Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
 
 
 
 
 
 

66 lignes
2.1 KiB

  1. ServerName {{ FQDN }}
  2. <VirtualHost *:80>
  3. ServerName www.{{ FQDN }}
  4. ServerAlias {{ FQDN }}
  5. # Redirect permanent / https://www.{{ FQDN }}/
  6. Redirect / https://www.{{ FQDN }}/
  7. </VirtualHost>
  8. <VirtualHost *:443>
  9. ServerName {{ FQDN }}
  10. ProxyPass /api/ http://backend:8000/api/
  11. ProxyPassReverse /api/ http://backend:8000/api/
  12. SSLEngine on
  13. SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
  14. SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
  15. </VirtualHost>
  16. <VirtualHost *:443>
  17. ServerName api.{{ FQDN }}
  18. ProxyPass / http://backend:8000/api/
  19. ProxyPassReverse / http://backend:8000/api/
  20. SSLEngine on
  21. SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
  22. SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
  23. </VirtualHost>
  24. <VirtualHost *:443>
  25. ServerName www.{{ FQDN }}
  26. ServerAlias {{ FQDN }}
  27. DocumentRoot /var/www/html
  28. <Directory /var/www/html/>
  29. Options Indexes FollowSymLinks
  30. AllowOverride None
  31. Require all granted
  32. </Directory>
  33. SSLEngine on
  34. SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
  35. SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
  36. </VirtualHost>
  37. <VirtualHost *:443>
  38. ServerName profiles.{{ FQDN }}
  39. ProxyPass / http://profiles:8108/
  40. ProxyPassReverse / http://profiles:8108/
  41. SSLEngine on
  42. SSLCertificateFile {{ SSL_CERTIFICATE_FILE }}
  43. SSLCertificateKeyFile {{ SSL_CERTIFICATE_KEY_FILE }}
  44. </VirtualHost>
  45. SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
  46. SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  47. SSLHonorCipherOrder on
  48. SSLCompression off
  49. SSLSessionTickets off
  50. {% if not DEBUG %}
  51. SSLUseStapling on
  52. SSLStaplingResponderTimeout 5
  53. SSLStaplingReturnResponderErrors off
  54. SSLStaplingCache shmcb:/var/run/ocsp(128000)
  55. {% endif %}
  56. ErrorLog /dev/stderr
  57. TransferLog /dev/stdout