freecloud/roles/nextcloud/templates/apacheconf.conf

# Freedom Cloud. Management code for a self-hosted file server.
# Copyright (C) 2019  Kris Lamoureux
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.


<VirtualHost *:80>
        ServerName {{ nc_domain }}
        ServerAdmin {{ nc_admin }}

        RewriteEngine On
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>


<VirtualHost *:443>
        ServerName {{ nc_domain }}

        ServerAdmin {{ nc_admin }}
        DocumentRoot {{ nc_docroot }}

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/{{ nc_domain }}/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/{{ nc_domain }}/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/{{ nc_domain }}/chain.pem

        Protocols h2 http/1.1

        Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>


<Directory {{ nc_docroot }}>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted

    php_value memory_limit 512M
</Directory>

SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

# vim: syntax=apache
Basic Nextcloud Installation on Debian 10 A basic installation of Nextcloud 16 Stable on Debian Stable. 2019-07-11 05:41:05 +00:00			`# Freedom Cloud. Management code for a self-hosted file server.`
			`# Copyright (C) 2019 Kris Lamoureux`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, version 3 of the License.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`


			`<VirtualHost *:80>`
			`ServerName {{ nc_domain }}`
Enabled HTTPS on Let's Encrypt Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings. 2019-07-13 03:23:01 +00:00			`ServerAdmin {{ nc_admin }}`

			`RewriteEngine On`
			`RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]`

			`ErrorLog ${APACHE_LOG_DIR}/error.log`
			`CustomLog ${APACHE_LOG_DIR}/access.log combined`

			`</VirtualHost>`


			`<VirtualHost *:443>`
			`ServerName {{ nc_domain }}`
Basic Nextcloud Installation on Debian 10 A basic installation of Nextcloud 16 Stable on Debian Stable. 2019-07-11 05:41:05 +00:00
			`ServerAdmin {{ nc_admin }}`
			`DocumentRoot {{ nc_docroot }}`

			`ErrorLog ${APACHE_LOG_DIR}/error.log`
			`CustomLog ${APACHE_LOG_DIR}/access.log combined`

Enabled HTTPS on Let's Encrypt Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings. 2019-07-13 03:23:01 +00:00			`SSLEngine on`
			`SSLCertificateFile /etc/letsencrypt/live/{{ nc_domain }}/cert.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/{{ nc_domain }}/privkey.pem`
			`SSLCertificateChainFile /etc/letsencrypt/live/{{ nc_domain }}/chain.pem`

			`Protocols h2 http/1.1`

			`Header always set Strict-Transport-Security "max-age=63072000"`
Basic Nextcloud Installation on Debian 10 A basic installation of Nextcloud 16 Stable on Debian Stable. 2019-07-11 05:41:05 +00:00			`</VirtualHost>`

Enabled HTTPS on Let's Encrypt Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings. 2019-07-13 03:23:01 +00:00
Basic Nextcloud Installation on Debian 10 A basic installation of Nextcloud 16 Stable on Debian Stable. 2019-07-11 05:41:05 +00:00			`<Directory {{ nc_docroot }}>`
			`Options Indexes FollowSymLinks`
			`AllowOverride All`
			`Require all granted`

			`php_value memory_limit 512M`
			`</Directory>`

Enabled HTTPS on Let's Encrypt Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings. 2019-07-13 03:23:01 +00:00			`SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1`
			`SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`
			`SSLHonorCipherOrder off`
			`SSLSessionTickets off`

			`SSLUseStapling On`
			`SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"`

Basic Nextcloud Installation on Debian 10 A basic installation of Nextcloud 16 Stable on Debian Stable. 2019-07-11 05:41:05 +00:00			`# vim: syntax=apache`
Enabled HTTPS on Let's Encrypt Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings. 2019-07-13 03:23:01 +00:00