From 73763acdaa6a87c5de6b8608f252dbbbec08e785 Mon Sep 17 00:00:00 2001 From: Marius Date: Mon, 22 May 2017 22:11:43 +0200 Subject: [PATCH] Update apache2.conf --- .infra/files/apache2.conf | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/.infra/files/apache2.conf b/.infra/files/apache2.conf index 761bf11..9718504 100644 --- a/.infra/files/apache2.conf +++ b/.infra/files/apache2.conf @@ -1,15 +1,17 @@ +# Please make sure that you have the modules mod_ssl, mod_headers, +# mod_proxy and mod_proxy_http enabled. If not, you can use following +# command: +# $ sudo a2enmod ssl headers proxy proxy_http + - ServerAdmin XXXXXXXXXX - ServerName XXXXXXXXXX - ServerAlias XXXXXXXXXX - DocumentRoot XXXXXXXXXX + ServerName localhost # Enable secure communication using HTTPS + # Adjust the paths to the certificates files to your environment SSLEngine on - SSLCertificateFile XXXXXXXXXX - SSLCertificateKeyFile XXXXXXXXXX - SSLCACertificateFile XXXXXXXXXX - + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + # Tell tusd that the HTTPS protocol is used, in order to # allow constructing correct upload URLs. RequestHeader set X-Forwarded-Proto "https" @@ -18,3 +20,16 @@ ProxyPass /files http://localhost:1080/files ProxyPassReverse /files http://localhost:1080/files + +# This SSL configuration has been taken from Mozilla SSL Generator: +# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1e&hsts=no&profile=intermediate +SSLProtocol all -SSLv3 +SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-$ +SSLHonorCipherOrder on +SSLCompression off + +# OCSP Stapling, only in httpd 2.3.3 and later +SSLUseStapling on +SSLStaplingResponderTimeout 5 +SSLStaplingReturnResponderErrors off +SSLStaplingCache shmcb:/var/run/ocsp(128000)