X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=etc%2Fapache%2Fvhost.authserver.conf;fp=etc%2Fapache%2Fvhost.authserver.conf;h=69d09f2d85f1b1ccb4c93ab433e3d38e49f1e6df;hp=0000000000000000000000000000000000000000;hb=7910ec9b0e30d686d8c003197830bac7d8e0f957;hpb=c80595d16281ccdfb16bd370e165bb86e759e96c
diff --git a/etc/apache/vhost.authserver.conf b/etc/apache/vhost.authserver.conf
new file mode 100644
index 0000000..69d09f2
--- /dev/null
+++ b/etc/apache/vhost.authserver.conf
@@ -0,0 +1,52 @@
+
+ ServerAdmin webmaster@example.com
+ ServerName auth.example.com
+ ServerAlias www.auth.example.com
+ DocumentRoot /path/to/app
+
+ Alias /piwik /path/to/piwik
+
+ AddCharset UTF-8 .html .css .js
+
+ CustomLog /path/to/http.log combined
+ ErrorLog /path/to/error.log
+
+ SSLEngine on
+ SSLProtocol all -SSLv2 -SSLv3
+ # From https://wiki.mozilla.org/Security/Server_Side_TLS#Apache (Nov 2016, Intermediate compat)
+ SSLHonorCipherOrder on
+ SSLCompression off
+ #SSLSessionTickets off
+ SSLUseStapling on
+ # Use HSTS
+ Header add Strict-Transport-Security "max-age=15768000"
+
+ SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-
+
+ # certbot certonly --agree-tos --webroot --non-interactive --agree-tos --email you@example.com --webroot-path /path/to/app/ --domains auth.example.com,www.auth.example.com
+ SSLCertificateFile /etc/certbot/live/auth.example.com/fullchain.pem
+ SSLCertificateKeyFile /etc/certbot/live/auth.example.com/privkey.pem
+
+
+ ServerAdmin webmaster@example.com
+ ServerName auth.example.com
+ ServerAlias www.auth.example.com
+ DocumentRoot /path/to/app
+
+ Alias /piwik /path/to/piwik
+
+ AddCharset UTF-8 .html .css .js
+
+ # common catch-all redirect
+ RedirectMatch permanent ^(.*)$ https://auth.example.com/$1
+
+ CustomLog /path/to/http.log combined
+ ErrorLog /path/to/error.log
+
+
+ # If you symlink app/ to your actual DocumentRoot, you'll need FollowSymLinks here.
+ Options None
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+