ServerName pokrok.cz # DocumentRoot /var/www/pokrok # # Options -Indexes # ServerAdmin it@pokrok.cz # ServerPath / # #AddCharset windows-1250 .cp-1250 # php_admin_value default_charset utf-8 # php_flag register_globals On # Redirect permanent / "https://www.pokrok.cz/" Redirect permanent /info24 "https://pokrok.cz/info24" ErrorLog /var/log/apache2/www.pokrok.cz_err.log CustomLog /var/log/apache2/www.pokrok.cz_access.log combined NameVirtualHost pokrok.cz:443 ServerName pokrok.cz DocumentRoot /var/www/pokrok Options -Indexes Options -Indexes Order deny,allow Deny from all Allow from 192.168.1 Options -Indexes Order deny,allow Deny from all Allow from 192.168.1 Alias /beta /var/www/pokrok-beta # Options -Indexes Order deny,allow Deny from all Allow from all Alias /nav /var/www/nod32/v3 ## maintenance handle RewriteEngine On RewriteCond "/var/www/info24.down" -f RewriteRule "^/info24/" - [R=503,L] RewriteCond "/var/www/alfresco.down" -f RewriteRule "^/share/.*" - [R=503,L] RewriteCond "/var/www/alfresco.down" -f RewriteRule "^/share/.*" - [R=503,L] ## proxy integri info24, alfresco SSLProxyEngine on SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off SSLProxyVerify optional_no_ca ProxyPass /info24 https://192.168.1.115/info24 ProxyPassReverse /info24 https://192.168.1.115/info24 ProxyPass /share http://192.168.1.63:8080/share ProxyPassReverse /share http://192.168.1.63:8080/share ProxyPass /alfresco http://192.168.1.63:8080/alfresco ProxyPassReverse /alfresco http://192.168.1.63:8080/alfresco ProxyPass /solr4 http://192.168.1.63:8080/solr4 ProxyPassReverse /solr4 http://192.168.1.63:8080/solr4 # # Order deny,allow # Deny from all # # # Order deny,allow # Deny from all # # # Order deny,allow # Deny from all # # # Order deny,allow # Deny from all # Order deny,allow Deny from all Allow from 192.168.1 Order deny,allow Deny from all Allow from 192.168.1 Order deny,allow Deny from all Allow from 192.168.1 # # Order Deny,Allow # Deny from all # Order Deny,Allow Deny from all Allow from 192.168.1 Order Deny,Allow # ProxyPreserveHost Off # Deny from all # Allow from 94.113.88.108 Allow from 192.168.1 Allow from 192.168.10 Allow from 192.168.20 Allow from 192.168.30 Allow from 192.168.40 Allow from 192.168.50 Order allow,deny ServerAdmin masem@pokrok.cz ErrorLog /var/log/apache2/ssl.pokrok.cz_err.log ServerPath / CustomLog /var/log/apache2/ssl.pokrok.cz_access.log combined #AddCharset windows-1250 .cp-1250 php_admin_value default_charset utf-8 php_flag register_globals On SSLEngine On # SSLCertificateFile /etc/apache2/ssl/www.pokrok.cz.crt # SSLCertificateFile /etc/apache2/ssl/2019www.pokrok.cz.crt # SSLCertificateFile /etc/apache2/ssl/2022www.pokrok.cz.crt # SSLCertificateFile /etc/apache2/ssl/2023www.pokrok.cz.crt # SSLCertificateFile /etc/apache2/ssl/2024www.pokrok.cz.crt SSLCertificateFile /etc/apache2/ssl/2025www.pokrok.cz.crt SSLCertificateKeyFile /etc/apache2/ssl/www.pokrok.cz.key # SSLCACertificateFile /etc/apache2/ssl/thawte_intermediate.crt # SSLCACertificateFile /etc/apache2/ssl/thawte_intermediate.crt # SSLCACertificateFile /etc/apache2/ssl/2019linux_intermediate.crt # SSLCACertificateFile /etc/apache2/ssl/2022linux_intermediate.crt # SSLCACertificateFile /etc/apache2/ssl/2023linux_intermediate.crt # SSLCACertificateFile /etc/apache2/ssl/2024linux_intermediate.crt SSLCACertificateFile /etc/apache2/ssl/2025linux_intermediate.crt SSLHonorCipherOrder on SSLProtocol -all +TLSv1 +TLSv1.2 -SSLv2 -SSLv3 # SSLCipherSuite HIGH:MEDIUM:!aNULL:!eNULL:+SHA1:!MD5:!CAMELLIA:!RC4:!ECDH:+HIGH:+MEDIUM # SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:ECDHE-RSA-AES256-SHA:EDH+aRSA:!aNULL:!eNULL:!LOW:!CAMELLIA:!ECDH:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4 # SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!LOW:!CAMELLIA:!ECDH:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4 SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!CAMELLIA:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" # HSTS (mod_headers is required) (15768000 seconds = 6 months) # Header always set Strict-Transport-Security "max-age=86400" Header always set Strict-Transport-Security "max-age=15768000"