diff options
| author | B Stack <bgstack15@gmail.com> | 2020-12-11 09:03:14 -0500 |
|---|---|---|
| committer | B Stack <bgstack15@gmail.com> | 2020-12-11 09:03:14 -0500 |
| commit | 1b37b398baa87fb762a19f850d7b637ac9a2d84f (patch) | |
| tree | b3bd0c9053e49864810207718b64ca674a4fe8b7 /config | |
| parent | gracefully handle when x_forwarded_for is null (diff) | |
| download | hex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.tar.gz hex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.tar.bz2 hex-zero-1b37b398baa87fb762a19f850d7b637ac9a2d84f.zip | |
add ssl to main apache example
Diffstat (limited to 'config')
| -rw-r--r-- | config/hex-zero.conf.apache | 32 | ||||
| -rw-r--r-- | config/hex-zero.conf.apache.nossl | 17 |
2 files changed, 37 insertions, 12 deletions
diff --git a/config/hex-zero.conf.apache b/config/hex-zero.conf.apache index 821b7b8..474e498 100644 --- a/config/hex-zero.conf.apache +++ b/config/hex-zero.conf.apache @@ -1,23 +1,31 @@ -# Apache example config for hex-zero application +# Apache example config for hex-zero application with ssl <VirtualHost *:80> - ServerName 0x0.ipa.example.com - ServerAdmin webmaster@localhost DocumentRoot /var/www/html - - #LogLevel info ssl:warn - ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined + # force https for this path + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1) + RewriteRule ^/hex-zero(.*) https://%{SERVER_NAME}/hex-zero$1 [R,L] +</VirtualHost> - # This reverse proxy definition exists for when you run hex-zero on - # loopback and want to use apache to protect it either with - # authentication or TLS. This hostname and port number must match the - # hex-zero.conf values for APP_HOST_LISTEN and APP_PORT. - # And the hostname and path must match APP_URL from the same file. +<VirtualHost *:443> + ServerName 0x0.ipa.example.com + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + #LogLevel info ssl:warn + ErrorLog ${APACHE_LOG_DIR}/ssl-error.log + CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" + SSLCertificateFile /etc/ssl/private/https-0x0.ipa.example.com.pem + SSLCertificateKeyFile /etc/ssl/private/https-0x0.ipa.example.com-nopw.key ProxyPass /hex-zero http://localhost:3031/ ProxyPassReverse /hex-zero http://localhost:3031/ - </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/config/hex-zero.conf.apache.nossl b/config/hex-zero.conf.apache.nossl new file mode 100644 index 0000000..10b3fb0 --- /dev/null +++ b/config/hex-zero.conf.apache.nossl @@ -0,0 +1,17 @@ +# Apache example config for hex-zero application without ssl +<VirtualHost *:80> + ServerName 0x0.ipa.example.com + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + #LogLevel info ssl:warn + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + # This reverse proxy definition exists for when you run hex-zero on + # loopback and want to use apache to protect it either with + # authentication or TLS. This hostname and port number must match the + # hex-zero.conf values for APP_HOST_LISTEN and APP_PORT. + # And the hostname and path must match APP_URL from the same file. + ProxyPass /hex-zero http://localhost:3031/ + ProxyPassReverse /hex-zero http://localhost:3031/ +</VirtualHost> +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet |