saving uncommitted changes in /etc prior to apt run

diff --git a/.etckeeper b/.etckeeper
index 2c99fc96315a76d998544cf9e85efb8d05135576..c93fa98451ebe54facca6ffb291bb67a28f9db41 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -62,7 +62,7 @@ maybe chmod 0755 'apache2'
 maybe chmod 0644 'apache2/apache2.conf'
 maybe chmod 0755 'apache2/conf-available'
 maybe chmod 0644 'apache2/conf-available/charset.conf'
-maybe chmod 0755 'apache2/conf-available/custom-log.conf'
+maybe chmod 0644 'apache2/conf-available/custom-log.conf'
 maybe chmod 0644 'apache2/conf-available/javascript-common.conf'
 maybe chmod 0644 'apache2/conf-available/localized-error-pages.conf'
 maybe chmod 0644 'apache2/conf-available/other-vhosts-access-log.conf'
@@ -210,6 +210,7 @@ maybe chmod 0755 'apache2/mods-enabled'
 maybe chmod 0644 'apache2/ports.conf'
 maybe chmod 0755 'apache2/sites-available'
 maybe chmod 0644 'apache2/sites-available/000-default-le-ssl.conf'
+maybe chmod 0644 'apache2/sites-available/000-default-ssl.conf'
 maybe chmod 0644 'apache2/sites-available/000-default.conf'
 maybe chmod 0644 'apache2/sites-available/default-include.conf'
 maybe chmod 0644 'apache2/sites-available/default-ssl.conf'

diff --git a/apache2/conf-available/custom-log.conf b/apache2/conf-available/custom-log.conf
old mode 100755 (executable)
new mode 100644 (file)

diff --git a/apache2/info_users_passwd b/apache2/info_users_passwd
index 3643e97262e0e680052abafe498bca23d4bf9ee2..a9cf5ab19de5583f5f779a00197ea1d4ee06b8b2 100644 (file)
--- a/apache2/info_users_passwd
+++ b/apache2/info_users_passwd
@@ -1,3 +1,3 @@
-monitoring:$apr1$TqC87rAF$vXWiZcbRZMQIfC9XAVUgM.
-uhu:$apr1$YDvmWkSk$hBCVtCkgYCtpk0nBafCJW0
-frank:$apr1$ZNUxCrHN$RL75QYUy1Y/FyFi54CAni.
+monitoring:$apr1$rq/i6DzS$Qk6YAABQSeIgXe5Z0cc7K0
+uhu:$apr1$cFagqyiq$T2azAWwszStOUz/mmfONd/
+frank:$apr1$q0RMdmRi$5egjyB4c32Ts/swS3hkuN0

diff --git a/apache2/mods-available/info.conf b/apache2/mods-available/info.conf
index 0eb5c9770a57ac5d4a0d8413b668fb8b5f337e25..b3e5f59b5368dcb0fed5bb39621a2e86744a8958 100644 (file)
--- a/apache2/mods-available/info.conf
+++ b/apache2/mods-available/info.conf
@@ -2,16 +2,17 @@
 
        # Allow remote server configuration reports, with the URL of
        #  http://servername/server-info (requires that mod_info.c be loaded).
-       # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
        #
        <Location /server-info>
                SetHandler server-info
                AuthName "Server Status Access"
                AuthType Basic
+               AuthBasicProvider file
                AuthUserFile /etc/apache2/info_users_passwd
-               Require local
-               Require valid-user
-               Satisfy Any
+               <RequireAny>
+                       Require local
+                       Require valid-user
+               </RequireAny>
        </Location>
 
 </IfModule>

diff --git a/apache2/mods-available/status.conf b/apache2/mods-available/status.conf
index dd13a38e48d2741b50bc497f2d20c5ca5385b4aa..b61bb5843c62597cb9c34b7775e3b0afa5ceba6b 100644 (file)
--- a/apache2/mods-available/status.conf
+++ b/apache2/mods-available/status.conf
@@ -1,17 +1,17 @@
 <IfModule mod_status.c>
        # Allow server status reports generated by mod_status,
        # with the URL of http://servername/server-status
-       # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
 
        <Location /server-status>
                SetHandler server-status
-               #Require ip 192.0.2.0/24
                AuthName "Server Status Access"
                AuthType Basic
+               AuthBasicProvider file
                AuthUserFile /etc/apache2/info_users_passwd
-               Require local
-               Require valid-user
-               Satisfy Any
+               <RequireAny>
+                       Require local
+                       Require valid-user
+               </RequireAny>
 
