File tree 1 file changed +7
-4
lines changed
1 file changed +7
-4
lines changed Original file line number Diff line number Diff line change @@ -1676,17 +1676,20 @@ Resources:
16761676 echo "sudo /opt/certbot/bin/pip install --upgrade certbot-apache" >> /home/ec2-user/update-certbot
16771677 yum install -q -y httpd mod_ssl mod_fcgid
16781678 systemctl enable httpd
1679- cp /etc/httpd/conf.modules.d/00-mpm.conf /etc/httpd/conf.modules.d/00-mpm.conf."`date +"%Y-%m-%d"`"
1679+ cp /etc/httpd/conf.modules.d/00-mpm.conf /etc/httpd/conf.modules.d/00-mpm.conf."`date +"%Y-%m-%d"`"
1680+
16801681 # Apache MPM event: https://httpd.apache.org/docs/2.4/mod/event.html
16811682 sed -i "s/^LoadModule mpm_prefork_module/#&/" /etc/httpd/conf.modules.d/00-mpm.conf
16821683 sed -i "/^#LoadModule mpm_event_module/a LoadModule mpm_event_module modules/mod_mpm_event.so" /etc/httpd/conf.modules.d/00-mpm.conf
1683- cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf."`date +"%Y-%m-%d"`"
1684+ cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf."`date +"%Y-%m-%d"`"
1685+
16841686 # Harden TLS
16851687 sed -i "s/^SSLProtocol/#&/" /etc/httpd/conf.d/ssl.conf
16861688 sed -i "/^#SSLProtocol/a SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1" /etc/httpd/conf.d/ssl.conf
16871689 sed -i "s/^SSLCipherSuite/#&/" /etc/httpd/conf.d/ssl.conf
1688- ed -i "/^#SSLCipherSuite RC4/a SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256" /etc/httpd/conf.d/ssl.conf
1689- # virtual host: for Certbot
1690+ sed -i "/^#SSLCipherSuite RC4/a SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256" /etc/httpd/conf.d/ssl.conf
1691+
1692+ # virtual host: for Certbot
16901693 cat << EoF > /etc/httpd/conf.d/www.conf
16911694 <VirtualHost *:80>
16921695 ServerAdmin webmaster@localhost
You can’t perform that action at this time.
0 commit comments