Skip to content

Commit

Permalink
Create ssl-enabled.conf
Browse files Browse the repository at this point in the history
  • Loading branch information
@chubing
chubing authored Apr 6, 2020
1 parent 6095fb7 commit d52706e
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions container_files/tier-support/ssl-enabled.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Listen 443 https
<VirtualHost *:443>
RewriteEngine on
RewriteRule "^/$" "/grouper/" [R]
SSLEngine on
#SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

0 comments on commit d52706e

Please sign in to comment.