rbnor/misp-ssl.conf

## misp-ssl.conf
<VirtualHost *:80>
    ServerAdmin serveradmin@misp.local
    ServerName myservernameformydomain

    # In theory not needed, left for debug purposes
    # LogLevel warn
    # ErrorLog /var/log/apache2/misp.local_p80_error.log
    # CustomLog /var/log/apache2/misp.local_p80_access.log combined

    Header always unset "X-Powered-By"
        Redirect permanent / https://serverurl
        LogLevel warn
        ErrorLog /var/log/apache2/misp.local_error.log
        CustomLog /var/log/apache2/misp.local_access.log combined
        ServerSignature Off

</VirtualHost>

<VirtualHost *:443>
    ServerAdmin serveradmin@misp.local
    ServerName servername
    DocumentRoot /var/www/MISP/app/webroot
    <Directory /var/www/MISP/app/webroot>

        Options -Indexes
        AllowOverride all
    </Directory>
    <Location /users/login>

                AuthType Basic
                AuthBasicProvider ldap
                AuthName "LDAP Authentication"
                AuthUserFile /dev/null
                AuthLDAPURL "ldap://URL/dc=,dc=?sAMAccountName"
                AuthLDAPBindDN "CN=USERWITHREADRIGHTS,OU=,OU=,DC=,DC="
                AuthLDAPBindPassword ""
                Require valid-user
                RewriteEngine On
                RewriteCond %{REMOTE_USER} ^(.*)$
                RewriteRule ^(.*)$ - [E=R_U:%1]
                RequestHeader set X-Remote-User %{R_U}e
                SetEnv REMOTE_USER user


     </Location>


    SSLEngine On
# The line below disable unsecure Ciphers, might be enabled by default
#         SSLCipherSuite HIGH:!aNULL:!MD5
    SSLCertificateFile /etc/ssl/private/misp.local.crt
    SSLCertificateKeyFile /etc/ssl/private/misp.local.key
#    SSLCertificateChainFile /etc/ssl/private/misp-chain.crt

    LogLevel debug
    ErrorLog /var/log/apache2/misp.local_error.log
    CustomLog /var/log/apache2/misp.local_access.log combined

    ServerSignature Off

    #Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
    #Header always set X-Content-Type-Options nosniff
    #Header always set X-Frame-Options SAMEORIGIN
	<VirtualHost *:80>
	ServerAdmin serveradmin@misp.local
	ServerName myservernameformydomain

	# In theory not needed, left for debug purposes
	# LogLevel warn
	# ErrorLog /var/log/apache2/misp.local_p80_error.log
	# CustomLog /var/log/apache2/misp.local_p80_access.log combined

	Header always unset "X-Powered-By"
	Redirect permanent / https://serverurl
	LogLevel warn
	ErrorLog /var/log/apache2/misp.local_error.log
	CustomLog /var/log/apache2/misp.local_access.log combined
	ServerSignature Off

	</VirtualHost>

	<VirtualHost *:443>
	ServerAdmin serveradmin@misp.local
	ServerName servername
	DocumentRoot /var/www/MISP/app/webroot
	<Directory /var/www/MISP/app/webroot>

	Options -Indexes
	AllowOverride all
	</Directory>
	<Location /users/login>

	AuthType Basic
	AuthBasicProvider ldap
	AuthName "LDAP Authentication"
	AuthUserFile /dev/null
	AuthLDAPURL "ldap://URL/dc=,dc=?sAMAccountName"
	AuthLDAPBindDN "CN=USERWITHREADRIGHTS,OU=,OU=,DC=,DC="
	AuthLDAPBindPassword ""
	Require valid-user
	RewriteEngine On
	RewriteCond %{REMOTE_USER} ^(.*)$
	RewriteRule ^(.*)$ - [E=R_U:%1]
	RequestHeader set X-Remote-User %{R_U}e
	SetEnv REMOTE_USER user



	</Location>



	SSLEngine On
	# The line below disable unsecure Ciphers, might be enabled by default
	# SSLCipherSuite HIGH:!aNULL:!MD5
	SSLCertificateFile /etc/ssl/private/misp.local.crt
	SSLCertificateKeyFile /etc/ssl/private/misp.local.key
	# SSLCertificateChainFile /etc/ssl/private/misp-chain.crt

	LogLevel debug
	ErrorLog /var/log/apache2/misp.local_error.log
	CustomLog /var/log/apache2/misp.local_access.log combined

	ServerSignature Off

	#Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
	#Header always set X-Content-Type-Options nosniff
	#Header always set X-Frame-Options SAMEORIGIN