Httpd - dtype.org

From dtype.org

TLS

Handled by letsencrypt, updated monthly on cron.

apache2 conf

<VirtualHost *:80>
	ServerName dtype.org
	ServerAlias www.dtype.org
	DocumentRoot /opt/www/dtype.org/
	<Directory /opt/www/dtype.org/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Require all granted
	</Directory>
	CustomLog /var/log/apache2/dtype.org-access.log combined
	ErrorLog /var/log/apache2/dtype.org-error.log
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
	# Header always set Strict-Transport-Security "max-age=15552000; includeSubdomains; preload"
</VirtualHost>


<VirtualHost *:443>
	ServerName dtype.org
	ServerAlias www.dtype.org
	DocumentRoot /opt/www/dtype.org/
	<Directory /opt/www/dtype.org/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Require all granted
	</Directory>
	CustomLog /var/log/apache2/dtype.org-access.log combined
	ErrorLog /var/log/apache2/dtype.org-error.log
	SSLEngine On
	SSLCertificateFile /etc/letsencrypt/live/www.dtype.org/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.dtype.org/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.dtype.org/chain.pem
	# SSLCipherSuite EECDH+AES128+AESGCM:EDH+AES128+AESGCM:EECDH+AES128:EDH+AES128:DES-CBC3-SHA
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder On
	SSLCompression off
	SSLUseStapling on
	Header always set Strict-Transport-Security "max-age=15552000; includeSubdomains; preload"
</VirtualHost>
Retrieved from "https://dtype.org/index.php?title=Httpd_-_dtype.org&oldid=7"