pbarriat
/
Brevet


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
							################################################################################
# This file was generated by Ansible for {{ansible_fqdn}}
# Do NOT modify this file by hand!
################################################################################

{% if nextcloud_install_tls and nextcloud_tls_enforce %}
{% for domain in nextcloud_trusted_domain %}
<VirtualHost *:80>
  ServerName {{ domain }}
  Redirect permanent / https://{{ domain | ansible.utils.ipwrap }}/
</VirtualHost>
{% endfor %}
{% else %}
<VirtualHost *:80>
  ServerName {{ nextcloud_trusted_domain[0] }}
{% for index in range(1, nextcloud_trusted_domain|length) %}
  ServerAlias {{ nextcloud_trusted_domain[index]}}
{% endfor %}
  DocumentRoot {{ nextcloud_webroot }}
  {% if (nextcloud_max_upload_size_in_bytes|int) <= 2147483647-%}
  LimitRequestBody {{ nextcloud_max_upload_size_in_bytes }}
  {% endif -%}
  <Directory {{ nextcloud_webroot }}>
    Allow from all
    Satisfy Any
    Options +FollowSymlinks
    AllowOverride All

   <IfModule mod_dav.c>
    Dav off
   </IfModule>

   SetEnv HOME {{ nextcloud_webroot }}
   SetEnv HTTP_HOME {{ nextcloud_webroot }}

  </Directory>
</VirtualHost>
{% endif %}

{% if nextcloud_install_tls %}
<VirtualHost *:443>
  ServerName {{ nextcloud_trusted_domain[0] }}
{% for index in range(1, nextcloud_trusted_domain|length) %}
  ServerAlias {{ nextcloud_trusted_domain[index]}}
{% endfor %}
  DocumentRoot {{ nextcloud_webroot }}
  {% if (nextcloud_max_upload_size_in_bytes|int) <= 2147483647-%}
  LimitRequestBody {{ nextcloud_max_upload_size_in_bytes }}
  {% endif -%}
  SSLEngine on
  SSLCertificateFile      {{ nextcloud_tls_cert_file }}
  SSLCertificateKeyFile   {{ nextcloud_tls_cert_key_file }}
{% if nextcloud_tls_cert_chain_file is defined %}
  SSLCertificateChainFile {{ nextcloud_tls_cert_chain_file }}
{% endif %}

  # enable HTTP/2, if available
  Protocols h2 http/1.1

{% if nextcloud_hsts is string %}
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "{{ nextcloud_hsts }}"
  </IfModule>
{% endif %}

  <Directory {{ nextcloud_webroot }}>
    Allow from all
    Satisfy Any
    Options +FollowSymlinks
    AllowOverride All

   <IfModule mod_dav.c>
    Dav off
   </IfModule>

   SetEnv HOME {{ nextcloud_webroot }}
   SetEnv HTTP_HOME {{ nextcloud_webroot }}

  </Directory>
</VirtualHost>
{% endif %}

{% if nextcloud_install_tls %}
{% if nextcloud_mozilla_modern_ssl_profile %}
# modern configuration, tweak to your needs
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
{% else %}
# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
{% endif %}

SSLHonorCipherOrder     off
# SSLSessionTickets       off

SSLCompression          off

# OCSP stapling
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)
{% endif %}