-
-
Save jpcastberg/a3fd0486435cd5fd8ef786d9327b6193 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PidFile /var/run/httpd.pid | |
| Include /usr/local/etc/apache24/modules.conf | |
| Include /usr/local/etc/apache24/extra/httpd-userdir.conf | |
| Include /usr/local/etc/apache24/extra/httpd-autoindex.conf | |
| DirectoryIndex index.html index.php | |
| ErrorLog /var/log/http/error.log | |
| LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{ms}T" combined | |
| CustomLog /var/log/http/access.log combined | |
| LogLevel warn | |
| LogFormat "%{cache-status}e %h %l %u %t \"%r\" %>s %b" cachelog | |
| CustomLog /var/log/http/modcache-cached.log cachelog env=cache-hit | |
| CustomLog /var/log/http/modcache-uncached.log cachelog env=cache-miss | |
| CustomLog /var/log/http/modcache-revalidated.log cachelog env=cache-revalidate | |
| CustomLog /var/log/http/modcache-invalidated.log cachelog env=cache-invalidate | |
| User www | |
| Group www | |
| ServerTokens Prod | |
| ServerAdmin support@company.net | |
| ServerName company.net | |
| ExpiresByType image/gif "access plus 1 week" | |
| ExpiresByType image/x-icon "access plus 1 week" | |
| RedirectMatch "^/scripts/" https://www.fbi.gov/ | |
| # ------------------------------------------------------------------------ | |
| Listen *:80 | |
| Listen *:443 | |
| # global SSL crap | |
| AddType application/x-x509-ca-cert .crt | |
| AddType application/x-pkcs7-crl .crl | |
| SSLPassPhraseDialog builtin | |
| SSLSessionCache dbm:/var/log/ssl_scache | |
| SSLSessionCacheTimeout 300 | |
| SSLRandomSeed startup builtin | |
| SSLRandomSeed connect builtin | |
| DocumentRoot "/www/company.net/docs" | |
| <IfModule mpm_event_module> | |
| Protocols h2 http/1.1 | |
| ServerLimit 16 | |
| MaxClients 400 | |
| StartServers 3 | |
| ThreadsPerChild 25 | |
| ThreadLimit 64 | |
| H2StreamMaxMemSize 4194304 | |
| </IfModule> | |
| # Important to cache long PHP queries! | |
| <IfModule mod_cache.c> | |
| CacheQuickHandler off | |
| CacheRoot /www/cache | |
| CacheEnable disk / | |
| CacheDirLevels 2 | |
| CacheDirLength 1 | |
| CacheHeader on | |
| </IfModule> | |
| <IfModule mod_proxy_fcgi.c> | |
| <FilesMatch \.php> | |
| SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 | |
| SetHandler proxy:unix:/var/run/php-fpm.socket|fcgi://localhost/ | |
| </FilesMatch> | |
| <Proxy "fcgi://localhost/" enablereuse=off flushpackets=on ttl=90> | |
| </Proxy> | |
| </IfModule> | |
| <IfModule !mod_proxy_fcgi.c> | |
| Error "mod_proxy_fcgi.c is required to run out PHP. Load it with LoadModule." | |
| </IfModule> | |
| <Directory "/www/company.net/docs"> | |
| Order allow,deny | |
| Allow from all | |
| Options FollowSymLinks Indexes Includes | |
| AllowOverride AuthConfig FileInfo Limit Indexes | |
| # Allow tickets or other sites to cross-site access resources on this server | |
| </Directory> | |
| AddHandler cgi-script .cgi .pl .py | |
| ScriptAlias /cgi-bin/ "/www/company.net/cgi-bin/" | |
| <Directory "/www/company.net/cgi-bin"> | |
| AllowOverride None | |
| Options None | |
| Order allow,deny | |
| Allow from all | |
| SetEnvIfNoCase Request_URI \.pl$ no-gzip dont-vary | |
| </Directory> | |
| <VirtualHost *:443> | |
| ServerName company.net | |
| ServerAdmin support@company.net | |
| # SSL crap | |
| SSLEngine on | |
| SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 | |
| SSLCertificateFile /usr/local/etc/apache24/wildcard-cert/company.net-cert.pem | |
| SSLCertificateKeyFile /usr/local/etc/apache24/wildcard-cert/company.net-key.pem | |
| SSLCertificateChainFile /usr/local/etc/apache24/wildcard-cert/company.net-fullchain.pem | |
| <Files ~ "\.(cgi|pl|shtml|phtml|php3?)$"> | |
| SSLOptions +StdEnvVars | |
| </Files> | |
| <Directory "/usr/local/www/cgi-bin"> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| <Location "/login.html"> | |
| Satisfy Any | |
| Require all granted | |
| </Location> | |
| <Location "/logout"> | |
| SetHandler form-logout-handler | |
| AuthName "Ops" | |
| AuthFormLogoutLocation "https://company.net/" | |
| Session on | |
| SessionCookieName ops_session domain=.company.net;path=/;httponly;samesite=strict;secure; | |
| </Location> | |
| <Directory "/"> | |
| AuthName "Ops" | |
| # Do form auth for browsers only | |
| <If "%{HTTP:User-Agent} =~ /^Mozilla/> | |
| AuthType form | |
| AuthUserFile "/www/company.net/htpasswd" | |
| AuthFormProvider file | |
| ErrorDocument 401 "/login.html" | |
| Session On | |
| SessionMaxAge 10 | |
| SessionExpiryUpdateInterval 5 | |
| SessionCookieName ops_session domain=.company.net;path=/;httponly;samesite=strict;secure; | |
| Require valid-user | |
| </If> | |
| <Else> | |
| # Retain basic auth for scripts | |
| AuthType Basic | |
| AuthUserFile /www/company.net/htpasswd | |
| AuthGroupFile /dev/null | |
| Require valid-user | |
| </Else> | |
| <IfModule mod_deflate.c> | |
| AddOutputFilterByType DEFLATE application/rrd | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/json | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/javascript | |
| AddOutputFilterByType DEFLATE text/plain | |
| AddOutputFilterByType DEFLATE text/xml | |
| AddOutputFilterByType DEFLATE image/svg+xml | |
| </IfModule> | |
| </Directory> | |
| <Location /server-status> | |
| SetHandler server-status | |
| </Location> | |
| RedirectMatch "^/include.*php" http://www.idefense.com/?redirected=CAN-2005-1524 | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment