2023-12-19 19:38:26 +08:00
|
|
|
# SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
2023-12-06 15:24:32 +08:00
|
|
|
# This file is included strictly as an example of how Apache httpd can be
|
|
|
|
# configured to work with CryptPad. If you are using CryptPad in production
|
|
|
|
# and require professional support please contact sales@cryptpad.fr
|
|
|
|
|
|
|
|
# This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy,
|
|
|
|
# mod_proxy_http and mod_headers
|
|
|
|
|
|
|
|
Listen 443
|
|
|
|
|
|
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
|
|
SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
|
|
SSLHonorCipherOrder off
|
|
|
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
|
|
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
2023-12-06 15:53:18 +08:00
|
|
|
SSLSessionCache "shmcb:logs/ssl_scache(512000)"
|
2023-12-06 15:24:32 +08:00
|
|
|
SSLSessionCacheTimeout 86400
|
|
|
|
SSLSessionTickets off
|
|
|
|
SSLUseStapling on
|
|
|
|
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerName cryptpad.your-domain.com
|
|
|
|
ServerAlias sandbox.your-domain.com
|
|
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem
|
|
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
|
|
|
|
BrowserMatch "MSIE [2-5]" \
|
|
|
|
nokeepalive ssl-unclean-shutdown \
|
|
|
|
downgrade-1.0 force-response-1.0
|
|
|
|
Protocols h2 http/1.1
|
2024-04-16 22:24:53 +08:00
|
|
|
AddType application/javascript mjs
|
2024-05-25 11:09:10 +08:00
|
|
|
<Location "/">
|
|
|
|
LimitRequestBody 157286400
|
|
|
|
ProxyPass http://localhost:3000/ upgrade=websocket
|
|
|
|
ProxyPassReverse http://localhost:3000/
|
|
|
|
</Location>
|
|
|
|
<Location "/cryptpad_websocket">
|
2024-06-22 21:02:50 +08:00
|
|
|
ProxyPass http://localhost:3003/ upgrade=websocket
|
2024-05-25 11:09:10 +08:00
|
|
|
ProxyPassReverse http://localhost:3003/
|
|
|
|
</Location>
|
2023-12-06 15:24:32 +08:00
|
|
|
</VirtualHost>
|