blob: a22646cb40fa87dea216d7c69a15df10aaf7a583 (
plain)
- <IfDefine !_TLSHOST>
- <IfDefine _HOST>
- Define _TLSHOST ${_HOST}
- </IfDefine>
- </IfDefine>
- <IfDefine !_TLS_KEY>
- <IfDefine _TLSHOST>
- Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLSHOST}/fullchain.pem
- Define _TLS_KEY /var/lib/dehydrated/certs/${_TLSHOST}/privkey.pem
- </IfDefine>
- </IfDefine>
- <IfDefine _TLSHOST>
- <If "%{HTTPS} == 'off'">
- RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
- </If>
- # enable HSTS
- # <http://www.debian-administration.org/articles/662>
- <IfDefine !_NO_HSTS>
- <IfDefine !_NO_HSTS_SUBDOMAINS>
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
- </IfDefine>
- <IfDefine _NO_HSTS_SUBDOMAINS>
- Header add Strict-Transport-Security: "max-age=15768000"
- </IfDefine>
- </IfDefine>
- <IfModule mod_gnutls.c>
- GnuTLSEnable on
- <IfDefine _TLS_KEY>
- GnuTLSCertificateFile ${_TLS_CERT_CHAIN}
- GnuTLSKeyFile ${_TLS_KEY}
- </IfDefine>
- </IfModule>
- <IfModule mod_ssl.c>
- <IfModule !mod_gnutls.c>
- SSLEngine on
- <IfDefine _TLS_KEY>
- SSLCertificateFile ${_TLS_CERT_CHAIN}
- SSLCertificateKeyFile ${_TLS_KEY}
- </IfDefine>
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
- </IfModule>
- </IfModule>
- </IfDefine>
|
