Skip to content

Instantly share code, notes, and snippets.

@heypete
Last active August 29, 2016 07:38
Show Gist options
  • Save heypete/820641761a88597603edff59cae6463f to your computer and use it in GitHub Desktop.
Save heypete/820641761a88597603edff59cae6463f to your computer and use it in GitHub Desktop.
ams.sks.heypete.com TLS configuration
<VirtualHost *:443>
ServerName ams.sks.heypete.com
ServerAlias hkps.pool.sks-keyservers.net pool.sks-keyservers.net *.pool.sks-keyservers.net
CustomLog /var/log/apache2/sks443_access.log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x"
SSLEngine On
#RSA Certificate
SSLCertificateFile /home/pete/sks-ssl/2015-2016/hkps.pool.sks-keyservers.net.crt
SSLCertificateKeyFile /home/pete/sks-ssl/2015-2016/hkps.pool.sks-keyservers.net.key
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
## Reasonably strong, all PFS.
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 \
EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
#
##Mozilla Intermediate
##SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256$
#
#
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:11371/
ProxyPassReverse / http://127.0.0.1:11371/
ProxyVia On
SetEnv proxy-nokeepalive 1
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment