Update apache2.conf

This commit is contained in:
Marius 2017-05-22 22:11:43 +02:00 committed by GitHub
parent ac110932a4
commit 73763acdaa
1 changed files with 23 additions and 8 deletions

View File

@ -1,15 +1,17 @@
# Please make sure that you have the modules mod_ssl, mod_headers,
# mod_proxy and mod_proxy_http enabled. If not, you can use following
# command:
# $ sudo a2enmod ssl headers proxy proxy_http
<VirtualHost *:443> <VirtualHost *:443>
ServerAdmin XXXXXXXXXX ServerName localhost
ServerName XXXXXXXXXX
ServerAlias XXXXXXXXXX
DocumentRoot XXXXXXXXXX
# Enable secure communication using HTTPS # Enable secure communication using HTTPS
# Adjust the paths to the certificates files to your environment
SSLEngine on SSLEngine on
SSLCertificateFile XXXXXXXXXX SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile XXXXXXXXXX SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCACertificateFile XXXXXXXXXX
# Tell tusd that the HTTPS protocol is used, in order to # Tell tusd that the HTTPS protocol is used, in order to
# allow constructing correct upload URLs. # allow constructing correct upload URLs.
RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Proto "https"
@ -18,3 +20,16 @@
ProxyPass /files http://localhost:1080/files ProxyPass /files http://localhost:1080/files
ProxyPassReverse /files http://localhost:1080/files ProxyPassReverse /files http://localhost:1080/files
</VirtualHost> </VirtualHost>
# This SSL configuration has been taken from Mozilla SSL Generator:
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.1&openssl=1.0.1e&hsts=no&profile=intermediate
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-$
SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)