diff options
Diffstat (limited to 'apache2/conf-available/local-tls.conf')
-rw-r--r-- | apache2/conf-available/local-tls.conf | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/apache2/conf-available/local-tls.conf b/apache2/conf-available/local-tls.conf new file mode 100644 index 0000000..da6de62 --- /dev/null +++ b/apache2/conf-available/local-tls.conf @@ -0,0 +1,67 @@ +<IfDefine !_TLSHOST> + <IfDefine _HOST> + Define __TLSHOST + Define _TLSHOST ${_HOST} + </IfDefine> +</IfDefine> +<IfDefine !_TLS_KEY> + <IfDefine _TLSHOST> + Define __TLS_CERT_CHAIN + Define __TLS_KEY + Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLSHOST}/fullchain.pem + Define _TLS_KEY /var/lib/dehydrated/certs/${_TLSHOST}/privkey.pem + </IfDefine> +</IfDefine> + +<IfDefine _TLSHOST> + +<If "%{HTTPS} == 'off'"> + RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1 +</If> + +<IfModule mod_gnutls.c> + GnuTLSEnable on + <IfDefine _TLS_KEY> + GnuTLSCertificateFile ${_TLS_CERT_CHAIN} + GnuTLSKeyFile ${_TLS_KEY} + </IfDefine> + <IfDefine _OCSP_RESPONSE> + GnuTLSOCSPStapling on + GnuTLSOCSPResponseFile ${_OCSP_RESPONSE} + </IfDefine> + <IfDefine !_OCSP_RESPONSE> + GnuTLSOCSPStapling off + </IfDefine> +</IfModule> + +<IfModule mod_ssl.c> +<IfModule !mod_gnutls.c> + SSLEngine on + <IfDefine _TLS_KEY> + SSLCertificateFile ${_TLS_CERT_CHAIN} + SSLCertificateKeyFile ${_TLS_KEY} + </IfDefine> + + <FilesMatch "\.(cgi|shtml|phtml|php)$"> + SSLOptions +StdEnvVars + </FilesMatch> + <Directory /usr/lib/cgi-bin> + SSLOptions +StdEnvVars + </Directory> +</IfModule> +</IfModule> + +</IfDefine> + +<IfDefine __TLSHOST> + Undefine _TLSHOST + Undefine __TLSHOST +</IfDefine> +<IfDefine __TLS_CERT_CHAIN> + Undefine _TLS_CERT_CHAIN + Undefine __TLS_CERT_CHAIN +</IfDefine> +<IfDefine __TLS_KEY> + Undefine _TLS_KEY + Undefine __TLS_KEY +</IfDefine> |