58 lines
1.9 KiB
Plaintext
58 lines
1.9 KiB
Plaintext
|
<IfDefine SSL>
|
||
|
<IfDefine SSL_DEFAULT_VHOST>
|
||
|
<IfModule ssl_module>
|
||
|
|
||
|
Listen 443
|
||
|
|
||
|
<VirtualHost _default_:443>
|
||
|
ServerName localhost
|
||
|
Include /etc/apache2/vhosts.d/default_vhost.include
|
||
|
ErrorLog /var/log/apache2/ssl_error_log
|
||
|
|
||
|
<Directory />
|
||
|
Require all granted
|
||
|
Options FollowSymLinks
|
||
|
AllowOverride None
|
||
|
</Directory>
|
||
|
|
||
|
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
|
||
|
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea
|
||
|
WSGIProcessGroup privacyidea
|
||
|
WSGIPassAuthorization On
|
||
|
|
||
|
<IfModule log_config_module>
|
||
|
TransferLog /var/log/apache2/ssl_access_log
|
||
|
</IfModule>
|
||
|
|
||
|
SSLEngine on
|
||
|
|
||
|
SSLProtocol ALL -SSLv2 -SSLv3
|
||
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
|
||
|
SSLHonorCipherOrder On
|
||
|
SSLCertificateFile /etc/ssl/apache2/server.crt
|
||
|
SSLCertificateKeyFile /etc/ssl/apache2/server.key
|
||
|
|
||
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||
|
SSLOptions +StdEnvVars
|
||
|
</FilesMatch>
|
||
|
|
||
|
<Directory "/var/www/localhost/cgi-bin">
|
||
|
SSLOptions +StdEnvVars
|
||
|
</Directory>
|
||
|
|
||
|
<IfModule setenvif_module>
|
||
|
BrowserMatch ".*MSIE.*" \
|
||
|
nokeepalive ssl-unclean-shutdown \
|
||
|
downgrade-1.0 force-response-1.0
|
||
|
</IfModule>
|
||
|
|
||
|
<IfModule log_config_module>
|
||
|
CustomLog /var/log/apache2/ssl_request_log \
|
||
|
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||
|
</IfModule>
|
||
|
|
||
|
</VirtualHost>
|
||
|
</IfModule>
|
||
|
</IfDefine>
|
||
|
</IfDefine>
|