Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NameVirtualHost *:80
- Listen 80
- <IfModule mod_ssl.c>
- # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
- # to <VirtualHost *:443>
- # Server Name Indication for SSL named virtual hosts is currently not
- # supported by MSIE on Windows XP.
- NameVirtualHost *:443
- Listen 443
- </IfModule>
- <IfModule mod_gnutls.c>
- # Listen 443
- </IfModule>
- <VirtualHost *:80>
- ServerName mydomain.com:80
- SSLEngine off
- DocumentRoot /var/www/www-root/data/www/mydomain.com
- ServerAdmin admin@mydomain.com
- AddDefaultCharset UTF-8
- AssignUserID www-root www-root
- CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
- ErrorLog /var/www/httpd-logs/mydomain.com.error.log
- <FilesMatch ".ph(p[3-5]?|tml)$">
- SetHandler application/x-httpd-php
- </FilesMatch>
- ServerName mydomain.com
- ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
- ScriptAlias /php-bin/ /var/www/php-bin/www-root/
- ServerAlias www.mydomain.com
- <FilesMatch ".phps$">
- SetHandler application/x-httpd-php-source
- </FilesMatch>
- <IfModule php5_module>
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
- php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
- php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
- php_admin_value open_basedir "none"
- </IfModule>
- <IfModule php7_module>
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
- php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
- php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
- php_admin_value open_basedir "none"
- </IfModule>
- </VirtualHost>
- <Directory /var/www/www-root/data/www/mydomain.com>
- AllowOverride All
- Options +Includes +ExecCGI
- <IfModule php5_module>
- php_admin_flag engine on
- </IfModule>
- <IfModule php7_module>
- php_admin_flag engine on
- </IfModule>
- </Directory>
- <VirtualHost *:443>
- ServerName mydomain.com:443
- DocumentRoot /var/www/www-root/data/www/mydomain.com
- ServerAdmin admin@mydomain.com
- AddDefaultCharset UTF-8
- SSLEngine on
- SSLCertificateFile "/var/www/httpd-cert/www-root/mydomain.com.crt"
- SSLCertificateKeyFile "/var/www/httpd-cert/www-root/mydomain.com.key"
- SSLCertificateChainFile "/var/www/httpd-cert/www-root/mydomain.com.ca"
- SSLHonorCipherOrder on
- SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
- SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
- AssignUserID www-root www-root
- CustomLog /var/www/httpd-logs/mydomain.com443.access.log combined
- ErrorLog /var/www/httpd-logs/mydomain.com443.error.log
- <FilesMatch ".ph(p[3-5]?|tml)$">
- SetHandler application/x-httpd-php
- </FilesMatch>
- ServerName mydomain.com
- ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
- CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
- ErrorLog /var/www/httpd-logs/mydomain.com.error.log
- ScriptAlias /php-bin/ /var/www/php-bin/www-root/
- ServerAlias www.mydomain.com
- <FilesMatch ".phps$">
- SetHandler application/x-httpd-php-source
- </FilesMatch>
- <IfModule php5_module>
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
- php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
- php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
- php_admin_value open_basedir "none"
- </IfModule>
- <IfModule php7_module>
- php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
- php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
- php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
- php_admin_value open_basedir "none"
- </IfModule>
- </VirtualHost>
- <IfModule mod_ssl.c>
- #
- # Pseudo Random Number Generator (PRNG):
- # Configure one or more sources to seed the PRNG of the SSL library.
- # The seed data should be of good random quality.
- # WARNING! On some platforms /dev/random blocks if not enough entropy
- # is available. This means you then cannot use the /dev/random device
- # because it would lead to very long connection times (as long as
- # it requires to make more entropy available). But usually those
- # platforms additionally provide a /dev/urandom device which doesn't
- # block. So, if available, use this one instead. Read the mod_ssl User
- # Manual for more details.
- #
- SSLRandomSeed startup builtin
- SSLRandomSeed startup file:/dev/urandom 512
- SSLRandomSeed connect builtin
- SSLRandomSeed connect file:/dev/urandom 512
- ##
- ## SSL Global Context
- ##
- ## All SSL configuration in this context applies both to
- ## the main server and all SSL-enabled virtual hosts.
- ##
- #
- # Some MIME-types for downloading Certificates and CRLs
- #
- AddType application/x-x509-ca-cert .crt
- AddType application/x-pkcs7-crl .crl
- # Pass Phrase Dialog:
- # Configure the pass phrase gathering process.
- # The filtering dialog program (`builtin' is a internal
- # terminal dialog) has to provide the pass phrase on stdout.
- SSLPassPhraseDialog builtin
- # Inter-Process Session Cache:
- # Configure the SSL Session Cache: First the mechanism
- # to use and second the expiring timeout (in seconds).
- # (The mechanism dbm has known memory leaks and should not be used).
- #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
- SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
- SSLSessionCacheTimeout 300
- # Semaphore:
- # Configure the path to the mutual exclusion semaphore the
- # SSL engine uses internally for inter-process synchronization.
- SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate. See the
- # ciphers(1) man page from the openssl package for list of all available
- # options.
- # Enable only secure ciphers:
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
- # Speed-optimized SSL Cipher configuration:
- # If speed is your main concern (on busy HTTPS servers e.g.),
- # you might want to force clients to specific, performance
- # optimized ciphers. In this case, prepend those ciphers
- # to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
- # Caveat: by giving precedence to RC4-SHA and AES128-SHA
- # (as in the example below), most connections will no longer
- # have perfect forward secrecy - if the server's key is
- # compromised, captures of past or future traffic must be
- # considered compromised, too.
- #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
- #SSLHonorCipherOrder on
- # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
- SSLProtocol all -SSLv2
- # Allow insecure renegotiation with clients which do not yet support the
- # secure renegotiation protocol. Default: Off
- SSLInsecureRenegotiation off
- # Whether to forbid non-SNI clients to access name based virtual hosts.
- # Default: Off
- SSLStrictSNIVHostCheck off
- </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement