++ proxy-mysql/alpine/docker-entrypoint.sh | 3 ++ proxy-mysql/centos/docker-entrypoint.sh | 3 ++ proxy-mysql/ubuntu/docker-entrypoint.sh | 3 ++ proxy-sqlite3/alpine/docker-entrypoint.sh | 3 ++ proxy-sqlite3/centos/docker-entrypoint.sh | 3 ++ proxy-sqlite3/ubuntu/docker-entrypoint.sh | 3 ++ server-mysql/alpine/docker-entrypoint.sh | 3 ++ server-mysql/centos/docker-entrypoint.sh | 3 ++ server-mysql/ubuntu/docker-entrypoint.sh | 3 ++ server-pgsql/alpine/docker-entrypoint.sh | 3 ++ server-pgsql/centos/docker-entrypoint.sh | 3 ++ server-pgsql/ubuntu/docker-entrypoint.sh | 3 ++ web-apache-mysql/alpine/docker-entrypoint.sh | 3 ++ .../centos/conf/etc/zabbix/apache_ssl.conf | 51 +++++++++++++++++-- web-apache-mysql/centos/docker-entrypoint.sh | 3 ++ web-apache-mysql/ubuntu/docker-entrypoint.sh | 3 ++ web-apache-pgsql/alpine/docker-entrypoint.sh | 3 ++ .../centos/conf/etc/zabbix/apache_ssl.conf | 51 +++++++++++++++++-- web-apache-pgsql/centos/docker-entrypoint.sh | 3 ++ web-apache-pgsql/ubuntu/docker-entrypoint.sh | 3 ++ web-nginx-mysql/alpine/docker-entrypoint.sh | 3 ++ web-nginx-mysql/centos/docker-entrypoint.sh | 3 ++ web-nginx-mysql/ubuntu/docker-entrypoint.sh | 3 ++ web-nginx-pgsql/alpine/docker-entrypoint.sh | 3 ++ web-nginx-pgsql/centos/docker-entrypoint.sh | 3 ++ web-nginx-pgsql/ubuntu/docker-entrypoint.sh | 3 ++ zabbix-appliance/alpine/docker-entrypoint.sh | 3 ++ zabbix-appliance/centos/docker-entrypoint.sh | 3 ++ zabbix-appliance/rhel/docker-entrypoint.sh | 3 ++ zabbix-appliance/ubuntu/docker-entrypoint.sh | 3 ++ 36 files changed, 196 insertions(+), 8 deletions(-) diff --git a/agent/alpine/docker-entrypoint.sh b/agent/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/agent/alpine/docker-entrypoint.sh +++ b/agent/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/agent/centos/docker-entrypoint.sh b/agent/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/agent/centos/docker-entrypoint.sh +++ b/agent/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/agent/ubuntu/docker-entrypoint.sh b/agent/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/agent/ubuntu/docker-entrypoint.sh +++ b/agent/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/java-gateway/alpine/docker-entrypoint.sh b/java-gateway/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/java-gateway/alpine/docker-entrypoint.sh +++ b/java-gateway/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/java-gateway/centos/docker-entrypoint.sh b/java-gateway/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/java-gateway/centos/docker-entrypoint.sh +++ b/java-gateway/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/java-gateway/ubuntu/docker-entrypoint.sh b/java-gateway/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/java-gateway/ubuntu/docker-entrypoint.sh +++ b/java-gateway/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-mysql/alpine/docker-entrypoint.sh b/proxy-mysql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-mysql/alpine/docker-entrypoint.sh +++ b/proxy-mysql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-mysql/centos/docker-entrypoint.sh b/proxy-mysql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-mysql/centos/docker-entrypoint.sh +++ b/proxy-mysql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-mysql/ubuntu/docker-entrypoint.sh b/proxy-mysql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-sqlite3/alpine/docker-entrypoint.sh b/proxy-sqlite3/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-sqlite3/alpine/docker-entrypoint.sh +++ b/proxy-sqlite3/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-sqlite3/centos/docker-entrypoint.sh b/proxy-sqlite3/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-sqlite3/centos/docker-entrypoint.sh +++ b/proxy-sqlite3/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/proxy-sqlite3/ubuntu/docker-entrypoint.sh b/proxy-sqlite3/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/proxy-sqlite3/ubuntu/docker-entrypoint.sh +++ b/proxy-sqlite3/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-mysql/alpine/docker-entrypoint.sh b/server-mysql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-mysql/alpine/docker-entrypoint.sh +++ b/server-mysql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-mysql/ubuntu/docker-entrypoint.sh b/server-mysql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-mysql/ubuntu/docker-entrypoint.sh +++ b/server-mysql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-pgsql/alpine/docker-entrypoint.sh b/server-pgsql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-pgsql/alpine/docker-entrypoint.sh +++ b/server-pgsql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-pgsql/centos/docker-entrypoint.sh b/server-pgsql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-pgsql/centos/docker-entrypoint.sh +++ b/server-pgsql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/server-pgsql/ubuntu/docker-entrypoint.sh b/server-pgsql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/server-pgsql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-mysql/alpine/docker-entrypoint.sh b/web-apache-mysql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/web-apache-mysql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf index b66eb642d..313003143 100644 --- a/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf @@ -3,22 +3,65 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Listen 443 - + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - diff --git a/web-apache-mysql/centos/docker-entrypoint.sh b/web-apache-mysql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-mysql/centos/docker-entrypoint.sh +++ b/web-apache-mysql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-mysql/ubuntu/docker-entrypoint.sh b/web-apache-mysql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-pgsql/alpine/docker-entrypoint.sh b/web-apache-pgsql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf index b66eb642d..313003143 100644 --- a/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf @@ -3,22 +3,65 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Listen 443 - + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - diff --git a/web-apache-pgsql/centos/docker-entrypoint.sh b/web-apache-pgsql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/web-apache-pgsql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/web-apache-pgsql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-mysql/alpine/docker-entrypoint.sh b/web-nginx-mysql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-mysql/centos/docker-entrypoint.sh b/web-nginx-mysql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/web-nginx-mysql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/web-nginx-mysql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-pgsql/alpine/docker-entrypoint.sh b/web-nginx-pgsql/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-pgsql/centos/docker-entrypoint.sh b/web-nginx-pgsql/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/zabbix-appliance/alpine/docker-entrypoint.sh b/zabbix-appliance/alpine/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/zabbix-appliance/alpine/docker-entrypoint.sh +++ b/zabbix-appliance/alpine/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/zabbix-appliance/centos/docker-entrypoint.sh b/zabbix-appliance/centos/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/zabbix-appliance/centos/docker-entrypoint.sh +++ b/zabbix-appliance/centos/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/zabbix-appliance/rhel/docker-entrypoint.sh b/zabbix-appliance/rhel/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/zabbix-appliance/rhel/docker-entrypoint.sh +++ b/zabbix-appliance/rhel/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)" diff --git a/zabbix-appliance/ubuntu/docker-entrypoint.sh b/zabbix-appliance/ubuntu/docker-entrypoint.sh index b4a2b2b12..3eaa6c258 100755 --- a/zabbix-appliance/ubuntu/docker-entrypoint.sh +++ b/zabbix-appliance/ubuntu/docker-entrypoint.sh @@ -482,7 +482,10 @@ prepare_web_server_apache() { elif [ -f "/etc/apache2/conf.d/default.conf" ]; then echo "** Disable default site" rm -f "/etc/apache2/conf.d/default.conf" + elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then + echo "** Disable default site" rm -f "/etc/httpd/conf.d/welcome.conf" + rm -f "/etc/httpd/conf.d/ssl.conf" fi echo "** Adding Zabbix virtual host (HTTP)"