pdostal/VirtualHost

## apache.conf
Listen 444

## cacert
openssl genrsa -out private.pem 4096
openssl req -new -key private.pem -out csr.pem

# /etc/apache2/ssl/CAcert_chain.pem
# /etc/apache2/ssl/pavel_pdostal.crt
# /etc/apache2/ssl/pavel_pdostal.key

## VirtualHost
<VirtualHost *:444>
	ServerAdmin pdostal@pdostal.cz
	ServerName pdostal.cz
	ServerAlias pdostal.cz *.pdostal.cz

	DocumentRoot /home/pavel/www/pdostal.cz/current/public

	<Location /home/pavel/www/pdostal.cz/current>
		PassengerAppRoot /home/pavel/www/pdostal.cz/current
		RackBaseURI /
		Options -MultiViews
		RailsEnv production
	</Location>

	ErrorLog ${APACHE_LOG_DIR}/pavel_pdostal_www443_error.log
	CustomLog ${APACHE_LOG_DIR}/pavel_pdostal_www443_access.log common
	PassengerPreStart https://pdostal.cz/?no_analytics=1

	SSLEngine on

	SSLCertificateFile /etc/apache2/ssl/pavel_pdostal.crt
	SSLCertificateKeyFile /etc/apache2/ssl/pavel_pdostal.key
	SSLCertificateChainFile /etc/apache2/ssl/CAcert_chain.crt

	# https://bettercrypto.org/static/applied-crypto-hardening.pdf
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	SSLCompression off
	Header set Strict-Transport-Security "max-age=15768000"
#	SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+\
#		\aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!\
#		\eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256\
#		\-SHA:CAMELLIA128-SHA:AES128-SHA'
</VirtualHost>
	openssl genrsa -out private.pem 4096
	openssl req -new -key private.pem -out csr.pem

	# /etc/apache2/ssl/CAcert_chain.pem
	# /etc/apache2/ssl/pavel_pdostal.crt
	# /etc/apache2/ssl/pavel_pdostal.key
	<VirtualHost *:444>
	ServerAdmin pdostal@pdostal.cz
	ServerName pdostal.cz
	ServerAlias pdostal.cz *.pdostal.cz

	DocumentRoot /home/pavel/www/pdostal.cz/current/public

	<Location /home/pavel/www/pdostal.cz/current>
	PassengerAppRoot /home/pavel/www/pdostal.cz/current
	RackBaseURI /
	Options -MultiViews
	RailsEnv production
	</Location>

	ErrorLog ${APACHE_LOG_DIR}/pavel_pdostal_www443_error.log
	CustomLog ${APACHE_LOG_DIR}/pavel_pdostal_www443_access.log common
	PassengerPreStart https://pdostal.cz/?no_analytics=1

	SSLEngine on

	SSLCertificateFile /etc/apache2/ssl/pavel_pdostal.crt
	SSLCertificateKeyFile /etc/apache2/ssl/pavel_pdostal.key
	SSLCertificateChainFile /etc/apache2/ssl/CAcert_chain.crt

	# https://bettercrypto.org/static/applied-crypto-hardening.pdf
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	SSLCompression off
	Header set Strict-Transport-Security "max-age=15768000"
	# SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+\
	# \aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!\
	# \eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256\
	# \-SHA:CAMELLIA128-SHA:AES128-SHA'
	</VirtualHost>