[authserver.git] / etc / apache / vhost.authserver.conf

<VirtualHost *:443>
  ServerAdmin webmaster@example.com
  ServerName auth.example.com
  ServerAlias www.auth.example.com
  DocumentRoot /path/to/app

  Alias /piwik /path/to/piwik

  AddCharset UTF-8 .html .css .js

  CustomLog /path/to/http.log combined
  ErrorLog /path/to/error.log

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat)
  SSLHonorCipherOrder on
  SSLCompression off
  #SSLSessionTickets off
  SSLUseStapling on
  # Use HSTS
  Header add Strict-Transport-Security "max-age=15768000"

  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-

  # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com
  SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem
  SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem
</VirtualHost>
<VirtualHost *:80>
  ServerAdmin webmaster@example.com
  ServerName auth.example.com
  ServerAlias www.auth.example.com
  DocumentRoot /path/to/app

  Alias /piwik /path/to/piwik

  AddCharset UTF-8 .html .css .js

  # common catch-all redirect
  RedirectMatch permanent ^(.*)$ https://auth.example.com/$1

  CustomLog /path/to/http.log combined
  ErrorLog /path/to/error.log
</VirtualHost>
<Directory "/path/to/">
  # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here.
  Options None
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>
Commit	Line	Data
7910ec9b RK	1	<VirtualHost *:443>
	2	ServerAdmin webmaster@example.com
	3	ServerName auth.example.com
	4	ServerAlias www.auth.example.com
	5	DocumentRoot /path/to/app
	6
	7	Alias /piwik /path/to/piwik
	8
	9	AddCharset UTF-8 .html .css .js
	10
	11	CustomLog /path/to/http.log combined
	12	ErrorLog /path/to/error.log
	13
	14	SSLEngine on
	15	SSLProtocol all -SSLv2 -SSLv3
	16	# From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat)
	17	SSLHonorCipherOrder on
	18	SSLCompression off
	19	#SSLSessionTickets off
	20	SSLUseStapling on
	21	# Use HSTS
	22	Header add Strict-Transport-Security "max-age=15768000"
	23
	24	SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-
	25
	26	# certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com
	27	SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem
	28	SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem
	29	</VirtualHost>
	30	<VirtualHost *:80>
	31	ServerAdmin webmaster@example.com
	32	ServerName auth.example.com
	33	ServerAlias www.auth.example.com
	34	DocumentRoot /path/to/app
	35
	36	Alias /piwik /path/to/piwik
	37
	38	AddCharset UTF-8 .html .css .js
	39
	40	# common catch-all redirect
	41	RedirectMatch permanent ^(.*)$ https://auth.example.com/$1
	42
	43	CustomLog /path/to/http.log combined
	44	ErrorLog /path/to/error.log
	45	</VirtualHost>
	46	<Directory "/path/to/">
	47	# If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here.
	48	Options None
	49	AllowOverride All
	50	Order allow,deny
	51	Allow from all
	52	</Directory>