Last active
August 29, 2015 14:07
-
-
Save alexcreek/0dde145ed7b2c9850608 to your computer and use it in GitHub Desktop.
SSL enabled virtualhost template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
ServerName securesite.com | |
ServerAlias www.securesite.com | |
DocumentRoot /var/www/securesite.com | |
# OCSP Stapling | |
SSLStaplingCache shmcb:/tmp/stapling_cache(128000) # place outside <virtualhost></virtualhost> | |
SSLCACertificateFile /etc/ssl/ca-certs.pem | |
SSLUseStapling on | |
# HSTS | |
# needs a redirect from a non-https vhost | |
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
# SSL | |
SSLEngine on | |
SSLCompression off | |
SSLInsecureRenegotiation off | |
SSLCertificateFile /etc/apache2/ssl/cert.pem | |
SSLCertificateKeyFile /etc/apache2/ssl/cert.pem | |
SSLCACertificateFile /etc/apache2/ssl/ca-certs.pem | |
SSLHonorCipherOrder on | |
SSLProtocol all -SSLv2 -SSLv3 | |
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations | |
# Best | |
#SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK | |
# Compatible | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment