Make Apache configuration more secure, add SSL cache

This commit is contained in:
Salt 2021-01-26 05:20:48 -06:00
parent be810f09f5
commit 749660e45c
2 changed files with 4 additions and 1 deletions

View File

@ -41,7 +41,7 @@ zerotier_network_id: !vault |
# For geerlingguy.apache
apache_remove_default_vhost: yes
apache_ssl_cipher_suite: AES256+EECDH:AES256+EDH
apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384"
apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# For geerlingguy.php

View File

@ -9,6 +9,7 @@ apache_mods_enabled:
- proxy_fcgi.load
- proxy_http.load
- rewrite.load
- socache_shmcb.load
- ssl.load
apache_mods_disabled:
- mpm_event.load
@ -17,6 +18,8 @@ apache_mods_disabled:
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
Protocols h2 http/1.1
SSLSessionCache shmcb:/run/apache2/socache
SSLSessionCacheTimeout 300
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>