SuperX
/
BI_Maintenance
6
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity
Sammlung von Shellscripten und Werkzeugen zur SuperX/BI Webanwendung
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
0 Tags
441 KiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
BI_Maintenance/superx-ansible/config-files/apache/ssl/default-ssl.conf

72 lines
2.5 KiB
Raw Permalink Blame History

# generated 2023-08-21, Mozilla Guideline v5.7, Apache 2.4.41, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1k&guideline=5.7
# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
ServerAdmin webmaster@localhost
DocumentRoot /var/www/kivitendo-erp
AddHandler fcgid-script .fpl
FcgidMaxRequestLen 10485760
FcgidIOTimeout 32000
AliasMatch ^/[^/]+\.pl /var/www/kivitendo-erp/dispatcher.fpl
Alias [^/] /var/www/kivitendo-erp/
# disallow access to .git or config for all cases
<DirectoryMatch "(\.git|config)/">
Require all denied
</DirectoryMatch>
<Directory /var/www/kivitendo-erp>
SSLRequireSSL
Options ExecCGI Includes FollowSymlinks
AllowOverride All
Require all granted
</Directory>
{% if use_basic_auth == true %}
<Location "/*">
AuthUserFile /etc/apache2/.htpasswd
AuthName "Please authenticate"
AuthType Basic
Require valid-user
</Location>
{% endif %}
<DirectoryMatch /var/www/kivitendo-erp/users>
Order Deny,Allow
Deny from All
</DirectoryMatch>
SSLCertificateFile {{ ssl.CertFile }}
SSLCertificateKeyFile {{ ssl.CertKey }}
SSLCertificateChainFile {{ ssl.ChainFile }}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet