mirror of https://github.com/xwiki-labs/cryptpad
Merge pull request #1332 from nisbet-hubbard/patch-1
Basic configuration for Apache httpd
This commit is contained in:
commit
006e6b602a
|
@ -0,0 +1,35 @@
|
|||
# This file is included strictly as an example of how Apache httpd can be
|
||||
# configured to work with CryptPad. If you are using CryptPad in production
|
||||
# and require professional support please contact sales@cryptpad.fr
|
||||
|
||||
# This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy,
|
||||
# mod_proxy_http and mod_headers
|
||||
|
||||
Listen 443
|
||||
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLSessionCache "shmcb:logs/ssl_scache(512000)"
|
||||
SSLSessionCacheTimeout 86400
|
||||
SSLSessionTickets off
|
||||
SSLUseStapling on
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName cryptpad.your-domain.com
|
||||
ServerAlias sandbox.your-domain.com
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
Protocols h2 http/1.1
|
||||
LimitRequestBody 157286400
|
||||
ProxyPass / http://localhost:3000/ upgrade=websocket
|
||||
ProxyPassReverse / http://localhost:3000/
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue