-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapache_ispconfig.vhost.master
More file actions
119 lines (105 loc) · 4.71 KB
/
apache_ispconfig.vhost.master
File metadata and controls
119 lines (105 loc) · 4.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
######################################################
# This virtual host contains the configuration
# for the ISPConfig controlpanel
######################################################
<tmpl_var name="vhost_port_listen"> Listen <tmpl_var name="vhost_port">
NameVirtualHost *:<tmpl_var name="vhost_port">
<VirtualHost _default_:<tmpl_var name="vhost_port">>
ServerAdmin webmaster@localhost
Alias /mail /var/www/ispconfig/mail
<Directory /var/www/ispconfig/>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
<Directory /usr/local/ispconfig/interface/web/>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
<IfModule mod_fcgid.c>
DocumentRoot /var/www/ispconfig/
SuexecUserGroup ispconfig ispconfig
<Directory /var/www/ispconfig/>
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
</FilesMatch>
FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
</Directory>
IPCCommTimeout 7200
MaxRequestLen 15728640
</IfModule>
<IfModule mpm_itk_module>
DocumentRoot /usr/local/ispconfig/interface/web/
AssignUserId ispconfig ispconfig
AddType application/x-httpd-php .php
<Directory /usr/local/ispconfig/interface/web>
# php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
Options +FollowSymLinks
AllowOverride None
<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
Require all granted
<tmpl_else>
Order allow,deny
Allow from all
</tmpl_if>
php_value magic_quotes_gpc 0
</Directory>
</IfModule>
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
<tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
<tmpl_else>
<tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
</tmpl_if>
<tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
<tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
<tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
<tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
<tmpl_var name="ssl_comment">SSLHonorCipherOrder On
<tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
<tmpl_var name="ssl_comment">SSLCompression Off
</tmpl_if>
<tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
<tmpl_var name="ssl_comment">SSLSessionTickets Off
</tmpl_if>
<IfModule mod_headers.c>
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
<tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
<tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
<IfVersion >= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
</IfVersion>
<IfVersion < 2.4.7>
Header set Strict-Transport-Security "max-age=15768000"
</IfVersion>
RequestHeader unset Proxy early
</IfModule>
<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
<tmpl_var name="ssl_comment">SSLUseStapling On
<tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
<tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
</tmpl_if>
# Redirect http to https
ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port;</script><h1>Error 400 - trying to redirect</h1>"
</VirtualHost>