Rename application to webdb

This commit renames the application container to webdb and drops the test suffix in favour of using www.cacert.localhost directly. The server certificate for www.cacert.localhost got an additional subjectAlternativeName secure.cacert.localhost and is used for both hostnames now. Environment variables containing _APP have been renamed to _WEBDB to keep consistency.
2020-12-23 07:17:06 +01:00 · 2020-12-23 07:17:06 +01:00 · f9b0eb5195
commit f9b0eb5195
parent 714533350b
7 changed files with 34 additions and 48 deletions
--- a/docker/apache-webdb-virtualhost.conf
+++ b/docker/apache-webdb-virtualhost.conf
@ -0,0 +1,71 @@
+<VirtualHost *:80>
+  ServerName www.cacert.localhost
+  DocumentRoot /www/www
+
+  ScriptAlias /cgi-bin/ /www/cgi-bin/
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
+  RewriteEngine On
+  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+  RewriteRule .* - [F]
+  <Directory /www/www/policy>
+    AddDefaultCharset utf-8
+  </Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName www.cacert.localhost
+  DocumentRoot /www/www
+
+  SSLEngine on
+  SSLStrictSNIVHostCheck on
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLHonorCipherOrder on
+  SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
+  SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
+
+  Header always set Strict-Transport-Security "max-age=31536000"
+
+  ScriptAlias /cgi-bin/ /www/cgi-bin/
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
+  RewriteEngine On
+  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+  RewriteRule .* - [F]
+  <Directory /www/www/policy>
+    AddDefaultCharset utf-8
+  </Directory>
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName secure.cacert.localhost
+  DocumentRoot /www/www
+
+  SSLEngine on
+  SSLStrictSNIVHostCheck on
+  SSLProtocol all -SSLv2 -SSLv3
+  SSLHonorCipherOrder on
+  SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
+  SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
+
+  SSLVerifyClient require
+  SSLVerifyDepth 2
+  SSLCACertificateFile /etc/ssl/apache2/certs/combined.crt
+  #SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
+  #SSLOCSPEnable on
+  #SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
+  SSLOptions +StdEnvVars
+
+  Header always set Strict-Transport-Security "max-age=31536000"
+
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
+  RewriteEngine On
+  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+  RewriteRule .* - [F]
+  <Directory /www/www/policy>
+    AddDefaultCharset utf-8
+  </Directory>
+</VirtualHost>