# aa_default.vhost
#
# Apache vhost configuration of a generic default vhost.
# It needs to be the first file in an alphabetical sort of all vhost
# configuration files. If necessary, the naming must be adjusted accordingly.
#
# If desired, a ServerName can be specified. A certificate could then also
# be set up and more detailed information provided. Regardless of this, it
# remains the default configuration as long as this configuration file remains
# the first in an alphabetical sort.
#
# Version 2.2
# LetsEncrypt certificates should be managed by Apache md module.
#==> To activate, remove the leading '#' character
# you need to set an explizit hostname and comment out
# the default distribution provided certificates further down.
#==> Adjust the mail address as appropriate!
#MDContactEmail root@FQN_NAME
#MDCertificateAgreement accepted
#MDomain FQN_NAME
# Secure default fallback virtual WEB host configuration
# If you don't set name here it is inherited from main configuration as
# set in ~/conf.d/customize.conf. If it is not set there either, Apache
# tries to determine ServerName by reverse DNS request.
#ServerName FQN_NAME
#ServerAlias OPTIONAL_ALIAS
#==> Adjust the mail address as appropriate!
ServerAdmin root@localhost
ErrorDocument 403 /errorpages/403-noindex.html
# ##########################################################################
# NOTE: We re-route everything from the insecure site to this secure site!
# ##########################################################################
# ====================================================================
# Certificates configuration
# ====================================================================
SSLEngine on
# We rely on Fedora's systemwide configuration of SSL security.
# By default, certificates are managed by Apache md module (see above)
# In this case, no certificates needs bo be configured here.
# Otherwise, insert proper certificate configuration here.
# DEFAULT distribution provided, needed for initial startup.
#==> Comment OUT when module md created a certificate or you use custom
# certificates.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# LetsEncrypt certificates managed by certbot (NOT by module md!)
#SSLCertificateFile /etc/letsencrypt/live/DOMAIN_NAME/cert.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/DOMAIN_NAME/chain.pem
# Add your custom certificate here
#SSLCertificateFile /etc/???
#SSLCertificateKeyFile /etc/???
#SSLCertificateChainFile /etc/???
# ===============================================================
# Directory Locations
# ===============================================================
DirectoryIndex index.html
DocumentRoot /var/www/aa_default/htdocs
# Specific to default 2.4 configuration:
# Enable access to server-specific base file location
AllowOverride None
# Allow open access:
Require all granted
# Further relax access to the default document root
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server:
# Allow open access:
Require all granted
# ===============================================================
# Logging configuration
# ===============================================================
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
# NOTE: fail2ban searches for ~/logs/*access_log and ~/logs/*error_log
# to access log files to watch and analyze!
ErrorLog logs/aa_default-ssl_error_log
CustomLog logs/aa_default-ssl_access_log combined
LogLevel warn
# Insecure default fallback virtual WEB host configuration
# If you don't set name here it is inherited from main configuration as
# set in ~/conf.d/customize.conf. If it is not set there either, Apache
# tries to determine ServerName by reverse DNS request.
#ServerName FQN_NAME
#ServerAlias OPTIONAL_ALIAS
ServerAdmin root@FQN_NAME
# ##########################################################################
# NOTE: We re-route everything to the secure site!
# We retain all aliase names for now.
# There is no need for an exception for Let's Encrypt anymore.
# Version 2.x can deal with self-signed certificates and https
# ##########################################################################
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# ===============================================================
# Logging configuration
# ===============================================================
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
# NOTE: fail2ban searches for ~/logs/*access_log and ~/logs/*error_log
# to access log files to watch and analyze!
ErrorLog logs/aa_default-error_log
CustomLog logs/aa_default-access_log combined