ansible/roles/nextcloud/templates/apache2-vhost-ssl.conf

# Configuration for {{ nextcloud_url }}
# vim:ft=apache:

# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off

# Website configuration
<VirtualHost *:80>
	ServerName {{ nextcloud_url }}
	Redirect permanent / https://{{ nextcloud_url }}
</VirtualHost>
<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
	SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
	SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
	SSLProtocol {{ ssl_protocol }}
	SSLCipherSuite {{ ssl_cipher_suite }}
	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
	ServerName {{ nextcloud_url }}
	DocumentRoot {{ nextcloud_webroot }}
	<Directory "{{ nextcloud_webroot }}">
		Require all granted
		AllowOverride All
		Options MultiViews FollowSymlinks
	</Directory>
	<IfModule mod_headers.c>
		Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
	</IfModule>
</VirtualHost>
Copy over SSL configs after certification, fix using the wrong keys 2020-02-05 22:59:14 -06:00			`# Configuration for {{ nextcloud_url }}`
			`# vim:ft=apache:`

			`# Accept connections from non-SNI clients`
			`SSLStrictSNIVHostCheck off`

			`# Website configuration`
			`<VirtualHost *:80>`
			`ServerName {{ nextcloud_url }}`
Enable strict transport security 2020-02-06 03:22:38 -06:00			`Redirect permanent / https://{{ nextcloud_url }}`
Copy over SSL configs after certification, fix using the wrong keys 2020-02-05 22:59:14 -06:00			`</VirtualHost>`
			`<VirtualHost *:443>`
			`SSLEngine on`
			`SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt`
			`SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key`
Add fullchain to configs 2020-02-06 14:14:56 -06:00			`SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt`
Disable outdated TLS versions hopefully this fixes git 2020-06-04 19:35:59 -05:00			`SSLProtocol {{ ssl_protocol }}`
Roll out new cipher suites 2020-06-03 06:07:11 -05:00			`SSLCipherSuite {{ ssl_cipher_suite }}`
Copy over SSL configs after certification, fix using the wrong keys 2020-02-05 22:59:14 -06:00			`<FilesMatch "\.(cgi\|shtml\|phtml\|php)$">\`
			`SSLOptions +StdEnvVars`
			`</FilesMatch>`
			`<Directory /usr/lib/cgi-bin>`
			`SSLOptions +StdEnvVars`
			`</Directory>`
			`ServerName {{ nextcloud_url }}`
			`DocumentRoot {{ nextcloud_webroot }}`
Correct some Apache configs 2020-02-06 00:01:26 -06:00			`<Directory "{{ nextcloud_webroot }}">`
			`Require all granted`
			`AllowOverride All`
			`Options MultiViews FollowSymlinks`
			`</Directory>`
Enable strict transport security 2020-02-06 03:22:38 -06:00			`<IfModule mod_headers.c>`
			`Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"`
			`</IfModule>`
Copy over SSL configs after certification, fix using the wrong keys 2020-02-05 22:59:14 -06:00			`</VirtualHost>`