From 1b37b398baa87fb762a19f850d7b637ac9a2d84f Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Fri, 11 Dec 2020 09:03:14 -0500
Subject: add ssl to main apache example

---
 config/hex-zero.conf.apache | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

(limited to 'config/hex-zero.conf.apache')

diff --git a/config/hex-zero.conf.apache b/config/hex-zero.conf.apache
index 821b7b8..474e498 100644
--- a/config/hex-zero.conf.apache
+++ b/config/hex-zero.conf.apache
@@ -1,23 +1,31 @@
-# Apache example config for hex-zero application
+# Apache example config for hex-zero application with ssl
 <VirtualHost *:80>
-
 	ServerName 0x0.ipa.example.com
-
 	ServerAdmin webmaster@localhost
 	DocumentRoot /var/www/html
-
-	#LogLevel info ssl:warn
-
 	ErrorLog ${APACHE_LOG_DIR}/error.log
 	CustomLog ${APACHE_LOG_DIR}/access.log combined
+   # force https for this path
+   RewriteEngine On
+   RewriteCond %{HTTPS} !=on
+   RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
+   RewriteRule ^/hex-zero(.*) https://%{SERVER_NAME}/hex-zero$1 [R,L]
+</VirtualHost>
 
-   # This reverse proxy definition exists for when you run hex-zero on
-   # loopback and want to use apache to protect it either with
-   # authentication or TLS. This hostname and port number must match the
-   # hex-zero.conf values for APP_HOST_LISTEN and APP_PORT.
-   # And the hostname and path must match APP_URL from the same file.
+<VirtualHost *:443>
+   ServerName 0x0.ipa.example.com
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	#LogLevel info ssl:warn
+	ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
+	CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
+   SSLEngine on
+   SSLProtocol all -SSLv2 -SSLv3
+   SSLHonorCipherOrder on
+   SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
+   SSLCertificateFile /etc/ssl/private/https-0x0.ipa.example.com.pem
+   SSLCertificateKeyFile /etc/ssl/private/https-0x0.ipa.example.com-nopw.key
    ProxyPass /hex-zero http://localhost:3031/
    ProxyPassReverse /hex-zero http://localhost:3031/
-
 </VirtualHost>
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-- 
cgit