mirror of
https://github.com/krislamo/freecloud
synced 2024-09-20 01:50:34 +00:00
Kris Lamoureux
19c55ca2fb
Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings.
68 lines
2.2 KiB
ApacheConf
68 lines
2.2 KiB
ApacheConf
# Freedom Cloud. Management code for a self-hosted file server.
|
|
# Copyright (C) 2019 Kris Lamoureux
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 3 of the License.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
<VirtualHost *:80>
|
|
ServerName {{ nc_domain }}
|
|
ServerAdmin {{ nc_admin }}
|
|
|
|
RewriteEngine On
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
<VirtualHost *:443>
|
|
ServerName {{ nc_domain }}
|
|
|
|
ServerAdmin {{ nc_admin }}
|
|
DocumentRoot {{ nc_docroot }}
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/{{ nc_domain }}/cert.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/{{ nc_domain }}/privkey.pem
|
|
SSLCertificateChainFile /etc/letsencrypt/live/{{ nc_domain }}/chain.pem
|
|
|
|
Protocols h2 http/1.1
|
|
|
|
Header always set Strict-Transport-Security "max-age=63072000"
|
|
</VirtualHost>
|
|
|
|
|
|
<Directory {{ nc_docroot }}>
|
|
Options Indexes FollowSymLinks
|
|
AllowOverride All
|
|
Require all granted
|
|
|
|
php_value memory_limit 512M
|
|
</Directory>
|
|
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
|
|
SSLUseStapling On
|
|
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
|
|
|
# vim: syntax=apache
|
|
|