From 0632591996893fe136a1f2fe44d9b9f404f41f3e Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Thu, 1 Nov 2018 13:30:58 +0100 Subject: Initial commit --- localfs/etc/httpd/conf.d/vhosts.d/jango104.conf | 140 ++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 localfs/etc/httpd/conf.d/vhosts.d/jango104.conf (limited to 'localfs/etc/httpd/conf.d/vhosts.d/jango104.conf') diff --git a/localfs/etc/httpd/conf.d/vhosts.d/jango104.conf b/localfs/etc/httpd/conf.d/vhosts.d/jango104.conf new file mode 100644 index 0000000..b3cade8 --- /dev/null +++ b/localfs/etc/httpd/conf.d/vhosts.d/jango104.conf @@ -0,0 +1,140 @@ +AddDefaultCharset UTF-8 + + ServerAdmin some.email@comain.de + DocumentRoot "/var/www/vhosts/jango104.domain.de" + ServerName jango104.domain.de + ServerAlias jango104.domain.world jango104.domain.de jango104 + ErrorLog "/var/log/httpd/jango104.domain.de-error.log" + CustomLog "/var/log/httpd/jango104.domain.de-access.log" common + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] + + + ServerAdmin some.email@domain.de + DocumentRoot "/var/www/vhosts/jango104.domain.de" + ServerName jango104.domain.de + ServerAlias jango104.domain.world jango104.domain.de jango104 + Alias "/errors" "/var/www/errors" + ErrorLog "/var/log/httpd/jango104.domain.de-ssl-error.log" + CustomLog "/var/log/httpd/jango104.domain.de-ssl-access.log" common + ErrorDocument 401 "/errors/401.html" + ErrorDocument 403 "/errors/403.html" + ErrorDocument 404 "/errors/404.html" + + Options FollowSymLinks + AllowOverride none + + + Options -Indexes + AllowOverride None + + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions +ShowForbidden +NameWidth=* + AllowOverride None + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks Multiviews + IndexOptions +ShowForbidden +Namewidth=* + AllowOverride all + + Require all granted + + + + Options Indexes FollowSymlinks MultiViews + IndexOptions +NameWidth=* + AllowOverride None + AuthType Basic + AuthName "gibe login" + AuthBasicProvider file + AuthUserFile "/etc/httpd/htaccess.d/redhat" + + Require user company + Require valid-user + + + + Options Indexes FollowSymlinks MultiViews + IndexOptions +NameWidth=* + AllowOverride None + AuthType Basic + AuthName "gibe login" + AuthBasicProvider file + AuthUserFile "/etc/httpd/htaccess.d/redhat" + + Require user company + Require valid-user + + + SSLEngine on + SSLProtocol all -SSLv3 + SSLProxyProtocol all -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + + # Feck snakeoil. Root CA and Intermed CA from root server, cert is a) chained and b) set up with higher ciphers. + # (Although, admittedly, there's way worse snakeoils than on Fedora 27, but still it's snakeoil.) + SSLCertificateFile /etc/pki/tls/certs/jango104.crt + SSLCertificateKeyFile /etc/pki/tls/private/jango104.key + #SSLCertificateChainFile /etc/pki/tls/certs/jango104.crt + #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + -- cgit v1.2.3