| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- <VirtualHost _default_:443>
- #ServerName www.example.com:443
- ServerAdmin webmaster@localhost
- DocumentRoot "/srv/www/apache"
- <Directory "/srv/www/apache">
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
- </Directory>
- ErrorLog ${APACHE_LOG_DIR}/002-default-ssl.error.log
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.access.log combined
- <IfModule http2_module>
- Protocols h2 http/1.1
- </IfModule>
- SSLEngine on
- SSLCertificateFile "/etc/apache/server.crt"
- SSLCertificateKeyFile "/etc/apache/server.key"
- #SSLCertificateChainFile "/etc/apache/server-ca.crt"
- #SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
- SSLProtocol All -SSLv2 -SSLv3
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
- SSLHonorCipherOrder On
- SSLCompression off
- SSLUseStapling on
-
- SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
- # Requires Apache >= 2.4.11
- SSLSessionTickets Off
-
- #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
- #Header always set X-Frame-Options DENY
- #Header always set X-Content-Type-Options nosniff
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory "/srv/www/apache/cgi-bin">
- SSLOptions +StdEnvVars
- </Directory>
- BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_request.log ssl_info
- CustomLog ${APACHE_LOG_DIR}/002-default-ssl.ssl_browser.log ssl_info_browser
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
