Last active
March 18, 2020 07:27
-
-
Save Androz2091/a0208d48c16eeba8baa0e82c62a19ca8 to your computer and use it in GitHub Desktop.
Apache SSL configuration with reverse proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName www.domain.com | |
| RewriteEngine on | |
| RewriteCond %{HTTPS} !on | |
| RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerName www.domain.com | |
| DocumentRoot /var/www/www.domain.com | |
| <Directory /var/www/www.domain.com> | |
| Options -Indexes | |
| AllowOverride all | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| SSLEngine on | |
| SSLCertificateFile /etc/letsencrypt/live/www.domain.com/cert.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/www.domain.com/chain.pem | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| SSLHonorCipherOrder on | |
| SSLCompression off | |
| SSLOptions +StrictRequire | |
| SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES1$ | |
| Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
| LogLevel warn | |
| ErrorLog ${APACHE_LOG_DIR}/www.domain.com-error.log | |
| CustomLog ${APACHE_LOG_DIR}/www.domain.com-access.log combined | |
| </VirtualHost> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName www.domain.com | |
| RewriteEngine on | |
| RewriteCond %{HTTPS} !on | |
| RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | |
| </VirtualHost> | |
| <VirtualHost *:443> | |
| ServerName www.domain.com | |
| ProxyPass / http://localhost:8080/ | |
| ProxyPassReverse / http://localhost:8080/ | |
| SSLEngine on | |
| SSLCertificateFile /etc/letsencrypt/live/www.domain.com/cert.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/www.domain.com/chain.pem | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| SSLHonorCipherOrder on | |
| SSLCompression off | |
| SSLOptions +StrictRequire | |
| SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA | |
| Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
| LogLevel warn | |
| ErrorLog ${APACHE_LOG_DIR}/www.domain.com-error.log | |
| CustomLog ${APACHE_LOG_DIR}/www.domain.com-access.log combined | |
| </VirtualHost> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Install needed modules:
a2enmod ssla2enmod proxya2enmod rewritea2enmod headersFix
No protocol handler was valid for the URL:ln -s /etc/apache2/mods-available/proxy_http.load \> /etc/apache2/mods-enabled/proxy_http.loadapache2ctl configtestapache2ctl graceful/etc/init.d/apache2 restart