91 lines
3.1 KiB
Plaintext
91 lines
3.1 KiB
Plaintext
# --- <FULL-QUALIFIED-SITE-NAME>
|
|
|
|
<VirtualHost <IPV4-ADDRESS>:80 [IPV6-ADDRESS]:80>
|
|
|
|
ServerAdmin admin@oopen.de
|
|
|
|
ServerName <FULL-QUALIFIED-SITE-NAME>
|
|
|
|
RewriteEngine on
|
|
RewriteCond %{HTTPS} !=on
|
|
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
|
|
|
|
CustomLog /var/log/apache2/ip_requests.log base_requests
|
|
|
|
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-access.log combined
|
|
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
|
|
|
|
</VirtualHost>
|
|
|
|
<VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>
|
|
|
|
ServerAdmin admin@oopen.de
|
|
|
|
ServerName <FULL-QUALIFIED-SITE-NAME>
|
|
|
|
#ProxyErrorOverride On
|
|
|
|
<FilesMatch \.php$>
|
|
SetHandler "proxy:unix:/tmp/php-7.4-fpm.www.sock|fcgi://127.0.0.1"
|
|
</FilesMatch>
|
|
|
|
<IfModule dir_module>
|
|
DirectoryIndex index.php index.html index.htm
|
|
</IfModule>
|
|
|
|
DocumentRoot /var/www/<FULL-QUALIFIED-SITE-NAME>/htdocs
|
|
<Directory "/var/www/<FULL-QUALIFIED-SITE-NAME>/htdocs">
|
|
Require all granted
|
|
AllowOverride All
|
|
Options FollowSymLinks MultiViews
|
|
</Directory>
|
|
|
|
# - HTTP Strict Transport Security (HSTS)
|
|
# -
|
|
# - HSTS tells a browser that the website should only be accessed through
|
|
# - a secure connection. The HSTS header will be remembered by a standard
|
|
# compliant browser for max-age seconds.
|
|
# -
|
|
# - Remember this settings for 1/2 year
|
|
# -
|
|
#Header add Strict-Transport-Security "max-age=15768000"
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
|
|
# - Referrer-Policy
|
|
# -
|
|
# - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
|
# - https://www.w3.org/TR/referrer-policy/
|
|
# -
|
|
# - Referrer Policy is a new header that allows a site to control how
|
|
# - much information the browser includes with navigations away from
|
|
# - a document and should be set by all sites.
|
|
# -
|
|
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
|
|
# - field that identifies the address of the webpage (i.e. the URI or IRI) that
|
|
# - linked to the resource being requested. By checking the referrer, the new
|
|
# - webpage can see where the request originated.
|
|
# -
|
|
# - For a complete list and explanation of values, see urls above
|
|
# -
|
|
# - Example: "no-referrer-when-downgrade"
|
|
# - The browser will not send the referrer header when navigating
|
|
# - from HTTPS to HTTP, but will always send the full URL in the
|
|
# - referrer header when navigating from HTTP to any origin. It
|
|
# - doesn't matter whether the source and destination are the same
|
|
# - site or not, only the scheme.
|
|
# -
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem
|
|
SSLCertificateKeyFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem
|
|
|
|
|
|
CustomLog /var/log/apache2/ip_requests.log base_requests
|
|
|
|
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-access.log combined
|
|
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
|
|
|
|
</VirtualHost>
|