HTTPS domain settings on Apache 2.4.7: https://adactio.com/journal/10727
<VirtualHost *:80> | |
ServerAdmin you@yourdomain.com | |
ServerName yourdomain.com | |
ServerAlias www.yourdomain.com | |
DocumentRoot /path/to/yourdomain | |
Redirect / https://yourdomain.com/ | |
</VirtualHost> | |
<VirtualHost *:443> | |
ServerAdmin you@yourdomain.com | |
ServerName yourdomain.com | |
ServerAlias www.yourdomain.com | |
DocumentRoot /path/to/yourdomain/ | |
<Directory /path/to/yourdomain/> | |
AllowOverride All | |
Require all granted | |
<IfModule mod_headers.c> | |
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
</IfModule> | |
</Directory> | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem | |
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem | |
SSLCACertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem | |
SSLProtocol all | |
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP | |
SSLHonorCipherOrder on | |
SSLCompression off | |
SSLUseStapling on | |
</VirtualHost> | |
SSLStaplingResponderTimeout 5 | |
SSLStaplingReturnResponderErrors off | |
SSLStaplingCache shmcb:/var/run/ocsp(128000) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment