Make Apache configuration more secure, add SSL cache
This commit is contained in:
parent
be810f09f5
commit
749660e45c
@ -41,7 +41,7 @@ zerotier_network_id: !vault |
|
||||
|
||||
# For geerlingguy.apache
|
||||
apache_remove_default_vhost: yes
|
||||
apache_ssl_cipher_suite: AES256+EECDH:AES256+EDH
|
||||
apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384"
|
||||
apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||
|
||||
# For geerlingguy.php
|
||||
|
@ -9,6 +9,7 @@ apache_mods_enabled:
|
||||
- proxy_fcgi.load
|
||||
- proxy_http.load
|
||||
- rewrite.load
|
||||
- socache_shmcb.load
|
||||
- ssl.load
|
||||
apache_mods_disabled:
|
||||
- mpm_event.load
|
||||
@ -17,6 +18,8 @@ apache_mods_disabled:
|
||||
apache_global_vhost_settings: |
|
||||
DirectoryIndex index.php index.html
|
||||
Protocols h2 http/1.1
|
||||
SSLSessionCache shmcb:/run/apache2/socache
|
||||
SSLSessionCacheTimeout 300
|
||||
<FilesMatch \.php$>
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
</FilesMatch>
|
||||
|
Loading…
Reference in New Issue
Block a user