thomas
/
sovereign


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
							<VirtualHost *:80> 
    ServerName {{ webmail_domain }}

    Redirect permanent / https://{{ webmail_domain }}/
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ webmail_domain }}

    SSLEngine on
    SSLProtocol ALL -SSLv2
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
    SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
    SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
    SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"

    # Those aliases do not work properly with several hosts on your apache server
    # Uncomment them to use it or adapt them to your configuration
    #    Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
    #    Alias /roundcube /var/lib/roundcube

    # Access to tinymce files
    DocumentRoot /var/lib/roundcube 
    <Directory "/usr/share/tinymce/www/">
          Options Indexes MultiViews FollowSymLinks
          AllowOverride None
          Order allow,deny
          allow from all
    </Directory>

    <Directory /var/lib/roundcube/>
      Options +FollowSymLinks
      # This is needed to parse /var/lib/roundcube/.htaccess. See its
      # content before setting AllowOverride to None.
      AllowOverride All
      order allow,deny
      allow from all
    </Directory>

    # Protecting basic directories:
    <Directory /var/lib/roundcube/config>
            Options -FollowSymLinks
            AllowOverride None
    </Directory>

    <Directory /var/lib/roundcube/temp>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    <Directory /var/lib/roundcube/logs>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    CustomLog /var/log/apache2/webmail_access.log combined 
    ErrorLog /var/log/apache2/webmail_error.log 
</VirtualHost>