ServerName <%= @servername %> ServerAdmin cert@cert.sunet.se DocumentRoot /var/www/html RewriteEngine On RewriteRule ^(.*)$ https://<%= @servername %>/$1 [R,L] ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName <%= @servername %> ServerAdmin cert@cert.sunet.se SSLEngine on <% if @use_snakeoil -%> SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <% else -%> SSLCertificateFile <%= @tls_cert %> SSLCertificateKeyFile <%= @tls_key %> SSLCertificateChainFile <%= @tls_chain %> <% end -%> SSLCACertificatePath /etc/ssl/certs/ SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt Protocols h2 http/1.1 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 SSLHonorCipherOrder off SSLSessionTickets off Header always set Strict-Transport-Security "max-age=63072000" ProxyRequests Off ProxyPass "http://127.0.0.1:8666/api" ProxyPassReverse "http://127.0.0.1:8666/api" Header always set X-DEBUG-PATH "/api" # RewriteEngine on # RewriteCond %{REQUEST_URI} !^/(index.html|static|api|intelmq-webinput) # RewriteRule .* /index.html [PT] DocumentRoot /opt/intelmq/www-fody Header set Content-Security-Policy "script-src 'self'" Header set X-Content-Security-Policy "script-src 'self'" Require all granted Options FollowSymLinks Alias /intelmq-manager /usr/share/intelmq_manager/html/ # AuthType Basic # AuthName "IntelMQ" # AuthBasicProvider file # AuthUserFile /etc/apache2/htpasswd # Require user sunetcert Header set Content-Security-Policy "script-src 'self'" Header set X-Content-Security-Policy "script-src 'self'" ProxyPass unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/ ProxyPassReverse unix:/opt/intelmq/venv/lib/python3.11/site-packages/intelmq_api/intelmq_api.sock|http://127.0.0.1/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined