HTTPS domain settings on Apache 2.4.7: https://adactio.com/journal/10727
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerAdmin you@yourdomain.com | |
| ServerName yourdomain.com | |
| ServerAlias www.yourdomain.com | |
| DocumentRoot /path/to/yourdomain | |
| Redirect / https://yourdomain.com/ | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerAdmin you@yourdomain.com | |
| ServerName yourdomain.com | |
| ServerAlias www.yourdomain.com | |
| DocumentRoot /path/to/yourdomain/ | |
| <Directory /path/to/yourdomain/> | |
| AllowOverride All | |
| Require all granted | |
| <IfModule mod_headers.c> | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
| </IfModule> | |
| </Directory> | |
| SSLEngine on | |
| SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem | |
| SSLCACertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem | |
| SSLProtocol all | |
| SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP | |
| SSLHonorCipherOrder on | |
| SSLCompression off | |
| SSLUseStapling on | |
| </VirtualHost> | |
| SSLStaplingResponderTimeout 5 | |
| SSLStaplingReturnResponderErrors off | |
| SSLStaplingCache shmcb:/var/run/ocsp(128000) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment