summaryrefslogtreecommitdiff
path: root/apache2/conf-available/local-ssl.conf
blob: 83acb90e7d748d1e01a6242ec475e5b38fe6d7d2 (plain) 
    

  1. <IfDefine !_TLSHOST>
    2. 

  2.     <IfDefine _HOST>
    3. 

  3.         Define __TLSHOST
    4. 

  4.         Define _TLSHOST ${_HOST}
    5. 

  5.     </IfDefine>
    6. 

  6. </IfDefine>
    7. 

  7. <IfDefine !_TLS_KEY>
    8. 

  8.     <IfDefine _TLSHOST>
    9. 

  9.         Define __TLS_CERT_CHAIN
    10. 

  10.         Define __TLS_KEY
    11. 

  11.         Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLSHOST}/fullchain.pem
    12. 

  12.         Define _TLS_KEY /var/lib/dehydrated/certs/${_TLSHOST}/privkey.pem
    13. 

  13.     </IfDefine>
    14. 

  14. </IfDefine>
    15. 

  15. 

  16. <IfDefine _TLSHOST>
    17. 

  17. 

  18. <If "%{HTTPS} == 'off'">
    19. 

  19.     RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
    20. 

  20. </If>
    21. 

  21. 

  22. # enable HSTS
    23. 

  23. # <http://www.debian-administration.org/articles/662>
    24. 

  24. <IfDefine !_NO_HSTS>
    25. 

  25. <IfDefine !_NO_HSTS_SUBDOMAINS>
    26. 

  26.     Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    27. 

  27. </IfDefine>
    28. 

  28. <IfDefine _NO_HSTS_SUBDOMAINS>
    29. 

  29.     Header add Strict-Transport-Security: "max-age=15768000"
    30. 

  30. </IfDefine>
    31. 

  31. </IfDefine>
    32. 

  32. 

  33. <IfModule mod_gnutls.c>
    34. 

  34.     GnuTLSEnable on
    35. 

  35.     <IfDefine _TLS_KEY>
    36. 

  36.         GnuTLSCertificateFile ${_TLS_CERT_CHAIN}
    37. 

  37.         GnuTLSKeyFile ${_TLS_KEY}
    38. 

  38.     </IfDefine>
    39. 

  39.     <IfDefine _OCSP_RESPONSE>
    40. 

  40.         GnuTLSOCSPStapling on
    41. 

  41.         GnuTLSOCSPResponseFile ${_OCSP_RESPONSE}
    42. 

  42.     </IfDefine>
    43. 

  43.     <IfDefine !_OCSP_RESPONSE>
    44. 

  44.         GnuTLSOCSPStapling off
    45. 

  45.     </IfDefine>
    46. 

  46. </IfModule>
    47. 

  47. 

  48. <IfModule mod_ssl.c>
    49. 

  49. <IfModule !mod_gnutls.c>
    50. 

  50.     SSLEngine on
    51. 

  51.     <IfDefine _TLS_KEY>
    52. 

  52.         SSLCertificateFile ${_TLS_CERT_CHAIN}
    53. 

  53.         SSLCertificateKeyFile ${_TLS_KEY}
    54. 

  54.     </IfDefine>
    55. 

  55. 

  56.     <FilesMatch "\.(cgi|shtml|phtml|php)$">
    57. 

  57.         SSLOptions +StdEnvVars
    58. 

  58.     </FilesMatch>
    59. 

  59.     <Directory /usr/lib/cgi-bin>
    60. 

  60.         SSLOptions +StdEnvVars
    61. 

  61.     </Directory>
    62. 

  62. </IfModule>
    63. 

  63. </IfModule>
    64. 

  64. 

  65. </IfDefine>
    66. 

  66. 

  67. <IfDefine __TLSHOST>
    68. 

  68.     Undefine _TLSHOST
    69. 

  69.     Undefine __TLSHOST
    70. 

  70. </IfDefine>
    71. 

  71. <IfDefine __TLS_CERT_CHAIN>
    72. 

  72.     Undefine _TLS_CERT_CHAIN
    73. 

  73.     Undefine __TLS_CERT_CHAIN
    74. 

  74. </IfDefine>
    75. 

  75. <IfDefine __TLS_KEY>
    76. 

  76.     Undefine _TLS_KEY
    77. 

  77.     Undefine __TLS_KEY
    78. 

  78. </IfDefine>
    79.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 09:14:02 +0000