aboutsummaryrefslogtreecommitdiff
path: root/config/hex-zero.conf.apache
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2020-12-11 09:03:14 -0500
committerB Stack <bgstack15@gmail.com>2020-12-11 09:03:14 -0500
commit1b37b398baa87fb762a19f850d7b637ac9a2d84f (patch)
treeb3bd0c9053e49864810207718b64ca674a4fe8b7 /config/hex-zero.conf.apache
parentgracefully handle when x_forwarded_for is null (diff)
downloadhex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.tar.gz
hex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.tar.bz2
hex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.zip
add ssl to main apache example
Diffstat (limited to 'config/hex-zero.conf.apache')
-rw-r--r--config/hex-zero.conf.apache32
1 files changed, 20 insertions, 12 deletions
diff --git a/config/hex-zero.conf.apache b/config/hex-zero.conf.apache
index 821b7b8..474e498 100644
--- a/config/hex-zero.conf.apache
+++ b/config/hex-zero.conf.apache
@@ -1,23 +1,31 @@
-# Apache example config for hex-zero application
+# Apache example config for hex-zero application with ssl
<VirtualHost *:80>
-
ServerName 0x0.ipa.example.com
-
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
-
- #LogLevel info ssl:warn
-
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
+ # force https for this path
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
+ RewriteRule ^/hex-zero(.*) https://%{SERVER_NAME}/hex-zero$1 [R,L]
+</VirtualHost>
- # This reverse proxy definition exists for when you run hex-zero on
- # loopback and want to use apache to protect it either with
- # authentication or TLS. This hostname and port number must match the
- # hex-zero.conf values for APP_HOST_LISTEN and APP_PORT.
- # And the hostname and path must match APP_URL from the same file.
+<VirtualHost *:443>
+ ServerName 0x0.ipa.example.com
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ #LogLevel info ssl:warn
+ ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
+ SSLEngine on
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLHonorCipherOrder on
+ SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
+ SSLCertificateFile /etc/ssl/private/https-0x0.ipa.example.com.pem
+ SSLCertificateKeyFile /etc/ssl/private/https-0x0.ipa.example.com-nopw.key
ProxyPass /hex-zero http://localhost:3031/
ProxyPassReverse /hex-zero http://localhost:3031/
-
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
bgstack15