SSL Offload by Apache2.4.44

example.com.conf

#
# この設定を有効化するには、mod_proxyとmod_proxy_httpが必要です。
#
ProxyRequests Off
ProxyPreserveHost On
Listen 8000
<VirtualHost *:8000>
  ServerName example.com
  ProxyPass / http://192.168.XXX.XXX:8000/
  # ポートベースのProxyなので、Reverseの設定は不要(転送前後でパスが変わらないので)
  #ProxyPassReverse / http://192.168.XXX.XXX:8000/

  ErrorLog /var/log/apache2/proxy-error.log
  CustomLog /var/log/apache2/proxy-access.log common

  # 転送先にhttpsアクセスであることを伝える
  RequestHeader set X_FORWARDED_PROTO 'https'

    #security header
    Header always append X-FRAME-OPTIONS SAMEORIGIN
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Content-Type-Options nosniff

    # SSL証明書関連
    SSLEngine on
    SSLCompression          off
    SSLCertificateFile      /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem

    Protocols h2 http/1.1
    ProtocolsHonorOrder on

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
# modern configuration
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder     on
SSLSessionTickets       off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)