ServerName {{ virtual_host }} Redirect permanent / https://{{ virtual_host }}/ ErrorLog /var/log/apache2/{{ virtual_host }}/error_log CustomLog /var/log/apache2/{{ virtual_host }}/access_log common ServerName www.{{ virtual_host }} Redirect permanent / https://{{ virtual_host }}/ ErrorLog /var/log/apache2/{{ virtual_host }}/error_log CustomLog /var/log/apache2/{{ virtual_host }}/access_log common ServerName {{ virtual_host }} DocumentRoot /usr/local/apache2/htdocs/{{ virtual_host }} ScriptAlias /cgi-bin /usr/local/apache2/cgi-bin/{{ virtual_host }} ErrorLog /var/log/apache2/{{ virtual_host }}/error_log CustomLog /var/log/apache2/{{ virtual_host }}/access_log common Require all granted Require all granted ErrorDocument 404 http://{{ virtual_host }}/Bookmarks/notfound.html AddDefaultCharset utf-8 Require all denied ProxyRequests Off SSLEngine off #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" #Header always set X-Content-Type-Options nosniff #Header always set X-Frame-Options DENY #SSLCipherSuite HIGH:MEDIUM:RSA:!EXP:!aNULL:!NULL:+SHA1:+HIGH:+MEDIUM:-LOW SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLCompression off SSLHonorCipherOrder On SSLOptions +StrictRequire SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProxyEngine off #SSLRandomSeed connect file:/dev/urandom 1024 #SSLRandomSeed startup file:/dev/urandom 1024 #SSLSessionCache shm:/var/log/apache2/ssl_cache_shm #SSLSessionCacheTimeout 600 #SSLSessionTickets Off #SSLStaplingCache "shmcb:logs/stapling-cache(150000)" #SSLUseStapling on SSLVerifyClient none #SSLCACertificateFile /etc/apache2/ssl/CA.crt #SSLCertificateFile /etc/apache2/ssl/{{ virtual_host }}.crt #SSLCertificateKeyFile /etc/apache2/ssl/{{ virtual_host }}.key SSLRequireSSL SSLOptions +StdEnvVars # # AddType application/x-x509-ca-cert .crt # AddType application/x-pkcs7-crl .crl # BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown ServerName www.{{ virtual_host }} Redirect permanent / https://{{ virtual_host }}/ ErrorLog /var/log/apache2/{{ virtual_host }}/error_log CustomLog /var/log/apache2/{{ virtual_host }}/access_log common