<VirtualHost *:80>
	ServerAdmin support@your.company.com
	ServerName site.your.company.com

	# Support for lets encrypt
	Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"


	# force over https, always
        RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost> <VirtualHost *:443> ServerAdmin support@your.company.com ServerName site.your.company.com SSLEngine On SSLCertificateKeyFile /etc/ssl/certs/site.your.company.com.key SSLCertificateFile /etc/ssl/certs/site.your.company.com.crt SSLCertificateChainFile /etc/ssl/certs/ca-bundle.crt # Harden SSL/TLS Security SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLStrictSNIVHostCheck off SSLHonorCipherOrder on SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:!MEDIUM:!LOW DocumentRoot /var/www/vhosts/site.your.company.com AllowOverride All # Controls who can get stuff from this server. Order allow,deny Allow from all Order allow,deny Allow from all ErrorLog /var/log/httpd/site.your.company.com.error.log CustomLog /var/log/httpd/site.your.company.com.access.log combined </VirtualHost>

 

Advertisements