Skip to content

Instantly share code, notes, and snippets.

@growtopiajaw

growtopiajaw/bitnami.conf

Last active June 7, 2019 13:24
Show Gist options
  • Save growtopiajaw/c76e57530eeb349a993b31046fe4f822 to your computer and use it in GitHub Desktop.
Save growtopiajaw/c76e57530eeb349a993b31046fe4f822 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bitnami.conf
Listen 443
SSLProtocol TLSv1.2
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1
SSLHonorCipherOrder on
SSLCipherSuite "!ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA256"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLCompression off
SSLSessionTickets off
SSLStaplingCache shmcb:/opt/bitnami/apache2/logs/ssl_stapling_cache(128000)
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/gjaw.duckdns.org.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/gjaw.duckdns.org.key"
SSLUseStapling on
SSLStaplingReturnResponderErrors off
SSLStaplingResponderTimeout 5
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
Protocols h2 h2c http/1.1
Header unset X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
Header unset X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
Header unset X-Robots-Tag
Header always set X-Robots-Tag "none"
Header unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"
Header unset X-Download-Options
Header always set X-Download-Options "noopen"
Header unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
Header unset Referrer-Policy
Header always set Referrer-Policy "no-referrer"
Header unset Strict-Transport-Security
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header unset Public-Key-Pins
Header always set Public-Key-Pins "pin-sha256=\"kwNGViixMkMzLE4zGSy7nW3oQgprJLUs33xlKoUtxiM=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; max-age=31536000; includeSubDomains; always"
Header unset Content-Security-Policy
Header always set Content-Security-Policy "default-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self' data:"
Header unset Feature-Policy
Header always set Feature-Policy "fullscreen 'none'"
</VirtualHost>
# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment