48 lines
1.8 KiB
Plaintext
48 lines
1.8 KiB
Plaintext
# Harheimer TC Website - HTTPS VirtualHost
|
|
# Speichern unter: /etc/apache2/sites-available/harheimertc.tsschulz.de-ssl.conf
|
|
|
|
<VirtualHost *:443>
|
|
ServerName harheimertc.tsschulz.de
|
|
ServerAdmin admin@tsschulz.de
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/harheimertc-ssl-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/harheimertc-ssl-access.log combined
|
|
|
|
# SSL-Konfiguration
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/harheimertc.tsschulz.de/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/harheimertc.tsschulz.de/privkey.pem
|
|
|
|
# Moderne SSL-Konfiguration
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
|
|
# Security Headers
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
|
Header always set X-Frame-Options DENY
|
|
# X-Content-Type-Options wird vom Nuxt-Server gesetzt
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
|
|
|
|
# Proxy alle Anfragen an Nuxt Server (Port 3100)
|
|
ProxyPreserveHost On
|
|
ProxyPass / http://localhost:3100/
|
|
ProxyPassReverse / http://localhost:3100/
|
|
</VirtualHost>
|
|
|
|
# HTTP zu HTTPS Redirect
|
|
<VirtualHost *:80>
|
|
ServerName harheimertc.tsschulz.de
|
|
ServerAdmin admin@tsschulz.de
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/harheimertc-redirect-error.log
|
|
CustomLog ${APACHE_LOG_DIR}/harheimertc-redirect-access.log combined
|
|
|
|
# Redirect zu HTTPS
|
|
RewriteEngine On
|
|
RewriteCond %{SERVER_NAME} =harheimertc.tsschulz.de
|
|
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
|
|
</VirtualHost>
|