]> git.ipfire.org Git - ipfire-2.x.git/blame - config/httpd/vhosts.d/ipfire-interface-ssl.conf
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
apr and aprutil: Added as requirement for apache 2.4
[ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
CommitLineData
90c973a6
MT		 1<VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
d733119b 6 DocumentRoot /srv/web/ipfire/html
90c973a6
MT		 7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
a7006325 11 SSLProtocol all -SSLv2 -SSLv3
69776cc4
MT		 12 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
13 SSLHonorCipherOrder on
90c973a6
MT		 14 SSLCertificateFile /etc/httpd/server.crt
15 SSLCertificateKeyFile /etc/httpd/server.key
810a7ea2 16
d733119b 17 <Directory /srv/web/ipfire/html>
90c973a6
MT		 18 Options ExecCGI
19 AllowOverride None
20 Order allow,deny
21 Allow from all
22 </Directory>
d733119b 23 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
90c973a6
MT		 24 AuthName "IPFire - Restricted"
25 AuthType Basic
26 AuthUserFile /var/ipfire/auth/users
27 Require user admin
28 </DirectoryMatch>
d733119b
MT		 29 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
30 <Directory /srv/web/ipfire/cgi-bin>
90c973a6 31 AllowOverride None
810a7ea2 32 Options ExecCGI
90c973a6
MT		 33 AuthName "IPFire - Restricted"
34 AuthType Basic
35 AuthUserFile /var/ipfire/auth/users
36 Require user admin
37 <Files chpasswd.cgi>
38 Satisfy Any
39 Allow from All
40 </Files>
41 <Files webaccess.cgi>
42 Satisfy Any
43 Allow from All
44 </Files>
90c973a6
MT		 45 <Files dial.cgi>
46 Require user admin
47 </Files>
48 </Directory>
d733119b 49 <Directory /srv/web/ipfire/cgi-bin/dial>
90c973a6
MT		 50 AllowOverride None
51 Options None
52 AuthName "IPFire - Restricted"
53 AuthType Basic
54 AuthUserFile /var/ipfire/auth/users
55 Require user dial admin
56 </Directory>
57 <Files ~ "\.(cgi|shtml?)$">
58 SSLOptions +StdEnvVars
59 </Files>
d733119b 60 <Directory /srv/web/ipfire/cgi-bin>
90c973a6
MT		 61 SSLOptions +StdEnvVars
62 </Directory>
63 SetEnv HOME /home/nobody
64 SetEnvIf User-Agent ".*MSIE.*" \
65 nokeepalive ssl-unclean-shutdown \
66 downgrade-1.0 force-response-1.0
67 CustomLog /var/log/httpd/ssl_request_log \
68 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
0bc58278
AF		 69
70 Alias /updatecache/ /var/updatecache/
71 <Directory /var/updatecache>
72 Options ExecCGI
73 AllowOverride None
74 Order deny,allow
75 Allow from all
76 </Directory>
7e620487 77
a4c76879 78 Alias /repository/ /var/urlrepo/
7e620487
CS		 79 <Directory /var/urlrepo>
80 Options ExecCGI
81 AllowOverride None
82 Order deny,allow
83 Allow from all
84 </Directory>
f8716194
MT		 85
86 Alias /proxy-reports/ /var/log/sarg/
87 <Directory /var/log/sarg>
88 AllowOverride None
89 Options None
90 AuthName "IPFire - Restricted"
91 AuthType Basic
92 AuthUserFile /var/ipfire/auth/users
93 Require user admin
94 </Directory>
90c973a6 95</VirtualHost>
IPFire 2.x development tree