olavf

Untitled

Mar 5th, 2019
107
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <VirtualHost *:80>
  2. ServerName foo.bar
  3. ServerAlias www.foo.bar, *.foo.bar
  4.  
  5. RedirectPermanent / https://foo.bar
  6. </VirtualHost>
  7.  
  8. <VirtualHost *:443>
  9. ServerName foo.bar
  10. ServerAlias www.foo.bar, *.foo.bar
  11.  
  12. DocumentRoot /home/diaspora/diaspora/public
  13.  
  14. RewriteEngine On
  15.  
  16. RewriteCond %{HTTP_HOST} !^diaspora\.foo.bar [NC]
  17. RewriteRule ^/(.*)$ https://diaspora\.foo\.bar/$1 [L,R,QSA]
  18.  
  19. # For Camo support
  20. #RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
  21.  
  22. RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  23. RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
  24.  
  25. <Proxy balancer://upstream>
  26. # Recommended, using a unix socket (Requires Apache >= 2.4)
  27. BalancerMember unix:///home/diaspora/diaspora/tmp/diaspora.sock|https://
  28. # Alternatively let diaspora listen on a local port (Use this for Apache < 2.4)
  29. # BalancerMember http://localhost:3000
  30. </Proxy>
  31.  
  32. # For Camo support
  33. #<Proxy balancer://camo>
  34. # BalancerMember http://localhost:8081
  35. #</Proxy>
  36.  
  37. ProxyRequests Off
  38. ProxyVia On
  39. ProxyPreserveHost On
  40. RequestHeader set X_FORWARDED_PROTO https
  41.  
  42. <Proxy *>
  43. # Apache < 2.4
  44. #Order allow,deny
  45. #Allow from all
  46. # Apache >= 2.4
  47. Require all granted
  48. </Proxy>
  49.  
  50. <Directory /home/diaspora/diaspora/public>
  51. Options -MultiViews
  52. # Apache < 2.4
  53. #Allow from all
  54. #AllowOverride all
  55. # Apache >= 2.4
  56. Require all granted
  57. </Directory>
  58.  
  59. SSLEngine On
  60. SSLCertificateFile /etc/letsencrypt/live/foo.bar/cert.pem
  61. SSLCertificateKeyFile /etc/letsencrypt/live/foo.bar/privkey.pem
  62.  
  63. # Might not needed, needs for example for StartSSL to point to a local
  64. # copy of https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
  65. # For Let's encrypt it should point to /etc/letsencrypt/live/diaspora.example.org/chain.pem
  66. SSLCertificateChainFile /etc/letsencrypt/live/foo.bar/chain.pem
  67.  
  68.  
  69. # Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configurati$
  70. SSLProtocol all -SSLv2 -SSLv3
  71. SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-A$
  72. SSLHonorCipherOrder on
  73. SSLCompression off
  74. </VirtualHost>
RAW Paste Data