/yourdomain.com.conf
Last active Dec 13, 2016
HTTPS domain settings on Apache 2.4.7: https://adactio.com/journal/10727
| <VirtualHost *:80> | |
| ServerAdmin you@yourdomain.com | |
| ServerName yourdomain.com | |
| ServerAlias www.yourdomain.com | |
| DocumentRoot /path/to/yourdomain | |
| Redirect / https://yourdomain.com/ | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerAdmin you@yourdomain.com | |
| ServerName yourdomain.com | |
| ServerAlias www.yourdomain.com | |
| DocumentRoot /path/to/yourdomain/ | |
| <Directory /path/to/yourdomain/> | |
| AllowOverride All | |
| Require all granted | |
| <IfModule mod_headers.c> | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
| </IfModule> | |
| </Directory> | |
| SSLEngine on | |
| SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem | |
| SSLCACertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem | |
| SSLProtocol all | |
| SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP | |
| SSLHonorCipherOrder on | |
| SSLCompression off | |
| SSLUseStapling on | |
| </VirtualHost> | |
| SSLStaplingResponderTimeout 5 | |
| SSLStaplingReturnResponderErrors off | |
| SSLStaplingCache shmcb:/var/run/ocsp(128000) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment