ServerName {{ cgit_domain }} Redirect permanent / https://{{ cgit_domain }}/ ServerName {{ cgit_domain }} SSLEngine on SSLProtocol ALL -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem Header add Strict-Transport-Security "max-age=15768000; includeSubdomains" DocumentRoot /var/www/htdocs/cgit/ AllowOverride None Options +ExecCGI Order allow,deny Allow from all Alias /cgit.png /var/www/htdocs/cgit/cgit.png Alias /cgit.css /var/www/htdocs/cgit/cgit.css Alias /favicon.ico /var/www/htdocs/cgit/favicon.ico Alias /robots.txt /var/www/htdocs/cgit/robots.txt ScriptAlias / /var/www/htdocs/cgit/cgit.cgi/ CustomLog /var/log/apache2/cgit_access.log combined ErrorLog /var/log/apache2/cgit_error.log