首页 发现 帮助
登录
pbarriat
/
Brevet
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 6c12c00fc9
分支列表 标签列表
Brevet
/
dev
/
provisioning
/
ansible
/
roles
/
nextcloud
/
templates
/
apache2_nc_conf.j2

apache2_nc_conf.j2 2.4 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. <VirtualHost *:80>
    2. 

  2.   DocumentRoot {{ http_webroot }}/nextcloud
    3. 

  3.   RewriteEngine On
    4. 

  4.   RewriteCond %{SERVER_NAME} ={{ ansible_fqdn }}
    5. 

  5.   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    6. 

  6. </VirtualHost>
    7. 

  7. 

  8. <IfModule mod_ssl.c>
    9. 

  9.   <VirtualHost *:443>
    10. 

  10.     SSLEngine on
    11. 

  11.     SSLOptions +StrictRequire
    12. 

  12.     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
    13. 

  13.     LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
    14. 

  14.     ServerName {{ ansible_fqdn }}
    15. 

  15.     ServerAdmin admin@{{ ansible_fqdn }}
    16. 

  16.     DocumentRoot {{ http_webroot }}/nextcloud
    17. 

  17.     SSLCertificateFile {{ ssl_path }}/{{ ansible_fqdn }}.crt
    18. 

  18.     SSLCertificateKeyFile {{ ssl_path }}/{{ ansible_fqdn }}.key
    19. 

  19.     <Directory {{ http_webroot }}/nextcloud/>
    20. 

  20.       Options +FollowSymlinks
    21. 

  21.       AllowOverride All
    22. 

  22.       <IfModule mod_dav.c>
    23. 

  23.         Dav off
    24. 

  24.       </IfModule>
    25. 

  25.       <Files ".ht*">
    26. 

  26.         Require all denied
    27. 

  27.       </Files>
    28. 

  28.       SetEnv HOME {{ http_webroot }}/nextcloud
    29. 

  29.       SetEnv HTTP_HOME {{ http_webroot }}/nextcloud
    30. 

  30. 

  31.       # Fix zero file sizes
    32. 

  32.       # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
    33. 

  33.       SetEnv proxy-sendcl 1
    34. 

  34. 

  35.       # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
    36. 

  36.       LimitRequestBody 0
    37. 

  37.     </Directory>
    38. 

  38.     <IfModule mod_headers.c>
    39. 

  39.       Header always set Strict-Transport-Security "max-age=15768000; preload"
    40. 

  40.       #Header set Referrer-Policy "strict-origin-when-cross-origin"
    41. 

  41.       #Header set X-Content-Type-Options "nosniff"
    42. 

  42.       #Header always set X-Frame-Options "SAMEORIGIN"
    43. 

  43.     </IfModule>
    44. 

  44.   </VirtualHost>
    45. 

  45. 

  46.   {% if ssl_status is sameas true %}
    47. 

  47.   SSLProtocol -all +TLSv1.3 +TLSv1.2
    48. 

  48.   {% else %}
    49. 

  49.   SSLProtocol -all +TLSv1.2
    50. 

  50.   {% endif %}
    51. 

  51.   SSLCipherSuite TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
    52. 

  52.   SSLHonorCipherOrder on
    53. 

  53.   SSLCompression off
    54. 

  54.   SSLSessionTickets off
    55. 

  55.   SSLUseStapling off
    56. 

  56.   SSLStaplingResponderTimeout 5
    57. 

  57.   SSLStaplingReturnResponderErrors off
    58. 

  58.   SSLStaplingCache shmcb:/var/run/ocsp(128000)
    59. 

  59.   {% if web_status is sameas true %}
    60. 

  60.   SSLOpenSSLConfCmd Curves X448:secp521r1:secp384r1:prime256v1
    61. 

  61.   SSLOpenSSLConfCmd ECDHParameters secp384r1
    62. 

  62.   SSLOpenSSLConfCmd DHParameters "{{ ssl_path }}/dhparams.pem"
    63. 

  63.   {% endif %}  
    64. 

  64.   SSLRandomSeed startup file:/dev/urandom 1024
    65. 

  65.   SSLRandomSeed connect file:/dev/urandom 1024
    66. 

  66. </IfModule>
    67.