<VirtualHost *:80>
	ServerAdmin support@your.company.com
	ServerName site.your.company.com

	# Support for lets encrypt
	Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"


	# force over https, always
	Redirect permanent / https://site.your.company.com
</VirtualHost>

<VirtualHost *:443>
	ServerAdmin support@your.company.com
	ServerName site.your.company.com

	SSLEngine On
	SSLCertificateKeyFile /etc/ssl/certs/site.your.company.com.key
	SSLCertificateFile /etc/ssl/certs/site.your.company.com.crt
	SSLCertificateChainFile /etc/ssl/certs/ca-bundle.crt

	# Harden SSL/TLS Security
	SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
	SSLStrictSNIVHostCheck off
	SSLHonorCipherOrder on
	SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW


	DocumentRoot /var/www/vhosts/site.your.company.com
        
                AllowOverride All

                # Controls who can get stuff from this server.
                Order allow,deny
                Allow from all
        

	
		Order allow,deny
		Allow from all
	

        ErrorLog /var/log/httpd/site.your.company.com.error.log
        CustomLog /var/log/httpd/site.your.company.com.access.log combined
</VirtualHost>

 

Advertisements