-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstorage.example-httpd.conf
More file actions
68 lines (52 loc) · 2.63 KB
/
storage.example-httpd.conf
File metadata and controls
68 lines (52 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<VirtualHost storage.example:80>
ServerName storage.example
ErrorLog logs/storage.example_error_log
TransferLog logs/storage.example_access_log
CustomLog logs/storage.example_combined_log combined
LogLevel warn
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
SSLStaplingCache shmcb:/run/httpd/ssl_stapling(32768)
SSLVerifyDepth 5
<VirtualHost storage.example:443>
ServerName storage.example
ErrorLog logs/storage.example_ssl_error_log
TransferLog logs/storage.example_ssl_access_log
CustomLog logs/storage.example_ssl_combined_log combined
LogLevel warn
DocumentRoot /usr/share/php-remote-storage/web
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/storage.example.crt
#SSLCertificateChainFile /etc/pki/tls/certs/storage.example-chain.crt
SSLCertificateKeyFile /etc/pki/tls/private/storage.example.key
SSLProtocol all -SSLv3 -TLSv1
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
<Directory "/usr/share/php-remote-storage/web">
Options -MultiViews
Require all granted
#Require local
AllowOverride none
</Directory>
# Pass through the "Authorization" header
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Some request are handled by Apache directly
ProxyPass "/css/" !
ProxyPass "/img/" !
ProxyPass "/js/" !
ProxyPassMatch "^/robots.txt$" !
ProxyPassMatch "^/favicon.ico$" !
# The rest goes to PHP-FPM...
ProxyPassMatch "^/.well-known/webfinger$" fcgi://[::1]:9000/usr/share/php-webfinger/web/index.php
ProxyPass "/" fcgi://[::1]:9000/usr/share/php-remote-storage/web/index.php/
</VirtualHost>