public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #55410 from aanderse/apache-defaults 

nixos/httpd: improve security in configuration file
This commit is contained in:
Silvan Mosberger 2019-02-18 03:27:18 +01:00 committed by GitHub
parent 96e17d4db9 1bec75301b
commit a3f85f0dc0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -376,6 +376,8 @@ let
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
Include ${httpd}/conf/extra/httpd-languages.conf
TraceEnable off
${if enableSSL then sslConf else ""}
# Fascist default - deny access to everything.
@ -639,8 +641,8 @@ in
sslProtocols = mkOption {
type = types.str;
default = "All -SSLv2 -SSLv3";
example = "All -SSLv2 -SSLv3 -TLSv1";
default = "All -SSLv2 -SSLv3 -TLSv1";
example = "All -SSLv2 -SSLv3";
description = "Allowed SSL/TLS protocol versions.";
};
}
@ -684,6 +686,9 @@ in
''
; Needed for PHP's mail() function.
sendmail_path = sendmail -t -i
; Don't advertise PHP
expose_php = off
'' + optionalString (!isNull config.time.timeZone) ''
; Apparently PHP doesn't use $TZ.