X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=etc%2Fapache%2Fvhost.authserver.conf;fp=etc%2Fapache%2Fvhost.authserver.conf;h=69d09f2d85f1b1ccb4c93ab433e3d38e49f1e6df;hp=0000000000000000000000000000000000000000;hb=7910ec9b0e30d686d8c003197830bac7d8e0f957;hpb=c80595d16281ccdfb16bd370e165bb86e759e96c

diff --git a/etc/apache/vhost.authserver.conf b/etc/apache/vhost.authserver.conf
new file mode 100644
index 0000000..69d09f2
--- /dev/null
+++ b/etc/apache/vhost.authserver.conf
@@ -0,0 +1,52 @@
+<VirtualHost *:443>
+  ServerAdmin webmaster@example.com
+  ServerName auth.example.com
+  ServerAlias www.auth.example.com
+  DocumentRoot /path/to/app
+
+  Alias /piwik /path/to/piwik
+
+  AddCharset UTF-8 .html .css .js
+
+  CustomLog /path/to/http.log combined
+  ErrorLog /path/to/error.log
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat)
+  SSLHonorCipherOrder on
+  SSLCompression off
+  #SSLSessionTickets off
+  SSLUseStapling on
+  # Use HSTS
+  Header add Strict-Transport-Security "max-age=15768000"
+
+  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-
+
+  # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com
+  SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem
+  SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem
+</VirtualHost>
+<VirtualHost *:80>
+  ServerAdmin webmaster@example.com
+  ServerName auth.example.com
+  ServerAlias www.auth.example.com
+  DocumentRoot /path/to/app
+
+  Alias /piwik /path/to/piwik
+
+  AddCharset UTF-8 .html .css .js
+
+  # common catch-all redirect
+  RedirectMatch permanent ^(.*)$ https://auth.example.com/$1
+
+  CustomLog /path/to/http.log combined
+  ErrorLog /path/to/error.log
+</VirtualHost>
+<Directory "/path/to/">
+  # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here.
+  Options None
+  AllowOverride All
+  Order allow,deny
+  Allow from all
+</Directory>