Last active
June 7, 2019 13:24
-
-
Save growtopiajaw/c76e57530eeb349a993b31046fe4f822 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Listen 443 | |
SSLProtocol TLSv1.2 | |
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1 | |
SSLHonorCipherOrder on | |
SSLCipherSuite "!ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA256" | |
SSLPassPhraseDialog builtin | |
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)" | |
SSLSessionCacheTimeout 300 | |
SSLCompression off | |
SSLSessionTickets off | |
SSLStaplingCache shmcb:/opt/bitnami/apache2/logs/ssl_stapling_cache(128000) | |
<VirtualHost _default_:443> | |
DocumentRoot "/opt/bitnami/apache2/htdocs" | |
SSLEngine on | |
SSLCertificateFile "/opt/bitnami/apache2/conf/gjaw.duckdns.org.crt" | |
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/gjaw.duckdns.org.key" | |
SSLUseStapling on | |
SSLStaplingReturnResponderErrors off | |
SSLStaplingResponderTimeout 5 | |
<Directory "/opt/bitnami/apache2/htdocs"> | |
Options Indexes FollowSymLinks | |
AllowOverride All | |
<IfVersion < 2.3 > | |
Order allow,deny | |
Allow from all | |
</IfVersion> | |
<IfVersion >= 2.3 > | |
Require all granted | |
</IfVersion> | |
</Directory> | |
# Error Documents | |
ErrorDocument 503 /503.html | |
# Bitnami applications installed with a prefix URL (default) | |
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf" | |
Protocols h2 h2c http/1.1 | |
Header unset X-Content-Type-Options | |
Header always set X-Content-Type-Options "nosniff" | |
Header unset X-XSS-Protection | |
Header always set X-XSS-Protection "1; mode=block" | |
Header unset X-Robots-Tag | |
Header always set X-Robots-Tag "none" | |
Header unset X-Frame-Options | |
Header always set X-Frame-Options "SAMEORIGIN" | |
Header unset X-Download-Options | |
Header always set X-Download-Options "noopen" | |
Header unset X-Permitted-Cross-Domain-Policies | |
Header always set X-Permitted-Cross-Domain-Policies "none" | |
Header unset Referrer-Policy | |
Header always set Referrer-Policy "no-referrer" | |
Header unset Strict-Transport-Security | |
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" | |
Header unset Public-Key-Pins | |
Header always set Public-Key-Pins "pin-sha256=\"kwNGViixMkMzLE4zGSy7nW3oQgprJLUs33xlKoUtxiM=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; max-age=31536000; includeSubDomains; always" | |
Header unset Content-Security-Policy | |
Header always set Content-Security-Policy "default-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self' data:" | |
Header unset Feature-Policy | |
Header always set Feature-Policy "fullscreen 'none'" | |
</VirtualHost> | |
# Bitnami applications that uses virtual host configuration | |
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment