AddDefaultCharset UTF-8 ServerAdmin some.email@comain.de DocumentRoot "/var/www/vhosts/jango104.domain.de" ServerName jango104.domain.de ServerAlias jango104.domain.world jango104.domain.de jango104 ErrorLog "/var/log/httpd/jango104.domain.de-error.log" CustomLog "/var/log/httpd/jango104.domain.de-access.log" common RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] ServerAdmin some.email@domain.de DocumentRoot "/var/www/vhosts/jango104.domain.de" ServerName jango104.domain.de ServerAlias jango104.domain.world jango104.domain.de jango104 Alias "/errors" "/var/www/errors" ErrorLog "/var/log/httpd/jango104.domain.de-ssl-error.log" CustomLog "/var/log/httpd/jango104.domain.de-ssl-access.log" common ErrorDocument 401 "/errors/401.html" ErrorDocument 403 "/errors/403.html" ErrorDocument 404 "/errors/404.html" Options FollowSymLinks AllowOverride none Options -Indexes AllowOverride None Require all granted Options Indexes FollowSymLinks MultiViews IndexOptions +ShowForbidden +NameWidth=* AllowOverride None Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks Multiviews IndexOptions +ShowForbidden +Namewidth=* AllowOverride all Require all granted Options Indexes FollowSymlinks MultiViews IndexOptions +NameWidth=* AllowOverride None AuthType Basic AuthName "gibe login" AuthBasicProvider file AuthUserFile "/etc/httpd/htaccess.d/redhat" Require user company Require valid-user Options Indexes FollowSymlinks MultiViews IndexOptions +NameWidth=* AllowOverride None AuthType Basic AuthName "gibe login" AuthBasicProvider file AuthUserFile "/etc/httpd/htaccess.d/redhat" Require user company Require valid-user SSLEngine on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLHonorCipherOrder on SSLCipherSuite PROFILE=SYSTEM SSLProxyCipherSuite PROFILE=SYSTEM # Feck snakeoil. Root CA and Intermed CA from root server, cert is a) chained and b) set up with higher ciphers. # (Although, admittedly, there's way worse snakeoils than on Fedora 27, but still it's snakeoil.) SSLCertificateFile /etc/pki/tls/certs/jango104.crt SSLCertificateKeyFile /etc/pki/tls/private/jango104.key #SSLCertificateChainFile /etc/pki/tls/certs/jango104.crt #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0