Last active
August 29, 2015 14:22
-
-
Save mortenbra/98ffa25e73078f605d12 to your computer and use it in GitHub Desktop.
Apache SSL configuration (protocols, ciphers)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # use the domain name or IP address | |
| ServerName example.com:443 | |
| # point to the files created when generating the certificate | |
| SSLEngine on | |
| SSLCertificateFile /etc/httpd/ssl/apache.crt | |
| SSLCertificateKeyFile /etc/httpd/ssl/apache.key | |
| # disable broken/weak protocols and ciphers | |
| # see https://cipherli.st/ for an updated list | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" | |
| # forward dynamic (ORDS) requests to Tomcat, same as is done for http on port 80 | |
| <VirtualHost _default_:443> | |
| ProxyRequests Off | |
| ProxyPreserveHost On | |
| <Proxy *> | |
| Order deny,allow | |
| Allow from all | |
| </Proxy> | |
| ProxyPass /ords ajp://localhost:8009/ords | |
| ProxyPassReverse /ords ajp://localhost:8009/ords | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment