-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapache_apps.vhost.master
More file actions
134 lines (120 loc) · 4.97 KB
/
apache_apps.vhost.master
File metadata and controls
134 lines (120 loc) · 4.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
######################################################
# This virtual host contains the configuration
# for the ISPConfig apps vhost
######################################################
{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
<Directory {tmpl_var name='apps_vhost_dir'}>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
<tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
<tmpl_else>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
</tmpl_if>
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
<tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
<tmpl_var name="ssl_comment">SSLHonorCipherOrder On
<tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
<tmpl_var name="ssl_comment">SSLCompression Off
</tmpl_if>
<tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
<tmpl_var name="ssl_comment">SSLSessionTickets Off
</tmpl_if>
<IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
<tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
<tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
<IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion>
<IfVersion < 2.4.7>
Header set Strict-Transport-Security "max-age=15768000"
</IfVersion>
RequestHeader unset Proxy early
</IfModule>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<tmpl_var name="ssl_comment">SSLUseStapling On
<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
</tmpl_if>
<IfModule mod_headers.c>
RequestHeader unset Proxy early
</IfModule>
<IfModule mod_php5.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
<Directory {tmpl_var name='apps_vhost_dir'}>
Options FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</IfModule>
<IfModule mod_php7.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
<Directory {tmpl_var name='apps_vhost_dir'}>
Options FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
</FilesMatch>
FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
<Location /rspamd>
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
{/tmpl_if}
</VirtualHost>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<IfModule mod_ssl.c>
<tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
</tmpl_if>