NameVirtualHost *:80Listen 80<IfModule mod_ssl.c> # If you add NameVirtua

1. NameVirtualHost *:80
2. Listen 80
3.  
4. <IfModule mod_ssl.c>
5. # If you add NameVirtualHost *:443 here, you will also have to change
6. # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
7. # to <VirtualHost *:443>
8. # Server Name Indication for SSL named virtual hosts is currently not
9. # supported by MSIE on Windows XP.
10. NameVirtualHost *:443
11. Listen 443
12. </IfModule>
13.  
14. <IfModule mod_gnutls.c>
15. # Listen 443
16. </IfModule>
17.  
18. <VirtualHost *:80>
19. ServerName mydomain.com:80
20. SSLEngine off
21. DocumentRoot /var/www/www-root/data/www/mydomain.com
22. ServerAdmin admin@mydomain.com
23. AddDefaultCharset UTF-8
24. AssignUserID www-root www-root
25. CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
26. ErrorLog /var/www/httpd-logs/mydomain.com.error.log
27. <FilesMatch ".ph(p[3-5]?|tml)$">
28. SetHandler application/x-httpd-php
29. </FilesMatch>
30. ServerName mydomain.com
31. ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
32. ScriptAlias /php-bin/ /var/www/php-bin/www-root/
33. ServerAlias www.mydomain.com
34. <FilesMatch ".phps$">
35. SetHandler application/x-httpd-php-source
36. </FilesMatch>
37. <IfModule php5_module>
38. php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
39. php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
40. php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
41. php_admin_value open_basedir "none"
42. </IfModule>
43. <IfModule php7_module>
44. php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
45. php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
46. php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
47. php_admin_value open_basedir "none"
48. </IfModule>
49. </VirtualHost>
50. <Directory /var/www/www-root/data/www/mydomain.com>
51. AllowOverride All
52. Options +Includes +ExecCGI
53. <IfModule php5_module>
54. php_admin_flag engine on
55. </IfModule>
56. <IfModule php7_module>
57. php_admin_flag engine on
58. </IfModule>
59. </Directory>
60. <VirtualHost *:443>
61. ServerName mydomain.com:443
62. DocumentRoot /var/www/www-root/data/www/mydomain.com
63. ServerAdmin admin@mydomain.com
64. AddDefaultCharset UTF-8
65. SSLEngine on
66. SSLCertificateFile "/var/www/httpd-cert/www-root/mydomain.com.crt"
67. SSLCertificateKeyFile "/var/www/httpd-cert/www-root/mydomain.com.key"
68. SSLCertificateChainFile "/var/www/httpd-cert/www-root/mydomain.com.ca"
69. SSLHonorCipherOrder on
70. SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
71. SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
72. AssignUserID www-root www-root
73. CustomLog /var/www/httpd-logs/mydomain.com443.access.log combined
74. ErrorLog /var/www/httpd-logs/mydomain.com443.error.log
75. <FilesMatch ".ph(p[3-5]?|tml)$">
76. SetHandler application/x-httpd-php
77. </FilesMatch>
78. ServerName mydomain.com
79. ScriptAlias /cgi-bin/ /var/www/www-root/data/www/mydomain.com/cgi-bin/
80. CustomLog /var/www/httpd-logs/mydomain.com.access.log combined
81. ErrorLog /var/www/httpd-logs/mydomain.com.error.log
82. ScriptAlias /php-bin/ /var/www/php-bin/www-root/
83. ServerAlias www.mydomain.com
84. <FilesMatch ".phps$">
85. SetHandler application/x-httpd-php-source
86. </FilesMatch>
87. <IfModule php5_module>
88. php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
89. php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
90. php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
91. php_admin_value open_basedir "none"
92. </IfModule>
93. <IfModule php7_module>
94. php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f admin@mydomain.com"
95. php_admin_value upload_tmp_dir "/var/www/www-root/data/mod-tmp"
96. php_admin_value session.save_path "/var/www/www-root/data/mod-tmp"
97. php_admin_value open_basedir "none"
98. </IfModule>
99. </VirtualHost>
100.  
101. <IfModule mod_ssl.c>
102. #
103. # Pseudo Random Number Generator (PRNG):
104. # Configure one or more sources to seed the PRNG of the SSL library.
105. # The seed data should be of good random quality.
106. # WARNING! On some platforms /dev/random blocks if not enough entropy
107. # is available. This means you then cannot use the /dev/random device
108. # because it would lead to very long connection times (as long as
109. # it requires to make more entropy available). But usually those
110. # platforms additionally provide a /dev/urandom device which doesn't
111. # block. So, if available, use this one instead. Read the mod_ssl User
112. # Manual for more details.
113. #
114. SSLRandomSeed startup builtin
115. SSLRandomSeed startup file:/dev/urandom 512
116. SSLRandomSeed connect builtin
117. SSLRandomSeed connect file:/dev/urandom 512
118.  
119. ##
120. ## SSL Global Context
121. ##
122. ## All SSL configuration in this context applies both to
123. ## the main server and all SSL-enabled virtual hosts.
124. ##
125.  
126. #
127. # Some MIME-types for downloading Certificates and CRLs
128. #
129. AddType application/x-x509-ca-cert .crt
130. AddType application/x-pkcs7-crl .crl
131.  
132. # Pass Phrase Dialog:
133. # Configure the pass phrase gathering process.
134. # The filtering dialog program (`builtin' is a internal
135. # terminal dialog) has to provide the pass phrase on stdout.
136. SSLPassPhraseDialog builtin
137.  
138. # Inter-Process Session Cache:
139. # Configure the SSL Session Cache: First the mechanism
140. # to use and second the expiring timeout (in seconds).
141. # (The mechanism dbm has known memory leaks and should not be used).
142. #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
143. SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
144. SSLSessionCacheTimeout 300
145.  
146. # Semaphore:
147. # Configure the path to the mutual exclusion semaphore the
148. # SSL engine uses internally for inter-process synchronization.
149. SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
150.  
151. # SSL Cipher Suite:
152. # List the ciphers that the client is permitted to negotiate. See the
153. # ciphers(1) man page from the openssl package for list of all available
154. # options.
155. # Enable only secure ciphers:
156. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
157.  
158. # Speed-optimized SSL Cipher configuration:
159. # If speed is your main concern (on busy HTTPS servers e.g.),
160. # you might want to force clients to specific, performance
161. # optimized ciphers. In this case, prepend those ciphers
162. # to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
163. # Caveat: by giving precedence to RC4-SHA and AES128-SHA
164. # (as in the example below), most connections will no longer
165. # have perfect forward secrecy - if the server's key is
166. # compromised, captures of past or future traffic must be
167. # considered compromised, too.
168. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
169. #SSLHonorCipherOrder on
170.  
171. # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
172. SSLProtocol all -SSLv2
173.  
174. # Allow insecure renegotiation with clients which do not yet support the
175. # secure renegotiation protocol. Default: Off
176. SSLInsecureRenegotiation off
177.  
178. # Whether to forbid non-SNI clients to access name based virtual hosts.
179. # Default: Off
180. SSLStrictSNIVHostCheck off
181.  
182. </IfModule>