Skip to content

Instantly share code, notes, and snippets.

@malavolti
Last active October 4, 2019 14:03
Show Gist options
  • Save malavolti/2f5ebf26f29919b3570b7fd9e0cc78c7 to your computer and use it in GitHub Desktop.
Save malavolti/2f5ebf26f29919b3570b7fd9e0cc78c7 to your computer and use it in GitHub Desktop.
<VirtualHost *:80>
ServerName "sp-<NUM>.aai-test.garr.it"
Redirect permanent "/" "https://sp-<NUM>.aai-test.garr.it/"
</VirtualHost>
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/ocsp(128000)
<VirtualHost *:443>
ServerName sp-<NUM>.aai-test.garr.it:443
ServerAdmin admin@aai-test.garr.it
DocumentRoot /var/www/html/sp-<NUM>.aai-test.garr.it
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLHonorCipherOrder on
# Disable SSL Compression
SSLCompression Off
# OCSP Stapling, only in httpd/apache >= 2.3.3
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
# Enable HTTP Strict Transport Security with a 2 year duration
Header always set Strict-Transport-Security "max-age=63072000;includeSubDomains;preload"
SSLCertificateFile /etc/ssl/certs/sp-<NUM>.aai-test.garr.it.crt
SSLCertificateKeyFile /etc/ssl/private/sp-<NUM>.aai-test.garr.it.key
SSLCACertificateFile /etc/ssl/certs/myCA.pem
</VirtualHost>
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment