# aa_default.vhost # # Apache vhost configuration of a generic default vhost. # It needs to be the first file in an alphabetical sort of all vhost # configuration files. If necessary, the naming must be adjusted accordingly. # # If desired, a ServerName can be specified. A certificate could then also # be set up and more detailed information provided. Regardless of this, it # remains the default configuration as long as this configuration file remains # the first in an alphabetical sort. # # Version 2.2 # LetsEncrypt certificates should be managed by Apache md module. #==> To activate, remove the leading '#' character # you need to set an explizit hostname and comment out # the default distribution provided certificates further down. #==> Adjust the mail address as appropriate! #MDContactEmail root@FQN_NAME #MDCertificateAgreement accepted #MDomain FQN_NAME # Secure default fallback virtual WEB host configuration # If you don't set name here it is inherited from main configuration as # set in ~/conf.d/customize.conf. If it is not set there either, Apache # tries to determine ServerName by reverse DNS request. #ServerName FQN_NAME #ServerAlias OPTIONAL_ALIAS #==> Adjust the mail address as appropriate! ServerAdmin root@localhost ErrorDocument 403 /errorpages/403-noindex.html # ########################################################################## # NOTE: We re-route everything from the insecure site to this secure site! # ########################################################################## # ==================================================================== # Certificates configuration # ==================================================================== SSLEngine on # We rely on Fedora's systemwide configuration of SSL security. # By default, certificates are managed by Apache md module (see above) # In this case, no certificates needs bo be configured here. # Otherwise, insert proper certificate configuration here. # DEFAULT distribution provided, needed for initial startup. #==> Comment OUT when module md created a certificate or you use custom # certificates. SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # LetsEncrypt certificates managed by certbot (NOT by module md!) #SSLCertificateFile /etc/letsencrypt/live/DOMAIN_NAME/cert.pem #SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem #SSLCertificateChainFile /etc/letsencrypt/live/DOMAIN_NAME/chain.pem # Add your custom certificate here #SSLCertificateFile /etc/??? #SSLCertificateKeyFile /etc/??? #SSLCertificateChainFile /etc/??? # =============================================================== # Directory Locations # =============================================================== DirectoryIndex index.html DocumentRoot /var/www/aa_default/htdocs # Specific to default 2.4 configuration: # Enable access to server-specific base file location AllowOverride None # Allow open access: Require all granted # Further relax access to the default document root # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server: # Allow open access: Require all granted # =============================================================== # Logging configuration # =============================================================== # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. # NOTE: fail2ban searches for ~/logs/*access_log and ~/logs/*error_log # to access log files to watch and analyze! ErrorLog logs/aa_default-ssl_error_log CustomLog logs/aa_default-ssl_access_log combined LogLevel warn # Insecure default fallback virtual WEB host configuration # If you don't set name here it is inherited from main configuration as # set in ~/conf.d/customize.conf. If it is not set there either, Apache # tries to determine ServerName by reverse DNS request. #ServerName FQN_NAME #ServerAlias OPTIONAL_ALIAS ServerAdmin root@FQN_NAME # ########################################################################## # NOTE: We re-route everything to the secure site! # We retain all aliase names for now. # There is no need for an exception for Let's Encrypt anymore. # Version 2.x can deal with self-signed certificates and https # ########################################################################## RewriteEngine On RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # =============================================================== # Logging configuration # =============================================================== # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. # NOTE: fail2ban searches for ~/logs/*access_log and ~/logs/*error_log # to access log files to watch and analyze! ErrorLog logs/aa_default-error_log CustomLog logs/aa_default-access_log combined