From 5a4bf1138df29d66460e15f5a1c37d4a16112776 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Wed, 4 Feb 2015 23:17:45 +0100 Subject: [PATCH 1/6] Adding DirectAdmin entry to templates.index --- templates.index | 1 + 1 file changed, 1 insertion(+) diff --git a/templates.index b/templates.index index e244ee6..31bd6ed 100644 --- a/templates.index +++ b/templates.index @@ -5,3 +5,4 @@ titus titus dovecot2 Dovecot 2 postfix Postfix prosody Prosody +directadmin DirectAdmin From e41cdf53eafe07e8eef338a4b00c5a489aaa1844 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Wed, 4 Feb 2015 23:18:23 +0100 Subject: [PATCH 2/6] Update templates.index --- templates.index | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates.index b/templates.index index 31bd6ed..0a388d5 100644 --- a/templates.index +++ b/templates.index @@ -5,4 +5,4 @@ titus titus dovecot2 Dovecot 2 postfix Postfix prosody Prosody -directadmin DirectAdmin +directadmin DirectAdmin From bb206a3fead2a1ae8e5a7cc23fdfcfc27201f85a Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Wed, 4 Feb 2015 23:20:28 +0100 Subject: [PATCH 3/6] Update templates.index --- templates.index | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates.index b/templates.index index 0a388d5..cdb1866 100644 --- a/templates.index +++ b/templates.index @@ -5,4 +5,4 @@ titus titus dovecot2 Dovecot 2 postfix Postfix prosody Prosody -directadmin DirectAdmin +directadmin DirectAdmin From 34a1df5f6b5d5a83cc6d4fbe375fc67879609975 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Wed, 4 Feb 2015 23:54:06 +0100 Subject: [PATCH 4/6] Create directadmin.mozilla DirectAdmin uses a kind of macro language to allow custom HTTPD config lines to overwrite the default template. Just adding the Apache config lines may create double lines and lead to unpredictable results. Using the macro language, the lines will be overwritten and not added. --- templates/directadmin.mozilla | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 templates/directadmin.mozilla diff --git a/templates/directadmin.mozilla b/templates/directadmin.mozilla new file mode 100644 index 0000000..bb4bdf8 --- /dev/null +++ b/templates/directadmin.mozilla @@ -0,0 +1,23 @@ +# Paste these lines into the "Custom HTTPD Configurations" for your domain. +# You need admin access to DirectAdmin. +|?KEY=__KEY_PATH__| +|?CERT=__CHAINED_PATH__| +|?CAROOT=| + +# Instead, you could also use these more generic lines with the DOMAIN DirectAdmin macro: +|?KEY=/etc/sslmate/www.`DOMAIN`.key| +|?CERT=/etc/sslmate/www.`DOMAIN`.chained.crt| +|?CAROOT=| + +# If you don't have admin access to DirectAdmin, you can paste the cert, +# chain and key into the "SSL Certificates" form; both the key and the +# "chained" file contents into the "Paste a pre-generated certificate and key" field. + +# Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS +SSLProtocol all -SSLv2 -SSLv3 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK +SSLHonorCipherOrder on +SSLCompression off + +# Enable this if you want HSTS (recommended) +# Header add Strict-Transport-Security "max-age=15768000" From d37a6e876acfbf0c1f96fb42da9e80d9c172d33a Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Wed, 4 Feb 2015 23:54:48 +0100 Subject: [PATCH 5/6] Rename directadmin.mozilla to directadmin+mozilla --- templates/{directadmin.mozilla => directadmin+mozilla} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename templates/{directadmin.mozilla => directadmin+mozilla} (100%) diff --git a/templates/directadmin.mozilla b/templates/directadmin+mozilla similarity index 100% rename from templates/directadmin.mozilla rename to templates/directadmin+mozilla From dc5509da522b72fcf82798d034be4fc3d5530380 Mon Sep 17 00:00:00 2001 From: Onno Zweers Date: Thu, 5 Feb 2015 00:01:05 +0100 Subject: [PATCH 6/6] Update directadmin+mozilla DirectAdmin strips any chain certs from the "Paste a pre-generated certificate and key" form. The chain certs should go into the root CA cert field, confusingly enough. --- templates/directadmin+mozilla | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/directadmin+mozilla b/templates/directadmin+mozilla index bb4bdf8..24a143b 100644 --- a/templates/directadmin+mozilla +++ b/templates/directadmin+mozilla @@ -11,7 +11,8 @@ # If you don't have admin access to DirectAdmin, you can paste the cert, # chain and key into the "SSL Certificates" form; both the key and the -# "chained" file contents into the "Paste a pre-generated certificate and key" field. +# host cert into the "Paste a pre-generated certificate and key" field, +# and the chain into the form at "Click Here to paste a CA Root Certificate". # Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS SSLProtocol all -SSLv2 -SSLv3