25 lines
1 KiB
Plaintext
25 lines
1 KiB
Plaintext
<VirtualHost *:80>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteCond %{REQUEST_URI} !^\/\.well-known\/.*$
|
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
|
|
ProxyPass /.well-known/acme-challenge http://acme-c.sunet.se/.well-known/acme-challenge/
|
|
ProxyPassReverse /.well-known/acme-challenge http://acme-c.sunet.se/.well-known/acme-challenge/
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
Header always set Content-Security-Policy "default-src https://<%= @certname %>"
|
|
</IfModule>
|
|
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
</VirtualHost>
|
|
|
|
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|