Httpd - dtype.org

From dtype.org
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

TLS

Handled by letsencrypt, updated monthly on cron.

apache2 conf

<VirtualHost *:80>
	ServerName dtype.org
	ServerAlias www.dtype.org
	DocumentRoot /opt/www/dtype.org/
	<Directory /opt/www/dtype.org/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Require all granted
	</Directory>
	CustomLog /var/log/apache2/dtype.org-access.log combined
	ErrorLog /var/log/apache2/dtype.org-error.log
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	# Header always set Strict-Transport-Security "max-age=15552000; includeSubdomains; preload"
</VirtualHost>


<VirtualHost *:443>
	ServerName dtype.org
	ServerAlias www.dtype.org
	DocumentRoot /opt/www/dtype.org/
	<Directory /opt/www/dtype.org/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Require all granted
	</Directory>
	CustomLog /var/log/apache2/dtype.org-access.log combined
	ErrorLog /var/log/apache2/dtype.org-error.log
	SSLEngine On
	SSLCertificateFile /etc/letsencrypt/live/www.dtype.org/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.dtype.org/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.dtype.org/chain.pem
	# SSLCipherSuite EECDH+AES128+AESGCM:EDH+AES128+AESGCM:EECDH+AES128:EDH+AES128:DES-CBC3-SHA
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	SSLCompression off
	SSLUseStapling on
	Header always set Strict-Transport-Security "max-age=15552000; includeSubdomains; preload"
</VirtualHost>