jan/cacert-devsetup
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity
cacert-devsetup/docker/apache-virtualhost.conf
Jan Dittberner 279dbcffbf Implement docker-compose setup for CAcert software
2020-12-20 14:52:15 +01:00

75 lines
2.4 KiB
Plaintext
Raw Blame History

<VirtualHost *:80>
ServerName test.cacert.org
ServerAlias www.test.cacert.org
DocumentRoot /www/www
ScriptAlias /cgi-bin/ /www/cgi-bin/
Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName test.cacert.org
ServerAlias www.test.cacert.org
DocumentRoot /www/www
SSLEngine on
SSLStrictSNIVHostCheck on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/certs/test.cacert.org.crt
SSLCertificateKeyFile /etc/ssl/private/test.cacert.org.pem
SSLCACertificateFile /etc/ssl/certs/combined.crt
Header always set Strict-Transport-Security "max-age=31536000"
ScriptAlias /cgi-bin/ /www/cgi-bin/
Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName secure.test.cacert.org
ServerAlias secure.test.cacert.org
DocumentRoot /www/www
SSLEngine on
SSLStrictSNIVHostCheck on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/certs/secure.crt
SSLCertificateKeyFile /etc/ssl/private/secure_test_cacert_org.pem
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile /etc/ssl/certs/combined.crt
#SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
#SSLOCSPEnable on
#SSLOCSPDefaultResponder http://ocsp.cacert.org/
SSLOptions +StdEnvVars
Header always set Strict-Transport-Security "max-age=31536000"
Redirect permanent /revoke.crl http://crl.cacert.org/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>
Reference in a new issue View git blame Copy permalink