-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathextra-ssl-hosts.conf
89 lines (78 loc) · 2.92 KB
/
extra-ssl-hosts.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Listen 1201
Listen 1202
Listen 1203
Listen 1204
Listen 1205
Listen 1206
Listen 1207
Listen 1208
<IfModule mod_headers.c>
<Directory />
Header always set X-XSS-Protection "1; mode=block"
Header always set x-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
Header always set Referrer-Policy "strict-origin"
</Directory>
</IfModule>
<VirtualHost _default_:1201>
SSLEngine on
SSLProtocol all -SSLv3 -SSLv2
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/alltlscert.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/alltlscert.example.com.key"
</VirtualHost>
<VirtualHost _default_:1202>
SSLEngine on
SSLProtocol -all +SSLv3
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/onlysslv3.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/onlysslv3.example.com.key"
</VirtualHost>
<VirtualHost _default_:1203>
SSLEngine on
SSLCipherSuite SSLv2
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/onlysslv2.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/onlysslv2.example.com.key"
</VirtualHost>
<VirtualHost _default_:1204>
SSLEngine on
SSLProtocol -all +SSLv2 +SSLv3
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/allssl.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/allssl.example.com.key"
</VirtualHost>
<VirtualHost _default_:1205>
SSLEngine on
SSLProtocol -all +TLSv1
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/onlytlsv1.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/onlytlsv1.example.com.key"
</VirtualHost>
<VirtualHost _default_:1206>
SSLEngine on
SSLProtocol -all +TLSv1.1
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/tlsv1and1.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/tlsv1and1.example.com.key"
</VirtualHost>
<VirtualHost _default_:1207>
<IfModule mod_headers.c>
<Directory />
Header always set X-XSS-Protection "1; mode=block"
Header always set x-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
Header always set Referrer-Policy "strict-origin"
Header always set Feature-Policy "vibrate 'none'; geolocation 'none'"
</Directory>
</IfModule>
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder on
SSLCertificateFile "/opt/httpd_alpine/certs/onlytlsv2.example.com.crt"
SSLCertificateKeyFile "/opt/httpd_alpine/certs/onlytlsv2.example.com.key"
</VirtualHost>