# This assumes Apache 2.4+
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/intermediate.cert
SSLCertificateKeyFile /etc/ssl/private/example.com.pem
SSLCACertificateFile /etc/ssl/example.com.cert
Header always set Strict-Transport-Security "max-age=15768000"
# Replace this with your actual public directory:
DocumentRoot /var/www/airship/src/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/">
RewriteEngine On
# Serve files that exist first and foremost
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*) - [L]
# Otherwise, pass to index.php
RewriteRule (.*) /index.php?$1 [L]
</Directory>
</VirtualHost>
# Mozilla recommended ciphers
# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
|
Download
