Google Git
Sign in
apache / spamassassin / 7a861d81964fe7060e32a9e7982e87cd056726ca / . / build / automc / apache2-le-ssl.conf
blob: ac580a5282bc178baa29aec68909b4b306eddc30 [file] [log] [blame]
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
SSLStaplingCache "shmcb:/var/log/apache2/stapling-cache(32768)"
<VirtualHost *:80>
ServerName ruleqa.spamassassin.org
ServerAlias ruleqa-trunk.spamassassin.org
ServerAlias ruleqa-stable.spamassassin.org
ErrorLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-error.log
CustomLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-access.log combined
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName ruleqa.spamassassin.org
ServerAlias ruleqa-trunk.spamassassin.org
ServerAlias ruleqa-stable.spamassassin.org
ErrorLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ruleqa.spamassassin.org-ssl-access.log combined
DocumentRoot /var/www/ruleqa.spamassassin.org
ServerAdmin webmaster@spamassassin.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/spamassassin.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/spamassassin.org/privkey.pem
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1f&hsts=false&guideline=5.4
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
<Directory /var/www/ruleqa.spamassassin.org>
Options Indexes FollowSymLinks ExecCGI
AllowOverride Indexes
Require all granted
</Directory>
<Directory /usr/local/spamassassin/automc/svn/masses/rule-qa/automc>
AllowOverride None
Options ExecCGI SymLinksIfOwnerMatch
Require all granted
</Directory>
ScriptAlias /ruleqa.cgi /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/ruleqa.cgi
RewriteEngine On
# debugging:
# RewriteLogLevel 9
# RewriteLog /var/apache2/logs/rewrite_log
# "%2F" is used to grep rule subsets, allow it
AllowEncodedSlashes On
# Redirect nagios to simple ok page
RewriteCond %{HTTP_USER_AGENT} ^check_http
RewriteRule .* /ok.html [L]
# Disallow some pesky robots
RewriteCond %{REMOTE_ADDR} !^(?:127\.0\.0\.1|10\..*)$
RewriteCond %{REQUEST_URI} !=/robots.txt
RewriteCond %{HTTP_USER_AGENT} "(?:Bot|Spider|Crawl)" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "(?:Chrome/4|Firefox/4)"
RewriteRule ^ - [F]
# Serve cached index for all except ourselves (/usr/local/bin/updateRuleqaIndex.sh)
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^$
RewriteCond %{REMOTE_ADDR} !^(?:127\.0\.0\.1|10\..*)$
RewriteRule .* /index_cached.html [L]
# Index: straight through
RewriteRule ^/$ /ruleqa.cgi [PT,L]
# Aliases
RewriteRule ^/ruleqa\.css$ /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/ruleqa.css [L]
RewriteRule ^/sorttable\.js$ /usr/local/spamassassin/automc/svn/masses/rule-qa/automc/sorttable.js [L]
# Satisfy local files
RewriteCond /var/www/ruleqa.spamassassin.org/%{REQUEST_FILENAME} !-d
RewriteCond /var/www/ruleqa.spamassassin.org/%{REQUEST_FILENAME} !-f
# Otherwise the CGI, only send known urls
RewriteCond %{REQUEST_URI} !^/ruleqa\.cgi$
RewriteRule ^/((?:20\d\d|last-|\d+-days-ago|today).*) /ruleqa.cgi/$1 [PT,L]
</VirtualHost>
</IfModule>