Difference between revisions of "Template:Securevhost.conf"

From EPrints Documentation
Jump to: navigation, search
(Created page with " <VirtualHost *:443> ServerName your.dnshostname.org:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLPro...")
 
m
Line 13: Line 13:
 
   SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH
 
   SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH
 
   
 
   
   SSLCertificateFile /opt/eprints3/archives/REPOID/ssl/your.dnshostname.org.crt
+
   SSLCertificateFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.crt
   SSLCertificateKeyFile /opt/eprints3/archives/REPOID/ssl/your.dnshostname.org.key
+
   SSLCertificateKeyFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.key
   SSLCertificateChainFile /opt/eprints3/archives/REPOID/ssl/your.dnshostname.org.ca-bundle
+
   SSLCertificateChainFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.ca-bundle
 
   
 
   
 
   SetEnvIf User-Agent ".*MSIE.*" \
 
   SetEnvIf User-Agent ".*MSIE.*" \
Line 24: Line 24:
 
     "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
     "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
   
 
   
   Include /opt/eprints3/cfg/apache_ssl/REPOID.conf
+
   Include EPRINTS_PATH/cfg/apache_ssl/REPOID.conf
 
   
 
   
 
   PerlTransHandler +EPrints::Apache::Rewrite
 
   PerlTransHandler +EPrints::Apache::Rewrite
 
   
 
   
 
  </VirtualHost>
 
  </VirtualHost>

Revision as of 17:49, 20 February 2018

<VirtualHost *:443>

  ServerName your.dnshostname.org:443

  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH

  SSLCertificateFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.crt
  SSLCertificateKeyFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.key
  SSLCertificateChainFile EPRINTS_PATH/archives/REPOID/ssl/your.dnshostname.org.ca-bundle

  SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  Include EPRINTS_PATH/cfg/apache_ssl/REPOID.conf

  PerlTransHandler +EPrints::Apache::Rewrite

</VirtualHost>