Created
January 11, 2021 06:37
-
-
Save ryanbekabe/aba323e5cd14a591d05406fa3e9b7967 to your computer and use it in GitHub Desktop.
Apache A Plus Grade SSL Let's Encrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName www.rek.my.id | |
| ServerAlias rek.my.id | |
| ServerAdmin [email protected] | |
| DocumentRoot /var/www/html | |
| <Directory /var/www/html> | |
| AllowOverride All | |
| Require all granted | |
| </Directory> | |
| ErrorLog ${APACHE_LOG_DIR}/error.log | |
| CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| </VirtualHost> | |
| <IfModule mod_ssl.c> | |
| <VirtualHost *:443> | |
| ServerName www.rek.my.id | |
| ServerAlias rek.my.id | |
| ServerAdmin [email protected] | |
| DocumentRoot /var/www/html | |
| <Directory /var/www/html> | |
| AllowOverride All | |
| Require all granted | |
| </Directory> | |
| ErrorLog ${APACHE_LOG_DIR}/error.log | |
| CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| SSLCertificateFile /etc/letsencrypt/live/rek.my.id-0001/fullchain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/rek.my.id-0001/privkey.pem | |
| #SSLOpenSSLConfCmd DHParameters /home/ssl/dhparam4096.pem | |
| #Begin Include /etc/letsencrypt/options-ssl-apache.conf | |
| SSLEngine on | |
| SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | |
| #SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
| SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-CBC-SHA | |
| SSLHonorCipherOrder off | |
| SSLSessionTickets off | |
| SSLOptions +StrictRequire | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" | |
| # Add vhost name to log entries: | |
| LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined | |
| LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common | |
| #End Include /etc/letsencrypt/options-ssl-apache.conf | |
| #SSLUseStapling on | |
| </VirtualHost> | |
| #SSLStaplingCache shmcb:/tmp/stapling_cache(2097152) | |
| #https://www.ssllabs.com/ssltest/analyze.html?d=rek.my.id | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment