From db5df7e8f8a76a536338a27b5b359d1edac9d72a Mon Sep 17 00:00:00 2001 From: "Begerad, Stefan" Date: Fri, 6 May 2022 15:19:51 +0200 Subject: [PATCH] feat: add example virtual host conf file for apache2 proxy --- etc/apache2/sites-available/example.conf | 51 ++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 etc/apache2/sites-available/example.conf diff --git a/etc/apache2/sites-available/example.conf b/etc/apache2/sites-available/example.conf new file mode 100644 index 0000000..bfe4620 --- /dev/null +++ b/etc/apache2/sites-available/example.conf @@ -0,0 +1,51 @@ + + +RewriteEngine On +RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + + + + + +ServerAdmin admin@foo.bar +ServerName foo.bar +ServerAlias www.foo.bar + +#proxy settings +ProxyPreserveHost On +ProxyAddHeaders Off +ProxyRequests Off + +#set proxy so that a web service can use a server running on port 54321 +ProxyPass /route https://foo.bar:54321 +ProxyPassReverse /route https://foo.bar:54321 + +DocumentRoot /var/www/foo.bar/public_html + + +Options Indexes FollowSymLinks +AllowOverride All +Require all granted + + +ErrorLog ${APACHE_LOG_DIR}/foo.bar-error.log +CustomLog ${APACHE_LOG_DIR}/foo.bar-access.log combined + +SSLProxyEngine On +SSLEngine On +SSLCertificateFile /etc//cert.pem +SSLCertificateKeyFile /etc//private.key + +# enable HTTP/2, if available +Protocols h2 http/1.1 + +# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) +Header always set Strict-Transport-Security "max-age=63072000" + + + +# intermediate configuration +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1307:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +SSLHonorCipherOrder off +SSLSessionTickets off