-
Notifications
You must be signed in to change notification settings - Fork 71
Example configuration: apache
Thomas Pike edited this page May 14, 2018
·
1 revision
<VirtualHost *:80>
ServerName ska.example.com
Redirect permanent / https://ska.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName ska.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCertificateFile /etc/letsencrypt/live/ska.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ska.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/ska.example.com/chain.pem
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
DocumentRoot /srv/ska/public_html
<Directory /srv/ska/public_html>
AuthType Basic
AuthName "SSH Key Authority"
AuthBasicProvider ldap
AuthLDAPURL ldaps://ldap.example.com/dc=example,dc=com?uid?sub?(objectClass=inetOrgPerson)
Require valid-user
AllowOverride none
</Directory>
DirectoryIndex init.php
FallbackResource /init.php
AllowEncodedSlashes NoDecode
</VirtualHost>