2 ServerAdmin webmaster@example.com
3 ServerName auth.example.com
4 ServerAlias www.auth.example.com
5 DocumentRoot /path/to/app
7 Alias /matomo /path/to/matomo
9 AddCharset UTF-8 .html .css .js
11 CustomLog /path/to/http.log combined
12 ErrorLog /path/to/error.log
15 SSLProtocol all -SSLv2 -SSLv3
16 # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat)
17 SSLHonorCipherOrder on
19 #SSLSessionTickets off
22 Header add Strict-Transport-Security "max-age=15768000"
24 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-
26 # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com
27 SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem
28 SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem
31 ServerAdmin webmaster@example.com
32 ServerName auth.example.com
33 ServerAlias www.auth.example.com
34 DocumentRoot /path/to/app
36 Alias /matomo /path/to/matomo
38 AddCharset UTF-8 .html .css .js
40 # common catch-all redirect
41 RedirectMatch permanent ^(.*)$ https://auth.example.com/$1
43 CustomLog /path/to/http.log combined
44 ErrorLog /path/to/error.log
46 <Directory "/path/to/">
47 # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here.