bruno/sysconfig
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
c32c2c5fe60e727d8a6b1cb2f9a94785f6945008
sysconfig/damia/etc/apache2/sites-available/eu.bm39.conf
Bruno Raoult c32c2c5fe6 new bm39.eu domain
2021-03-22 08:22:25 +01:00

75 lines
2.5 KiB
ApacheConf
Raw Blame History

<VirtualHost *:80>
ServerName bm39.eu
ServerAlias www.bm39.eu
DocumentRoot /mnt/my-mountpoint/www/eu.bm39/root
#Redirect permanent / https://bm39.eu/
RedirectMatch permanent ^(?!/\.well-known/acme-challenge/).* https://bm39.eu$0
ErrorLog ${APACHE_LOG_DIR}/error-bm39.log
CustomLog ${APACHE_LOG_DIR}/access-bm39.log combined
Alias /.well-known/ /home/www/well-known/.well-known/
<Directory /home/www/well-known/>
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName bm39.eu
ServerAlias www.bm39.eu
DocumentRoot /mnt/my-mountpoint/www/eu.bm39/root
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/bm39-error.log
CustomLog ${APACHE_LOG_DIR}/bm39-access.log combined
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/bm39.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bm39.eu/privkey.pem
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
<Location />
SSLRequireSSL On
SSLVerifyClient none
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>
<Directory /mnt/my-mountpoint/www/eu.bm39/root>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
<IfModule mod_security2.c>
SecRequestBodyNoFilesLimit 5242880
</IfModule>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Reference in New Issue View Git Blame Copy Permalink