torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a8423f9c3960bf382376d1d53bdcebbdb857b56c
harheimertc/apache-ssl-config.conf

51 lines
2.2 KiB
Plaintext
Raw Blame History

# Harheimer TC Website - HTTPS VirtualHost
# Speichern unter: /etc/apache2/sites-available/harheimertc.tsschulz.de-ssl.conf
<VirtualHost *:443>
ServerName harheimertc.tsschulz.de
ServerAdmin admin@tsschulz.de
ErrorLog ${APACHE_LOG_DIR}/harheimertc-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/harheimertc-ssl-access.log combined
# SSL-Konfiguration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/harheimertc.tsschulz.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc.tsschulz.de/privkey.pem
# Moderne SSL-Konfiguration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
# Security Headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options SAMEORIGIN
# X-Content-Type-Options wird vom Nuxt-Server gesetzt
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
# Optional: Content Security Policy (zuerst Report-Only testen)
# Header always set Content-Security-Policy-Report-Only "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self'; img-src 'self' data: blob:; connect-src 'self'"
# Proxy alle Anfragen an Nuxt Server (Port 3100)
ProxyPreserveHost On
ProxyPass / http://localhost:3100/
ProxyPassReverse / http://localhost:3100/
</VirtualHost>
# HTTP zu HTTPS Redirect
<VirtualHost *:80>
ServerName harheimertc.tsschulz.de
ServerAdmin admin@tsschulz.de
ErrorLog ${APACHE_LOG_DIR}/harheimertc-redirect-error.log
CustomLog ${APACHE_LOG_DIR}/harheimertc-redirect-access.log combined
# Redirect zu HTTPS
RewriteEngine On
RewriteCond %{SERVER_NAME} =harheimertc.tsschulz.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink