forked from jan/cacert-devsetup
f9b0eb5195
This commit renames the application container to webdb and drops the test suffix in favour of using www.cacert.localhost directly. The server certificate for www.cacert.localhost got an additional subjectAlternativeName secure.cacert.localhost and is used for both hostnames now. Environment variables containing _APP have been renamed to _WEBDB to keep consistency.
72 lines
2.3 KiB
Plaintext
72 lines
2.3 KiB
Plaintext
<VirtualHost *:80>
|
|
ServerName www.cacert.localhost
|
|
DocumentRoot /www/www
|
|
|
|
ScriptAlias /cgi-bin/ /www/cgi-bin/
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
|
RewriteEngine On
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
RewriteRule .* - [F]
|
|
<Directory /www/www/policy>
|
|
AddDefaultCharset utf-8
|
|
</Directory>
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName www.cacert.localhost
|
|
DocumentRoot /www/www
|
|
|
|
SSLEngine on
|
|
SSLStrictSNIVHostCheck on
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
SSLHonorCipherOrder on
|
|
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
|
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
|
|
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000"
|
|
|
|
ScriptAlias /cgi-bin/ /www/cgi-bin/
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
|
RewriteEngine On
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
RewriteRule .* - [F]
|
|
<Directory /www/www/policy>
|
|
AddDefaultCharset utf-8
|
|
</Directory>
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerName secure.cacert.localhost
|
|
DocumentRoot /www/www
|
|
|
|
SSLEngine on
|
|
SSLStrictSNIVHostCheck on
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
SSLHonorCipherOrder on
|
|
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
|
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
|
|
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
|
|
|
|
SSLVerifyClient require
|
|
SSLVerifyDepth 2
|
|
SSLCACertificateFile /etc/ssl/apache2/certs/combined.crt
|
|
#SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
|
|
#SSLOCSPEnable on
|
|
#SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
|
|
SSLOptions +StdEnvVars
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000"
|
|
|
|
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
|
|
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
|
|
RewriteEngine On
|
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
|
RewriteRule .* - [F]
|
|
<Directory /www/www/policy>
|
|
AddDefaultCharset utf-8
|
|
</Directory>
|
|
</VirtualHost>
|