From a407af3f03b31ec653a21ba0e1db49389c68c246 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Feb 2015 21:55:39 -0400 Subject: propellor spin --- src/Propellor/Property/Apache.hs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index e598de1f..a7c7e690 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -70,13 +70,17 @@ reloaded = Service.reloaded "apache2" -- | Configure apache to use SNI to differentiate between -- https hosts. +-- +-- This was off by default in apache 2.2.22. Newver versions enable +-- it by default. This property uses the filename used by the old version. multiSSL :: Property NoInfo -multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent` - [ "NameVirtualHost *:443" - , "SSLStrictSNIVHostCheck off" - ] - `describe` "apache SNI enabled" - `onChange` reloaded +multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $ + "/etc/apache2/conf.d/ssl" `File.hasContent` + [ "NameVirtualHost *:443" + , "SSLStrictSNIVHostCheck off" + ] + `describe` "apache SNI enabled" + `onChange` reloaded -- | Config file fragment that can be inserted into a -- stanza to allow global read access to the directory. -- cgit v1.2.3