Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
166 lines (136 sloc) 4.31 KB
###
### svelte-apache-ssl.conf
### http://czep.net/16/svelte-apache.html
###
###
### httpd.conf for apache 2.4.x (RedHat systems)
###
### Main server configuration
ServerRoot "/etc/httpd"
Listen 80
ServerAdmin webmaster@example.net
ServerName example.net:80
### Base set of modules
LoadModule mime_module modules/mod_mime.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule systemd_module modules/mod_systemd.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule wsgi_module modules/mod_wsgi_python3.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule headers_module modules/mod_headers.so
LoadModule alias_module modules/mod_alias.so
# Pick one MPM module
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule mpm_worker_module modules/mod_mpm_worker.so
#LoadModule mpm_event_module modules/mod_mpm_event.so
User apache
Group apache
DocumentRoot "/var/www/html"
DirectoryIndex index.html
# Default deny access to root filesystem
<Directory />
AllowOverride none
Require all denied
</Directory>
# Configure access to document root
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# Prevent viewing of .htaccess and .htpasswd files
<Files ".ht*">
Require all denied
</Files>
# Logging
ErrorLog "logs/error_log"
LogLevel info
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "logs/access_log" combined
# Mime types
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# Misc
AddDefaultCharset UTF-8
EnableSendfile on
# mod_status and mod_info config
ExtendedStatus On
<Location "/apache-status">
SetHandler server-status
Require ip 192.168
</Location>
<Location "/apache-info">
SetHandler server-info
Require ip 192.168
</Location>
# WSGI config
WSGIScriptAlias /wsgi-info /var/www/wsgi-scripts/wsgi-info.wsgi
WSGIScriptAlias /stuff /var/www/apps/stuff/site/config/wsgi.py
WSGIDaemonProcess stuff python-home=/var/www/apps/stuff/.venv/webdev/ python-path=/var/www/apps/stuff/site
WSGIProcessGroup stuff
<Directory /var/www/apps/stuff/site/config>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /static/ /var/www/html/static/
<Directory /var/www/html/static>
Require all granted
</Directory>
<Directory /var/www/wsgi-scripts>
Require all granted
</Directory>
<Location "/wsgi-info">
#Require ip 192.168
Require all granted
</Location>
# Redirect port 80 to 443
#<VirtualHost *:80>
# ServerName example.net
# Redirect permanent / https://example.net/
#</VirtualHost>
###
### SSL config
###
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLProtocol -all +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName example.net:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
# add SSL environment variables to WSGI requests
<Directory "/var/www/wsgi-scripts">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
### EOF ###