/
ssl-vhost-docs-infra.conf.j2
39 lines (32 loc) · 1.38 KB
/
ssl-vhost-docs-infra.conf.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<VirtualHost *:443>
ServerAdmin webmaster@centos.org
ServerName {{ httpd_docs_infra_hostname }}
DocumentRoot {{ httpd_docs_infra_rootdir }}
Header always set Strict-Transport-Security "max-age=31536000"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
RewriteEngine on
ErrorLog logs/ssl-{{ httpd_docs_infra_hostname }}_error.log
TransferLog logs/ssl-{{ httpd_docs_infra_hostname }}_access.log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4
SSLCertificateFile /etc/pki/tls/certs/{{ httpd_docs_infra_hostname }}.crt
SSLCertificateKeyFile /etc/pki/tls/private/{{ httpd_docs_infra_hostname }}.key
SSLCertificateChainFile /etc/pki/tls/certs/{{ httpd_docs_infra_hostname }}-CAChain.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl-{{ httpd_docs_infra_hostname }}_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>