| 1 | <VirtualHost *:443> |
| 2 | ServerAdmin webmaster@example.com |
| 3 | ServerName auth.example.com |
| 4 | ServerAlias www.auth.example.com |
| 5 | DocumentRoot /path/to/app |
| 6 | |
| 7 | Alias /piwik /path/to/piwik |
| 8 | |
| 9 | AddCharset UTF-8 .html .css .js |
| 10 | |
| 11 | CustomLog /path/to/http.log combined |
| 12 | ErrorLog /path/to/error.log |
| 13 | |
| 14 | SSLEngine on |
| 15 | SSLProtocol all -SSLv2 -SSLv3 |
| 16 | # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat) |
| 17 | SSLHonorCipherOrder on |
| 18 | SSLCompression off |
| 19 | #SSLSessionTickets off |
| 20 | SSLUseStapling on |
| 21 | # Use HSTS |
| 22 | Header add Strict-Transport-Security "max-age=15768000" |
| 23 | |
| 24 | SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128- |
| 25 | |
| 26 | # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com |
| 27 | SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem |
| 28 | SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem |
| 29 | </VirtualHost> |
| 30 | <VirtualHost *:80> |
| 31 | ServerAdmin webmaster@example.com |
| 32 | ServerName auth.example.com |
| 33 | ServerAlias www.auth.example.com |
| 34 | DocumentRoot /path/to/app |
| 35 | |
| 36 | Alias /piwik /path/to/piwik |
| 37 | |
| 38 | AddCharset UTF-8 .html .css .js |
| 39 | |
| 40 | # common catch-all redirect |
| 41 | RedirectMatch permanent ^(.*)$ https://auth.example.com/$1 |
| 42 | |
| 43 | CustomLog /path/to/http.log combined |
| 44 | ErrorLog /path/to/error.log |
| 45 | </VirtualHost> |
| 46 | <Directory "/path/to/"> |
| 47 | # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here. |
| 48 | Options None |
| 49 | AllowOverride All |
| 50 | Order allow,deny |
| 51 | Allow from all |
| 52 | </Directory> |