Apache Problem / "Sites-Available/MeineDomain.conf"

1. <VirtualHost *:80>
2. ServerName MEINE-DOMAIN
3. ServerAlias Cloud
4. DocumentRoot /media/Owncloud
5. <Directory />
6. Options FollowSymLinks
7. AllowOverride None
8. </Directory>
9. <Directory /media/Owncloud/>
10. Options Indexes FollowSymLinks MultiViews
11. AllowOverride None
12. Order allow,deny
13. allow from all
14. </Directory>
15. </VirtualHost>
16.  
17. <IfModule mod_ssl.c>
18. <VirtualHost *:443>
19. ServerName MeineDomain
20. ServerAlias Cloud2
21. DocumentRoot /media/Owncloud
22. <Directory />
23. Options FollowSymLinks
24. AllowOverride None
25. </Directory>
26. <Directory /media/Owncloud/>
27. Options Indexes FollowSymLinks MultiViews
28. AllowOverride None
29. Order allow,deny
30. allow from all
31. </Directory>
32.  
33. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
34. <Directory "/usr/lib/cgi-bin">
35. AllowOverride None
36. Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
37. Order allow,deny
38. Allow from all
39. </Directory>
40.  
41. ErrorLog ${APACHE_LOG_DIR}/error.log
42.  
43. # Possible values include: debug, info, notice, warn, error, crit,
44. # alert, emerg.
45. LogLevel warn
46.  
47. CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
48.  
49. # SSL Engine Switch:
50. # Enable/Disable SSL for this virtual host.
51. SSLEngine on
52.  
53. # A self-signed (snakeoil) certificate can be created by installing
54. # the ssl-cert package. See
55. # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
56. # If both key and certificate are stored in the same file, only the
57. # SSLCertificateFile directive is needed.
58. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
59. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
60.  
61. # Server Certificate Chain:
62. # Point SSLCertificateChainFile at a file containing the
63. # concatenation of PEM encoded CA certificates which form the
64. # certificate chain for the server certificate. Alternatively
65. # the referenced file can be the same as SSLCertificateFile
66. # when the CA certificates are directly appended to the server
67. # certificate for convinience.
68. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
69.  
70. # Certificate Authority (CA):
71. # Set the CA certificate verification path where to find CA
72. # certificates for client authentication or alternatively one
73. # huge file containing all of them (file must be PEM encoded)
74. # Note: Inside SSLCACertificatePath you need hash symlinks
75. # to point to the certificate files. Use the provided
76. # Makefile to update the hash symlinks after changes.
77. #SSLCACertificatePath /etc/ssl/certs/
78. #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
79.  
80. # Certificate Revocation Lists (CRL):
81. # Set the CA revocation path where to find CA CRLs for client
82. # authentication or alternatively one huge file containing all
83. # of them (file must be PEM encoded)
84. # Note: Inside SSLCARevocationPath you need hash symlinks
85. # to point to the certificate files. Use the provided
86. # Makefile to update the hash symlinks after changes.
87. #SSLCARevocationPath /etc/apache2/ssl.crl/
88. #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
89.  
90. # Client Authentication (Type):
91. # Client certificate verification type and depth. Types are
92. # none, optional, require and optional_no_ca. Depth is a
93. # number which specifies how deeply to verify the certificate
94. # issuer chain before deciding the certificate is not valid.
95. #SSLVerifyClient require
96. #SSLVerifyDepth 10
97.  
98. # Access Control:
99. # With SSLRequire you can do per-directory access control based
100. # on arbitrary complex boolean expressions containing server
101. # variable checks and other lookup directives. The syntax is a
102. # mixture between C and Perl. See the mod_ssl documentation
103. # for more details.
104. #<Location />
105. #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
106. # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
107. # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
108. # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
109. # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
110. # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
111. #</Location>
112.  
113. # SSL Engine Options:
114. # Set various options for the SSL engine.
115. # o FakeBasicAuth:
116. # Translate the client X.509 into a Basic Authorisation. This means that
117. # the standard Auth/DBMAuth methods can be used for access control. The
118. # user name is the `one line' version of the client's X.509 certificate.
119. # Note that no password is obtained from the user. Every entry in the user
120. # file needs this password: `xxj31ZMTZzkVA'.
121. # o ExportCertData:
122. # This exports two additional environment variables: SSL_CLIENT_CERT and
123. # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
124. # server (always existing) and the client (only existing when client
125. # authentication is used). This can be used to import the certificates
126. # into CGI scripts.
127. # o StdEnvVars:
128. # This exports the standard SSL/TLS related `SSL_*' environment variables.
129. # Per default this exportation is switched off for performance reasons,
130. # because the extraction step is an expensive operation and is usually
131. # useless for serving static content. So one usually enables the
132. # exportation for CGI and SSI requests only.
133. # o StrictRequire:
134. # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
135. # under a "Satisfy any" situation, i.e. when it applies access is denied
136. # and no other module can change it.
137. # o OptRenegotiate:
138. # This enables optimized SSL connection renegotiation handling when SSL
139. # directives are used in per-directory context.
140. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
141. <FilesMatch "\.(cgi|shtml|phtml|php)$">
142. SSLOptions +StdEnvVars
143. </FilesMatch>
144. <Directory /usr/lib/cgi-bin>
145. SSLOptions +StdEnvVars
146. </Directory>
147.  
148. # SSL Protocol Adjustments:
149. # The safe and default but still SSL/TLS standard compliant shutdown
150. # approach is that mod_ssl sends the close notify alert but doesn't wait for
151. # the close notify alert from client. When you need a different shutdown
152. # approach you can use one of the following variables:
153. # o ssl-unclean-shutdown:
154. # This forces an unclean shutdown when the connection is closed, i.e. no
155. # SSL close notify alert is send or allowed to received. This violates
156. # the SSL/TLS standard but is needed for some brain-dead browsers. Use
157. # this when you receive I/O errors because of the standard approach where
158. # mod_ssl sends the close notify alert.
159. # o ssl-accurate-shutdown:
160. # This forces an accurate shutdown when the connection is closed, i.e. a
161. # SSL close notify alert is send and mod_ssl waits for the close notify
162. # alert of the client. This is 100% SSL/TLS standard compliant, but in
163. # practice often causes hanging connections with brain-dead browsers. Use
164. # this only for browsers where you know that their SSL implementation
165. # works correctly.
166. # Notice: Most problems of broken clients are also related to the HTTP
167. # keep-alive facility, so you usually additionally want to disable
168. # keep-alive for those clients, too. Use variable "nokeepalive" for this.
169. # Similarly, one has to force some clients to use HTTP/1.0 to workaround
170. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
171. # "force-response-1.0" for this.
172. BrowserMatch "MSIE [2-6]" \
173. nokeepalive ssl-unclean-shutdown \
174. downgrade-1.0 force-response-1.0
175. # MSIE 7 and newer should be able to use keepalive
176. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
177.  
178. </VirtualHost>
179. </IfModule>