52 lines
1.4 KiB
Plaintext
52 lines
1.4 KiB
Plaintext
<VirtualHost *:80>
|
|
|
|
RewriteEngine On
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
|
|
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerAdmin admin@foo.bar
|
|
ServerName foo.bar
|
|
ServerAlias www.foo.bar
|
|
|
|
#proxy settings
|
|
ProxyPreserveHost On
|
|
ProxyAddHeaders Off
|
|
ProxyRequests Off
|
|
|
|
#set proxy so that a web service can use a server running on port 54321
|
|
ProxyPass /route https://foo.bar:54321
|
|
ProxyPassReverse /route https://foo.bar:54321
|
|
|
|
DocumentRoot /var/www/foo.bar/public_html
|
|
|
|
<Directory /var/www/foo.bar/public_html>
|
|
Options Indexes FollowSymLinks
|
|
AllowOverride All
|
|
Require all granted
|
|
</Directory>
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/foo.bar-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/foo.bar-access.log combined
|
|
|
|
SSLProxyEngine On
|
|
SSLEngine On
|
|
SSLCertificateFile /etc/<path>/cert.pem
|
|
SSLCertificateKeyFile /etc/<path>/private.key
|
|
|
|
# enable HTTP/2, if available
|
|
Protocols h2 http/1.1
|
|
|
|
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
|
|
Header always set Strict-Transport-Security "max-age=63072000"
|
|
|
|
</VirtualHost>
|
|
|
|
# intermediate configuration
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1307:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|