Created
May 31, 2017 21:45
-
-
Save jonathan-dejong/73b16e5bcd695f9919345dc0abba315e to your computer and use it in GitHub Desktop.
host for owncloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerName YOUR-OWNCLOUD-URL | |
RewriteEngine on | |
RewriteCond %{SERVER_NAME} =YOUR-OWNCLOUD-URL | |
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] | |
</VirtualHost> | |
<VirtualHost *:443> | |
# Basics | |
ServerName YOUR-OWNCLOUD-URL | |
ServerAlias www.YOUR-OWNCLOUD-URL | |
# Next line puts ownCloud at the domain root instead of a /owncloud/ subdirectory (e.g. example.com vs. example.com/o$ | |
Alias /owncloud "/var/www/owncloud/" | |
DocumentRoot /var/www/owncloud | |
SSLEngine on | |
SSLCertificateFile /etc/letsencrypt/live/YOUR-OWNCLOUD-URL/cert.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/YOUR-OWNCLOUD-URL/privkey.pem | |
Include /etc/letsencrypt/options-ssl-apache.conf | |
SSLCertificateChainFile /etc/letsencrypt/live/YOUR-OWNCLOUD-URL/chain.pem | |
# Uncomment the following directive when using client certificate authentication | |
#SSLCACertificateFile /path/to/ca_certs_for_client_authentication | |
# HSTS (mod_headers is required) (15768000 seconds = 6 months) | |
Header always set Strict-Transport-Security "max-age=15768000" | |
# ownCloud | |
<Directory /var/www/owncloud/> | |
Options +FollowSymlinks | |
AllowOverride All | |
<IfModule mod_dav.c> | |
Dav off | |
</IfModule> | |
SetEnv HOME /var/www/owncloud | |
SetEnv HTTP_HOME /var/www/owncloud | |
</Directory> | |
</VirtualHost> | |
# intermediate configuration, tweak to your needs | |
SSLProtocol all -SSLv3 | |
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES1$ | |
SSLHonorCipherOrder on | |
SSLCompression off | |
SSLSessionTickets off | |
# OCSP Stapling, only in httpd 2.3.3 and later | |
SSLUseStapling on | |
SSLStaplingResponderTimeout 5 | |
SSLStaplingReturnResponderErrors off | |
SSLStaplingCache shmcb:/var/run/ocsp(128000) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment