A little bit harsh but effective, I guess
I just had to work on samba logging. During this, I had the idea that you could introduce a new UCR variable like apache2/ssl/listenport
and set it to something you want. Then you could have edited the template in /etc/univention/templates/files/etc/apache2/sites-available/ssl.d/00start
:
@%@UCRWARNING=# @%@
<IfModule mod_ssl.c>
@!@
print('<VirtualHost *:%s>' % configRegistry.get('apache2/ssl/listenport', 443))
@!@
IncludeOptional /etc/apache2/ucs-sites.conf.d/*.conf
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
@!@
if configRegistry.get('apache2/ssl/certificate'):
print(' SSLCertificateFile %s' % configRegistry.get('apache2/ssl/certificate'))
else:
print(' SSLCertificateFile /etc/univention/ssl/%s.%s/cert.pem' % (configRegistry.get('hostname'), configRegistry.get('domainname')))
if configRegistry.get('apache2/ssl/key'):
print(' SSLCertificateKeyFile %s' % configRegistry.get('apache2/ssl/key'))
else:
print(' SSLCertificateKeyFile /etc/univention/ssl/%s.%s/private.key' % (configRegistry.get('hostname'), configRegistry.get('domainname')))
if configRegistry.get('apache2/ssl/ca'):
print(' SSLCACertificateFile %s' % configRegistry.get('apache2/ssl/ca'))
else:
print(' SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem')
if configRegistry.get('apache2/ssl/certificatechain'):
print(' SSLCertificateChainFile %s' % configRegistry.get('apache2/ssl/certificatechain'))
@!@
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
### To enable special log format for HTTPS-access
# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %p" combinedssl
# CustomLog /var/log/apache2/access.log combinedssl ## with port number
Of course, there might be other templates to consider. Generally, I’m cautious to edit the templates. I’d prefer Univention to include such variables.