Created
January 22, 2019 22:05
-
-
Save indie/adb228527f17cb12a84bec3452028e92 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerName ecosteader.com | |
ServerAlias ecosteader.com | |
Redirect Permanent / https://ecosteader.com/ | |
</VirtualHost> | |
<IfModule mod_ssl.c> | |
SSLStaplingCache shmcb:/tmp/stapling_cache(128000) | |
<VirtualHost *:443> | |
ServerName ecosteader.com | |
DocumentRoot /home/mastodon/live/public/ | |
#### DONT USE THIS CRAP OUTSIDE A MODULE | |
# Header always set Strict-Transport-Security "max-age=31536000" | |
# Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
##### | |
<IfModule mod_headers.c> | |
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" | |
Header always set Referrer-Policy "strict-origin-when-cross-origin" | |
</IfModule> | |
##### | |
# Header unset | |
# ETagFileETag none | |
#### | |
SSLEngine on | |
SSLProtocol -all +TLSv1.2 | |
SSLHonorCipherOrder on | |
SSLCipherSuite EECDH+AESGCM:AES256+EECDH:AES128+EECDH | |
SSLUseStapling on | |
SSLStaplingResponderTimeout 5 | |
SSLStaplingReturnResponderErrors off | |
SSLCertificateFile /etc/ssl/certs/xxxxxx.crt | |
SSLCertificateKeyFile /etc/ssl/private/xxxxxxx.key | |
<LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)> | |
Header always set Cache-Control "public, max-age=31536000, immutable" | |
Require all granted | |
</LocationMatch> | |
ProxyPreserveHost On | |
RequestHeader set X-Forwarded-Proto "https" | |
ProxyPass /500.html ! | |
ProxyPass /sw.js ! | |
ProxyPass /robots.txt ! | |
ProxyPass /manifest.json ! | |
ProxyPass /browserconfig.xml ! | |
ProxyPass /mask-icon.svg ! | |
ProxyPassMatch ^(/.*\.(png|ico)$) ! | |
ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) ! | |
ProxyPass /api/v1/streaming/ ws://localhost:4000/ | |
ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/ | |
ProxyPass / http://localhost:3000/ | |
ProxyPassReverse / http://localhost:3000/ | |
ErrorDocument 500 /500.html | |
ErrorDocument 501 /500.html | |
ErrorDocument 502 /500.html | |
ErrorDocument 503 /500.html | |
ErrorDocument 504 /500.html | |
# Log file locations | |
LogLevel warn | |
ErrorLog /srvr/ecosteader.com/log/error.log | |
CustomLog /srvr/ecosteader.com/log/access.log combined | |
</VirtualHost> | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment