|
@@ -1,10 +1,7 @@
|
1
|
1
|
<VirtualHost *:80>
|
2
|
2
|
ServerName {{ webmail_domain }}
|
3
|
|
-
|
4
|
|
- RewriteEngine on
|
5
|
|
- RewriteCond %{SERVER_PORT} !^443$
|
6
|
|
- RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
|
7
|
|
-
|
|
3
|
+
|
|
4
|
+ Redirect permanent / https://{{ webmail_domain }}/
|
8
|
5
|
</VirtualHost>
|
9
|
6
|
|
10
|
7
|
<VirtualHost *:443>
|
|
@@ -14,10 +11,11 @@
|
14
|
11
|
SSLProtocol ALL -SSLv2
|
15
|
12
|
SSLHonorCipherOrder On
|
16
|
13
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
|
17
|
|
-
|
18
|
14
|
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
|
19
|
15
|
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
|
20
|
16
|
SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem
|
|
17
|
+ Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
|
|
18
|
+
|
21
|
19
|
# Those aliases do not work properly with several hosts on your apache server
|
22
|
20
|
# Uncomment them to use it or adapt them to your configuration
|
23
|
21
|
# Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
|