# V /etc/apache2/sites-enabled pouze tento soubor a nic jineho. Napr:# /etc/ap

1. # V /etc/apache2/sites-enabled pouze tento soubor a nic jineho. Napr:
2. # /etc/apache2/sites-enabled/000-default.conf
3. # Spustit tento prikaz:
4. # $ sudo a2enmod headers
5. # Nakonec restartovat apache:
6. # $ sudo systemctl restart apache2
7.  
8. <VirtualHost *:80>
9. ServerAdmin jeda00@vse.cz
10. DocumentRoot /var/www/html
11.  
12. CustomLog ${APACHE_LOG_DIR}/access.log combined
13.  
14. RewriteEngine on
15. RewriteCond %{SERVER_NAME} =bis037.vse.cz
16. RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
17. </VirtualHost>
18.  
19. <VirtualHost *:443>
20. ServerAdmin jeda00@vse.cz
21. DocumentRoot /var/www/html
22.  
23. ErrorLog ${APACHE_LOG_DIR}/error.log
24. CustomLog ${APACHE_LOG_DIR}/access.log combined
25.  
26. ServerName bis037.vse.cz
27. SSLCertificateFile /etc/letsencrypt/live/bis037.vse.cz/fullchain.pem
28. SSLCertificateKeyFile /etc/letsencrypt/live/bis037.vse.cz/privkey.pem
29.  
30. SSLEngine on
31.  
32. SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
33. SSLHonorCipherOrder off
34. SSLSessionTickets off
35. SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
36. SSLHonorCipherOrder on
37. SSLCompression off
38.  
39. SSLOptions +StrictRequire
40.  
41. Protocols h2 http/1.1
42. Header always set Strict-Transport-Security "max-age=63072000"
43.  
44. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
45. LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
46. </VirtualHost>
47.  
48.  
49. SSLUseStapling On
50. SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"