cryptpad/docs/example.httpd.conf

# SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
#
# SPDX-License-Identifier: AGPL-3.0-or-later

#   This file is included strictly as an example of how Apache httpd can be
#   configured to work with CryptPad. If you are using CryptPad in production
#   and require professional support please contact sales@cryptpad.fr

#   This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy,
#   mod_proxy_http and mod_headers

Listen 443

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLSessionCache "shmcb:logs/ssl_scache(512000)"
SSLSessionCacheTimeout 86400
SSLSessionTickets off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

<VirtualHost *:443>
  ServerName cryptpad.your-domain.com
  ServerAlias sandbox.your-domain.com
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
  BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
  Protocols h2 http/1.1
  LimitRequestBody 157286400
  AddType application/javascript mjs
  ProxyPass / http://localhost:3000/ upgrade=websocket
  ProxyPassReverse / http://localhost:3000/
</VirtualHost>
Add licensing information to new files 2023-12-19 19:38:26 +08:00			`# SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors`
			`#`
			`# SPDX-License-Identifier: AGPL-3.0-or-later`

Create example.httpd.conf 2023-12-06 15:24:32 +08:00			`# This file is included strictly as an example of how Apache httpd can be`
			`# configured to work with CryptPad. If you are using CryptPad in production`
			`# and require professional support please contact sales@cryptpad.fr`

			`# This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy,`
			`# mod_proxy_http and mod_headers`

			`Listen 443`

			`SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`
			`SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384`
			`SSLHonorCipherOrder off`
			`SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1`
			`SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1`
Edit for consistency 2023-12-06 15:53:18 +08:00			`SSLSessionCache "shmcb:logs/ssl_scache(512000)"`
Create example.httpd.conf 2023-12-06 15:24:32 +08:00			`SSLSessionCacheTimeout 86400`
			`SSLSessionTickets off`
			`SSLUseStapling on`
			`SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"`

			`<VirtualHost *:443>`
			`ServerName cryptpad.your-domain.com`
			`ServerAlias sandbox.your-domain.com`
			`Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"`
			`SSLEngine on`
			`SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem`
			`SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem`
			`BrowserMatch "MSIE [2-5]" \`
			`nokeepalive ssl-unclean-shutdown \`
			`downgrade-1.0 force-response-1.0`
			`Protocols h2 http/1.1`
			`LimitRequestBody 157286400`
Suport .mjs files content-type 2024-04-16 22:24:53 +08:00			`AddType application/javascript mjs`
Create example.httpd.conf 2023-12-06 15:24:32 +08:00			`ProxyPass / http://localhost:3000/ upgrade=websocket`
			`ProxyPassReverse / http://localhost:3000/`
			`</VirtualHost>`