]> git.ipfire.org Git - people/mlorenz/ipfire-2.x.git/blob - config/httpd/vhosts.d/ipfire-interface-ssl.conf
projects / people / mlorenz / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update to apache 2.4.27
[people/mlorenz/ipfire-2.x.git] / config / httpd / vhosts.d / ipfire-interface-ssl.conf
1 <VirtualHost *:444>
2
3 RewriteEngine on
4 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
5 RewriteRule .* - [F]
6 DocumentRoot /srv/web/ipfire/html
7 ServerAdmin root@localhost
8 ErrorLog /var/log/httpd/error_log
9 TransferLog /var/log/httpd/access_log
10 SSLEngine on
11 SSLProtocol all -SSLv2 -SSLv3
12 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
13 SSLHonorCipherOrder on
14 SSLCertificateFile /etc/httpd/server.crt
15 SSLCertificateKeyFile /etc/httpd/server.key
16
17 <Directory /srv/web/ipfire/html>
18 Options ExecCGI
19 AllowOverride None
20 Require all granted
21 </Directory>
22 <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)">
23 AuthName "IPFire - Restricted"
24 AuthType Basic
25 AuthUserFile /var/ipfire/auth/users
26 Require user admin
27 </DirectoryMatch>
28 ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/
29 <Directory /srv/web/ipfire/cgi-bin>
30 AllowOverride None
31 Options ExecCGI
32 AuthName "IPFire - Restricted"
33 AuthType Basic
34 AuthUserFile /var/ipfire/auth/users
35 Require user admin
36 <Files chpasswd.cgi>
37 Require all granted
38 </Files>
39 <Files webaccess.cgi>
40 Require all granted
41 </Files>
42 <Files dial.cgi>
43 Require user admin
44 </Files>
45 </Directory>
46 <Directory /srv/web/ipfire/cgi-bin/dial>
47 AllowOverride None
48 Options None
49 AuthName "IPFire - Restricted"
50 AuthType Basic
51 AuthUserFile /var/ipfire/auth/users
52 Require user dial admin
53 </Directory>
54 <Files ~ "\.(cgi|shtml?)$">
55 SSLOptions +StdEnvVars
56 </Files>
57 <Directory /srv/web/ipfire/cgi-bin>
58 SSLOptions +StdEnvVars
59 </Directory>
60 SetEnv HOME /home/nobody
61 SetEnvIf User-Agent ".*MSIE.*" \
62 nokeepalive ssl-unclean-shutdown \
63 downgrade-1.0 force-response-1.0
64 CustomLog /var/log/httpd/ssl_request_log \
65 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
66
67 Alias /updatecache/ /var/updatecache/
68 <Directory /var/updatecache>
69 Options ExecCGI
70 AllowOverride None
71 Require all granted
72 </Directory>
73
74 Alias /repository/ /var/urlrepo/
75 <Directory /var/urlrepo>
76 Options ExecCGI
77 AllowOverride None
78 Require all granted
79 </Directory>
80
81 Alias /proxy-reports/ /var/log/sarg/
82 <Directory /var/log/sarg>
83 AllowOverride None
84 Options None
85 AuthName "IPFire - Restricted"
86 AuthType Basic
87 AuthUserFile /var/ipfire/auth/users
88 Require user admin
89 </Directory>
90 </VirtualHost>
Marcel's tree of IPFire 2.x