Web Server

Description

Restrictive Web Server configuration and SSL keys setup.

Release notes

Show release notes
Version 1.4.0 - Deprecated
  • Bugfix: The required certificate serial could sometimes be detected incorrectly (M10650)
  • Feature: Enabling failover/loadbalancing capability
  • Feature: Added the ability to authenticate users using SMP API via HTTP Basic Authentication (M10089)
  • Improvement: Reload Apache after apply changes
  • Feature: Make the timeout configurable (M10670)
  • Feature: Added option to disable default site (M10940)
  • Feature: HTTP Basic Authentication caching
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • Certification Authority module >= 1.0.1 installed on the mother SMP
    • System Base module >= 1.0.0
    • SMP Admin module >= 1.5.0 (if used to install an SMP)

Version 1.2.3 - Deprecated
  • Bugfix: Increase serial number of issued certificates when the database holds a higher serial number. (M9333)
  • Bugfix: Enabled PHP garbage collection of session files. (M9425)
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • Certification Authority module >= 1.0.1 installed on the mother SMP
    • System Base module >= 1.0.0
    • SMP Admin module >= 1.5.0 (if used to install an SMP)

Version 1.2.2 - Deprecated
  • Feature: allow restricted Subject Alternative Names to be configured.
  • Improvement: Use 2048 bit key length to generate certificates.
  • Bugfix: The shared ssl serial file was used instead of 1 serial file per SOP.
  • Bugfix: Be more tolerant against re-installing the SMP.
  • Bugfix: The certificate chain was not generated correctly for multiple SMP levels.
  • Bugfix: The certificate validity parameter was not taken into account.
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • Certification Authority module >= 1.0.1 installed on the mother SMP
    • System Base module >= 1.0.0
    • SMP Admin module >= 1.5.0 (if used to install an SMP)

Version 1.2.1 - Deprecated
  • Bugfix: Upload limit was too strict (M7850)
  • Deprecated: Impossible to start Apache due to mismatch between certificate and certificate key (M0)
  • Dependency:
    • System Base module >= 1.0.0
    • SMP Admin module >= 1.5.0 (if used to install an SMP)

Version 1.2.0 - Deprecated
  • Improvement: Change default upload value of php to 10 MB (M7212)
  • Feature: Possibility to authenticate based on web application session (M7435)
  • Feature: It is now possible to reinstall the module without overwriting existing certificates
  • Deprecated: Upload limit was too strict for bulk admin (M7850)
  • Dependency:
    • System Base module >= 1.0.0
    • SMP Admin module >= 1.5.0 (if used to install an SMP)

Version 1.1.5 - Deprecated
  • Bugfix: Restart webserver monitoring process after install
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • System Base module >= 1.0.0

Version 1.1.4 - Deprecated
  • Improvement: Enabled mod_rewrite (M0006817)
  • Deprecated: webserver monitoring process is not restarted after install
  • Dependency:
    • System Base module >= 1.0.0

Version 1.1.3 - Deprecated
  • Bugfix: Make webserver monitoring process compatible with productized SMP
  • Deprecated: webserver monitoring process is not restarted after install
  • Dependency:
    • System Base module >= 1.0.0

Version 1.1.2 - Deprecated
  • Bugfix: SSL certificate generation could fail on Active-Standy setups(M0006311)
  • Improvement: Disable Apache2 KeepAlive by default (M0006060)
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • System Base module >= 1.0.0

Version 1.1.1 - Deprecated
  • Bugfix: Keepalive timeout setting was not taken into account
  • Bugfix: Incorrect version of the package was installed on version 1.1.0
  • Improvement: Moved web server related packages to the Web Server module (M6026)
  • Improvement: Compatibility with Baseline 3 (M6026)
  • Feature: Add TLS support for Communication Server (M6261)
  • Bugfix: SSL certificate generation could fail on Active-Standy setups(M0006311)
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • System Base module >= 1.0.0

Version 1.1.0 - Deprecated
  • Feature: Allow the use of NameVirtualHosts.
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • SOP Base Module >= 1.2.0

Version 1.0.2 - Deprecated
  • Bugfix: Enable Multiviews
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • SOP Base Module >= 1.2.0

Version 1.0.1 - Deprecated
  • Feature: Enable MultiViews.
  • Deprecated: Installation fails due to bad configuration.
  • Dependency:
    • SOP Base Module >= 1.2.0

Version 1.0.0 - Deprecated
  • Feature: Potential update impact level 3 DONE: in the event this update contains a bug, it might have critical impact. ERROR! Given the complexity of the update, it is advised to contact ESCAUX support before applying this update. initial release (M0004400)
  • Deprecated: Vulnerable to CVE-2011-319 (M17647)
  • Dependency:
    • SOP Base Module >= 1.2.0

Module configuration interface

create_resource_form: .:/usr/share/escaux/glue/lib:/usr/share/escaux/glue/bin/gen_wiki_documentation/src/lib:/usr/share/escaux/glue/bin/gen_wiki_documentation/src/lib/

Mode
Local access Only
Certificate validity (in days, default is 2920)
KeepAliveTimeout Directive (in seconds, leave empty to disable, default is disabled)
Generate new certificates
Alternative names
Install Websocket Proxy
Timeout (in seconds, default 300)
Disable default site

Module configuration parameters

  • Mode:
    • Compatibility: Will not change the SSH configuration (net.Desktop service if any stays available through SSH on port 4446). This is the default value.
    • Secure: net.Desktop service will be made available through SSL on port 4446 instead of SSH. This is required if net.Desktop is used in secure mode. IMPORTANT: If you want to configure net.Desktop in secure mode, please reinstall net.Desktop module in secure mode before installing this module.
  • Local access Only: Set to yes to only allow access to the web server from the SOP itself. Default = no.
  • Certificate validity: This module generates a self signed SSL certificate. With this parameter you define how long the SSL certificate is valid. (Moved in Certificate Generator since 2.0.0)
  • KeepAliveTimeout Directive: With this parameter you can define how long the web server will keep the connection open when there are no requests from clients. 15s by default up to version 1.1.1, disabled by default as from version 1.1.2
  • Generate new certificates: When set to no, the existing certificates will be kept. Note that Apache won't work correctly if the certificates have never been generated. Default = yes (Moved in Certificate Generator since 2.0.0)
  • Alternative names: Comma separated list of SSL hostnames (Alternative Names), that will be requested when generating the certificate. Note that this does not mean that the request will be accepted. The SMP configuration limits the names you can use here. (Moved in Certificate Generator since 2.0.0)
  • Install Websocket Proxy: Yes if a webocket proxy has to be installed. Otherwise No.
  • Timeout: Set the virtual host timeout for the default server virtual host. Default value is set to 300.

Copyright © Escaux SA