        </Location>
 

diff --git a/apache2/sites-available/000-default-ssl.conf b/apache2/sites-available/000-default-ssl.conf
new file mode 100644 (file)
index 0000000..2b203fb
--- /dev/null
+++ b/apache2/sites-available/000-default-ssl.conf
@@ -0,0 +1,54 @@
+
+
+<IfModule mod_ssl.c>
+       <VirtualHost _default_:443>
+
+               Include sites-available/default-include.conf
+
+               SSLEngine on
+
+               SSLCertificateFile      /etc/letsencrypt/live/ns1.uhu-banane.de-0001/fullchain.pem
+               SSLCertificateKeyFile   /etc/letsencrypt/live/ns1.uhu-banane.de-0001/privkey.pem
+
+               Include /etc/letsencrypt/options-ssl-apache.conf
+
+               #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+               #SSLCACertificatePath /etc/ssl/certs/
+               #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+               #SSLCARevocationPath /etc/apache2/ssl.crl/
+               #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+               #SSLVerifyClient require
+               #SSLVerifyDepth  10
+
+               #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+               <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                       SSLOptions +StdEnvVars
+               </FilesMatch>
+               <Directory /usr/lib/cgi-bin>
+                       SSLOptions +StdEnvVars
+               </Directory>
+
+               BrowserMatch    "MSIE [2-6]" \
+                       nokeepalive ssl-unclean-shutdown \
+                       downgrade-1.0 force-response-1.0
+               # MSIE 7 and newer should be able to use keepalive
+               BrowserMatch    "MSIE [17-9]" ssl-unclean-shutdown
+
+               ServerName      ns1.uhu-banane.de
+               ServerAlias     ns1
+               ServerAlias     ns1.brehm-online.com
+               ServerAlias     repo
+               ServerAlias     repo.uhu-banane.de
+               ServerAlias     repo.brehm-online.com
+               ServerAlias     repo.uhu-banane.eu
+               ServerAlias     repo.uhu-banane.net
+               ServerAlias     repo.uhu-banane.org
+
+       </VirtualHost>
+</IfModule>
+
+# vim: filetype=apache ts=8 sw=4 sts=4 sr noet

diff --git a/apache2/sites-enabled/000-default-le-ssl.conf b/apache2/sites-enabled/000-default-le-ssl.conf
deleted file mode 120000 (symlink)
index 2aae627..0000000
--- a/apache2/sites-enabled/000-default-le-ssl.conf
+++ /dev/null
@@ -1 +0,0 @@
-/etc/apache2/sites-available/000-default-le-ssl.conf
\ No newline at end of file

diff --git a/apache2/sites-enabled/000-default-ssl.conf b/apache2/sites-enabled/000-default-ssl.conf
new file mode 120000 (symlink)
index 0000000..596612a
--- /dev/null
+++ b/apache2/sites-enabled/000-default-ssl.conf
@@ -0,0 +1 @@
+../sites-available/000-default-ssl.conf
\ No newline at end of file

diff --git a/apache2/sites-enabled/default-ssl.conf b/apache2/sites-enabled/default-ssl.conf
deleted file mode 120000 (symlink)
index 48ae7e4..0000000
--- a/apache2/sites-enabled/default-ssl.conf
+++ /dev/null
@@ -1 +0,0 @@
-/etc/apache2/sites-available/default-ssl.conf
\ No newline at end of file

diff --git a/postfix/main.cf b/postfix/main.cf
index 6d06643512721e92a9ca52bab474d7ed99e46482..f6ab2684d46c0fa121d2dfa1d118fbfb96357503 100644 (file)
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -66,11 +66,14 @@ mynetworks =
        127.0.0.0/8,
        [::ffff:127.0.0.0]/104,
        [::1]/128,
+       10.12.20.2/32,
        185.48.118.128/32,
        2001:6f8:1c00:365::2/128,
+       2001:6f8:1db7::2/128,
        fe80::1:4eff:feed:632a/128,
+       fe80::1:d8ff:fea2:5ec1/128,
        fe80::4f8:1c00:365:2/128,
-       fe80::4caa:9d73:4396:8258/128,
+       fe80::9bcd:bbd1:4ef8:6169/128,
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
 recipient_delimiter = +