Make Apache configuration more secure, add SSL cache
This commit is contained in:
parent
be810f09f5
commit
749660e45c
|
@ -41,7 +41,7 @@ zerotier_network_id: !vault |
|
||||||
|
|
||||||
# For geerlingguy.apache
|
# For geerlingguy.apache
|
||||||
apache_remove_default_vhost: yes
|
apache_remove_default_vhost: yes
|
||||||
apache_ssl_cipher_suite: AES256+EECDH:AES256+EDH
|
apache_ssl_cipher_suite: "ECDH:AECDH:!SHA1:!SHA256:!SHA384"
|
||||||
apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
apache_ssl_protocol: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
|
||||||
# For geerlingguy.php
|
# For geerlingguy.php
|
||||||
|
|
|
@ -9,6 +9,7 @@ apache_mods_enabled:
|
||||||
- proxy_fcgi.load
|
- proxy_fcgi.load
|
||||||
- proxy_http.load
|
- proxy_http.load
|
||||||
- rewrite.load
|
- rewrite.load
|
||||||
|
- socache_shmcb.load
|
||||||
- ssl.load
|
- ssl.load
|
||||||
apache_mods_disabled:
|
apache_mods_disabled:
|
||||||
- mpm_event.load
|
- mpm_event.load
|
||||||
|
@ -17,6 +18,8 @@ apache_mods_disabled:
|
||||||
apache_global_vhost_settings: |
|
apache_global_vhost_settings: |
|
||||||
DirectoryIndex index.php index.html
|
DirectoryIndex index.php index.html
|
||||||
Protocols h2 http/1.1
|
Protocols h2 http/1.1
|
||||||
|
SSLSessionCache shmcb:/run/apache2/socache
|
||||||
|
SSLSessionCacheTimeout 300
|
||||||
<FilesMatch \.php$>
|
<FilesMatch \.php$>
|
||||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user