Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <VirtualHost *:80>
- ServerAdmin droz00@vse.cz
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- RewriteEngine on
- RewriteCond %{SERVER_NAME} =bis018.vse.cz
- RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
- </VirtualHost>
- <VirtualHost *:443>
- ServerAdmin droz00@vse.cz
- # DocumentRoot /var/www/html
- ProxyPreserveHost On
- ProxyPassMatch ^/lam !
- ProxyPassMatch ^/heslo.php !
- ProxyPass / http://127.0.0.1:3000/
- ProxyPassReverse / http://127.0.0.1:3OOO/
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- ServerName bis018.vse.cz
- SSLCertificateFile /etc/letsencrypt/live/bis018.vse.cz/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/bis018.vse.cz/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- SSLEngine on
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
- SSLHonorCipherOrder off
- SSLSessionTickets off
- SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:D$
- SSLHonorCipherOrder on
- SSLCompression off
- SSLOptions +StrictRequire
- Protocols h2 http/1.1
- Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains"
- Header set Content-Security-Policy "upgrade-insecure-requests;"
- Header set X-Content-Type-Options nosniff
- Header always set Referrer-Policy "strict-origin-when-cross-origin"
- Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://bis018.vse.cz"
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
- LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
- </VirtualHost>
- SSLUseStapling On
- SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement