Difference between revisions of "Template:Securevhost.conf"

From EPrints Documentation
Jump to: navigation, search
m
m
Line 14: Line 14:
 
   
 
   
 
   SSLCertificateFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.crt
 
   SSLCertificateFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.crt
   SSLCertificateKeyFile EPRINTS_PATH/archives/REPOID/ssl/ YOUR-REPOSITORY-DOMAIN.key
+
   SSLCertificateKeyFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.key
   SSLCertificateChainFile EPRINTS_PATH/archives/REPOID/ssl/ YOUR-REPOSITORY-DOMAIN.ca-bundle
+
   SSLCertificateChainFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.ca-bundle
 
   
 
   
 
   SetEnvIf User-Agent ".*MSIE.*" \
 
   SetEnvIf User-Agent ".*MSIE.*" \

Revision as of 17:53, 20 February 2018

<VirtualHost *:443>

  ServerName YOUR-REPOSITORY-DOMAIN:443

  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH

  SSLCertificateFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.crt
  SSLCertificateKeyFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.key
  SSLCertificateChainFile EPRINTS_PATH/archives/REPOID/ssl/YOUR-REPOSITORY-DOMAIN.ca-bundle

  SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  Include EPRINTS_PATH/cfg/apache_ssl/REPOID.conf

  PerlTransHandler +EPrints::Apache::Rewrite

</VirtualHost>
Retrieved from ‘https://wiki.eprints.org/w/index.php?title=Template:Securevhost.conf&oldid=12715