# Redirect to SSL, except for let's encrypt check
ServerName $_HOSTNAME_
DocumentRoot /var/www/html
CustomLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-access.log combined
ErrorLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-error.log
Options FollowSymLinks
Require all granted
Options -Indexes
RewriteEngine On
# No redirect to https:// for Let's encrypt-check
RewriteRule ^/\.well-known/.* - [L]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}
# Browser Access for Users, use Public Cert (eg. Let's encrypt)
ServerName $_HOSTNAME_
DocumentRoot $_ROOTDIR_/public
RailsEnv $_RAILSENV_
PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.2.3/ruby
ErrorLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-error.log
CustomLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-access.log combined
Options FollowSymLinks
Require all granted
# SSL
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/$_SSLCERTFILE_
SSLCertificateKeyFile /etc/apache2/ssl/$_SSLKEYFILE_
SSLCertificateChainFile /etc/apache2/ssl/$_SSLCHAINFILE_
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
SSLCompression off
SSLVerifyClient none
SSLCACertificateFile "/etc/apache2/ssl/$_UPD89CA_"
SSLVerifyClient require
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
RequestHeader set X-Api-Client-Cert "%{SSL_CLIENT_CERT}s"
RequestHeader set X-Api-Client-CN "%{SSL_CLIENT_S_DN_CN}s"
# API Access for agent, use private CA signed pub/keyfile
ServerName $_HOSTNAME_
DocumentRoot $_ROOTDIR_/public
RailsEnv $_RAILSENV_
PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.2.3/ruby
ErrorLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-error.log
CustomLog ${APACHE_LOG_DIR}/upd89-$_RAILSENV_-access.log combined
Options FollowSymLinks
Require all granted
# SSL
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/$_SSLAPICERTFILE_
SSLCertificateKeyFile /etc/apache2/ssl/$_SSLAPIKEYFILE_
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
SSLCompression off
SSLVerifyClient none
SSLCACertificateFile "/etc/apache2/ssl/$_UPD89CA_"
SSLVerifyClient require
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
RequestHeader set X-Api-Client-Cert "%{SSL_CLIENT_CERT}s"
RequestHeader set X-Api-Client-CN "%{SSL_CLIENT_S_DN_CN}s"
SSLRenegBufferSize 10486000