ServerName faivre.ml ServerAlias www.faivre.ml DocumentRoot /home/www/ml.faivre/root #Redirect permanent / https://faivre.ml/ RewriteEngine On RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] ErrorLog ${APACHE_LOG_DIR}/faivre.ml-error.log CustomLog ${APACHE_LOG_DIR}/faivre.ml-access.log combined ServerName faivre.ml ServerAlias www.faivre.ml DocumentRoot /home/www/ml.faivre/root # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/faivre.ml-error.log CustomLog ${APACHE_LOG_DIR}/faivre.ml-access.log combined SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/letsencrypt/live/faivre.ml/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/faivre.ml/privkey.pem # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt SSLRequireSSL On SSLVerifyClient none SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted SSLRenegBufferSize 10486000 Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" SecRequestBodyNoFilesLimit 5242880 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet