watakirin/httpd-vhosts.conf

## httpd-vhosts.conf
Listen 443 https
SSLPassPhraseDialog     exec:/path/to/pass-phrase.sh
SSLSessionCache         "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

＃blog.heartprotocol.comへのhttpアクセスはhttpsへリダイレクト
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/path/to/blog.heartprotocol.com"
    ServerName blog.heartprotocol.com
    ErrorLog "|/path/to/cronolog /path/to/%Y/error-log.%m%d"
    CustomLog "|/path/to/cronolog /path/to/blog/%Y/access-log.%m%d" common

    <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
    </IfModule>

</VirtualHost>

＃blog.heartprotocol.com
<VirtualHost *:443>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/path/to/blog.heartprotocol.com"
    ServerName blog.heartprotocol.com
    ErrorLog "|/path/to/cronolog /path/to/%Y/error-log.%m%d"
    CustomLog "|/path/to/cronolog /path/to/%Y/access-log.%m%d" common

    SSLEngine on
    SSLCertificateFile      /path/to/server.crt
    SSLCertificateKeyFile   /path/to/server.key
    SSLCACertificateFile /path/to/cac.crt
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on

    Header always set Strict-Transport-Security "max-age=15768000"

    <Directory "/path/to/blog.heartprotocol.com">
        SSLOptions +StdEnvVars
        Options FollowSymLinks

        AllowOverride None
        AddType application/x-httpd-php .php
        DirectoryIndex index.php index.html

        Require all granted

        # Wordpress Rewrite Settings
        <IfModule mod_rewrite.c>
             RewriteEngine On
             RewriteBase /
             RewriteRule ^index\.php$ - [L]
             RewriteCond %{REQUEST_FILENAME} !-f
             RewriteCond %{REQUEST_FILENAME} !-d
             RewriteRule . /index.php [L]
        </IfModule>

    	<Files wp-login.php>
        Require host example.hostname.com 192.168.0.2
    	</Files>
    </Directory>


    <Location /wp-admin>
      Require host example.hostname.com 192.168.0.2
    </Location>

    <Location /xmlrpc.php>
      Require host example.hostname.com 192.168.0.2
    </Location>

    #DeflateFilterNote Input instream
    #DeflateFilterNote Output outstream
    #DeflateFilterNote Ratio ratio

    #LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
    #CustomLog /var/log/deflate_log deflate

    ExpiresActive On
    ExpiresByType text/css "access plus 14 days"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType application/x-font-ttf "access plus 30 days"
    ExpiresByType application/x-font-opentype "access plus 30 days"
    ExpiresByType application/x-font-woff "access plus 30 days"
    ExpiresByType image/svg+xml "access plus 24 days"
    ExpiresByType image/jpeg "access plus 24 days"
    ExpiresByType image/png "access plus 24 days"
    ExpiresByType image/gif "access plus 24 days"
    ExpiresByType image/x-icon "access plus 24 days"

</VirtualHost>

＃heartprotocol.com
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/path/to/heartprotocol.com"
    ServerName heartprotocol.com
    ErrorLog "/path/to/heartprotocol.com"
    CustomLog "/path/to/heartprotocol-access_log" common

    <Directory "/path/to/heartprotocol.com">
    Options  FollowSymLinks

    AllowOverride All
    DirectoryIndex index.php index.html

    Require all granted

    </Directory>
</VirtualHost>
	Listen 443 https
	SSLPassPhraseDialog exec:/path/to/pass-phrase.sh
	SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
	SSLSessionCacheTimeout 300
	SSLRandomSeed startup file:/dev/urandom 256
	SSLRandomSeed connect builtin
	SSLCryptoDevice builtin

	＃blog.heartprotocol.comへのhttpアクセスはhttpsへリダイレクト
	<VirtualHost *:80>
	ServerAdmin webmaster@dummy-host.example.com
	DocumentRoot "/path/to/blog.heartprotocol.com"
	ServerName blog.heartprotocol.com
	ErrorLog "\|/path/to/cronolog /path/to/%Y/error-log.%m%d"
	CustomLog "\|/path/to/cronolog /path/to/blog/%Y/access-log.%m%d" common

	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
	</IfModule>

	</VirtualHost>

	＃blog.heartprotocol.com
	<VirtualHost *:443>
	ServerAdmin webmaster@dummy-host.example.com
	DocumentRoot "/path/to/blog.heartprotocol.com"
	ServerName blog.heartprotocol.com
	ErrorLog "\|/path/to/cronolog /path/to/%Y/error-log.%m%d"
	CustomLog "\|/path/to/cronolog /path/to/%Y/access-log.%m%d" common

	SSLEngine on
	SSLCertificateFile /path/to/server.crt
	SSLCertificateKeyFile /path/to/server.key
	SSLCACertificateFile /path/to/cac.crt
	SSLProtocol all -SSLv2 -SSLv3
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
	SSLHonorCipherOrder on

	Header always set Strict-Transport-Security "max-age=15768000"

	<Directory "/path/to/blog.heartprotocol.com">
	SSLOptions +StdEnvVars
	Options FollowSymLinks

	AllowOverride None
	AddType application/x-httpd-php .php
	DirectoryIndex index.php index.html

	Require all granted

	# Wordpress Rewrite Settings
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
	</IfModule>

	<Files wp-login.php>
	Require host example.hostname.com 192.168.0.2
	</Files>
	</Directory>


	<Location /wp-admin>
	Require host example.hostname.com 192.168.0.2
	</Location>

	<Location /xmlrpc.php>
	Require host example.hostname.com 192.168.0.2
	</Location>

	#DeflateFilterNote Input instream
	#DeflateFilterNote Output outstream
	#DeflateFilterNote Ratio ratio

	#LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
	#CustomLog /var/log/deflate_log deflate

	ExpiresActive On
	ExpiresByType text/css "access plus 14 days"
	ExpiresByType text/javascript "access plus 1 month"
	ExpiresByType application/javascript "access plus 1 month"
	ExpiresByType application/x-javascript "access plus 1 month"
	ExpiresByType application/x-font-ttf "access plus 30 days"
	ExpiresByType application/x-font-opentype "access plus 30 days"
	ExpiresByType application/x-font-woff "access plus 30 days"
	ExpiresByType image/svg+xml "access plus 24 days"
	ExpiresByType image/jpeg "access plus 24 days"
	ExpiresByType image/png "access plus 24 days"
	ExpiresByType image/gif "access plus 24 days"
	ExpiresByType image/x-icon "access plus 24 days"

	</VirtualHost>

	＃heartprotocol.com
	<VirtualHost *:80>
	ServerAdmin webmaster@dummy-host.example.com
	DocumentRoot "/path/to/heartprotocol.com"
	ServerName heartprotocol.com
	ErrorLog "/path/to/heartprotocol.com"
	CustomLog "/path/to/heartprotocol-access_log" common

	<Directory "/path/to/heartprotocol.com">
	Options FollowSymLinks

	AllowOverride All
	DirectoryIndex index.php index.html

	Require all granted

	</Directory>
	</VirtualHost>