| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- <VirtualHost _default_:443>
- DocumentRoot "/srv/www/apache"
- #ServerName www.example.com:443
- ServerAdmin webmaster@localhost
- ErrorLog ${APACHE_LOG_DIR}/002-default-ssl.error.log
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.access.log combined
- SSLEngine on
- SSLCertificateFile "/etc/apache/server.crt"
- SSLCertificateKeyFile "/etc/apache/server.key"
- #SSLCertificateChainFile "/etc/apache/server-ca.crt"
- #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
- SSLProtocol All -SSLv2 -SSLv3
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
- SSLHonorCipherOrder On
- SSLCompression off
- SSLUseStapling on
-
- SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
- # Requires Apache >= 2.4.11
- SSLSessionTickets Off
-
- #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
- #Header always set X-Frame-Options DENY
- #Header always set X-Content-Type-Options nosniff
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory "/srv/www/apache/cgi-bin">
- SSLOptions +StdEnvVars
- </Directory>
- BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_request.log ssl_info
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_browser.log ssl_info_browser
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
