blob: d7c7507f4efe5eb496911b5c1881e6d362446f09 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# Managed via ansbile, do not edit!
<VirtualHost *:80>
ServerName {{ hostname }}
ServerAdmin webmaster@linaro.org
CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
LogLevel info
DocumentRoot {{ install_base }}/{{ hostname }}
Alias /bugzilla {{ install_base }}/{{ hostname }}/
<Directory "{{ install_base }}/{{ hostname }}">
AddHandler cgi-script cgi
Options +ExecCGI +FollowSymLinks +Indexes
DirectoryIndex index.cgi
AllowOverride Limit FileInfo Indexes Options
Require all granted
</Directory>
ExpiresActive On
ExpiresDefault "access plus 300 seconds"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header append Cache-Control "no-transform"
<FilesMatch "\.(html|htm)$">
Header add Cache-Control "must-revalidate"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header add Cache-Control "max-age=5356800"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</FilesMatch>
KeepAlive On
KeepAliveTimeout 9
MaxKeepAliveRequests 150
</VirtualHost>
<VirtualHost *:443>
ServerName {{ hostname }}
ServerAdmin webmaster@linaro.org
DocumentRoot {{ install_base }}/{{ hostname }}
<Directory "{{ install_base }}/{{ hostname }}">
AddHandler cgi-script cgi
Options +ExecCGI +FollowSymLinks +Indexes
DirectoryIndex index.cgi index.html
AllowOverride Limit FileInfo Indexes Options
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/{{ hostname }}-access.log combined
ErrorLog ${APACHE_LOG_DIR}/{{ hostname }}-error.log
LogLevel info
KeepAlive On
KeepAliveTimeout 9
MaxKeepAliveRequests 150
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:\
EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:\
!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:\
CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA"
SSLCertificateFile /etc/ssl/certs/{{ hostname }}.pem
SSLCertificateKeyFile /etc/ssl/private/{{ hostname }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "{{ install_base }}/ {{ hostname }}">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ExpiresActive On
ExpiresDefault "access plus 300 seconds"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
Header always set Strict-Transport-Security "max-age=63072000"
Header append Cache-Control "no-transform"
<FilesMatch "\.(html|htm)$">
Header add Cache-Control "must-revalidate"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header add Cache-Control "max-age=5356800"
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary
</FilesMatch>
</VirtualHost>
|