Commit | Line | Data |
---|---|---|
7910ec9b RK |
1 | <VirtualHost *:443> |
2 | ServerAdmin webmaster@example.com | |
3 | ServerName auth.example.com | |
4 | ServerAlias www.auth.example.com | |
5 | DocumentRoot /path/to/app | |
6 | ||
7 | Alias /piwik /path/to/piwik | |
8 | ||
9 | AddCharset UTF-8 .html .css .js | |
10 | ||
11 | CustomLog /path/to/http.log combined | |
12 | ErrorLog /path/to/error.log | |
13 | ||
14 | SSLEngine on | |
15 | SSLProtocol all -SSLv2 -SSLv3 | |
16 | # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat) | |
17 | SSLHonorCipherOrder on | |
18 | SSLCompression off | |
19 | #SSLSessionTickets off | |
20 | SSLUseStapling on | |
21 | # Use HSTS | |
22 | Header add Strict-Transport-Security "max-age=15768000" | |
23 | ||
24 | SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128- | |
25 | ||
26 | # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com | |
27 | SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem | |
28 | SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem | |
29 | </VirtualHost> | |
30 | <VirtualHost *:80> | |
31 | ServerAdmin webmaster@example.com | |
32 | ServerName auth.example.com | |
33 | ServerAlias www.auth.example.com | |
34 | DocumentRoot /path/to/app | |
35 | ||
36 | Alias /piwik /path/to/piwik | |
37 | ||
38 | AddCharset UTF-8 .html .css .js | |
39 | ||
40 | # common catch-all redirect | |
41 | RedirectMatch permanent ^(.*)$ https://auth.example.com/$1 | |
42 | ||
43 | CustomLog /path/to/http.log combined | |
44 | ErrorLog /path/to/error.log | |
45 | </VirtualHost> | |
46 | <Directory "/path/to/"> | |
47 | # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here. | |
48 | Options None | |
49 | AllowOverride All | |
50 | Order allow,deny | |
51 | Allow from all | |
52 | </Directory> |