apache setting

1. <VirtualHost *:443>
2. ServerAdmin franklin@slat.org
3. ServerName office.slat.org
4. Alias /.well-known/acme-challenge/ /var/www/letsencrypt/
5.  
6. <Directory "/opt/nextcloud">
7. Options MultiViews FollowSymlinks
8. AllowOverride All
9. Order allow,deny
10. Allow from all
11. Require all granted
12. </Directory>
13.  
14. <Directory "/var/www/letsencrypt">
15. #Options MultiViews FollowSymlinks
16. AllowOverride All
17. Order allow,deny
18. Allow from all
19. Require all granted
20. </Directory>
21.  
22. TransferLog /var/log/apache2/office_access.log
23. ErrorLog /var/log/apache2/office_error.log
24.  
25. SSLEngine on
26. SSLCertificateFile /etc/letsencrypt/live/office.slat.org/cert.pem
27. SSLCertificateKeyFile /etc/letsencrypt/live/office.slat.org/privkey.pem
28. SSLCertificateChainFile /etc/letsencrypt/live/office.slat.org/chain.pem
29. SSLProtocol all -SSLv2 -SSLv3
30. SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
31.  
32. SSLHonorCipherOrder on
33.  
34. # Encoded slashes need to be allowed
35. AllowEncodedSlashes NoDecode
36.  
37. # Container uses a unique non-signed certificate
38. SSLProxyEngine On
39. SSLProxyVerify None
40. #SSLProxyCheckPeerCN Off
41. SSLProxyCheckPeerName Off
42.  
43. # keep the host
44. ProxyPreserveHost On
45.  
46. # static html, js, images, etc. served from loolwsd
47. # loleaflet is the client part of LibreOffice Online
48. ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
49. ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
50. #ProxyPass /loleaflet http://192.168.212.59:9980/loleaflet retry=0
51. #ProxyPassReverse /loleaflet http://192.168.212.59:9980/loleaflet
52.  
53. # WOPI discovery URL
54. ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
55. ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
56. #ProxyPass /hosting/discovery http://192.168.212.59:9980/hosting/discovery retry=0
57. #ProxyPassReverse /hosting/discovery http://192.168.212.59:9980/hosting/discovery
58.  
59. # Main websocket
60. ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
61. #ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.212.59:9980/lool/$1/ws nocanon
62.  
63. # Admin Console websocket
64. ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
65. #ProxyPass /lool/adminws wss://192.168.212.59:9980/lool/adminws
66.  
67. # Download as, Fullscreen presentation and Image upload operations
68. ProxyPass /lool https://127.0.0.1:9980/lool
69. ProxyPassReverse /lool https://127.0.0.1:9980/lool
70. #ProxyPass /lool http://192.168.212.59:9980/lool
71. #ProxyPassReverse /lool http://192.168.212.59:9980/lool
72.  
73. Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
74. </VirtualHost>