-
Notifications
You must be signed in to change notification settings - Fork 1
ShalonServerConfiguration
Max edited this page Aug 23, 2018
·
1 revision
Based on Mozilla SSL Configuration Generator und Configuring Apache to Tunnel SSH Through an HTTP Web-Proxy with Proxytunnel.
Listen 8443
<VirtualHost *:8443>
ServerName host.domain
SSLEngine on
SSLCertificateFile "/path/to/ssl-certificate"
SSLCertificateKeyFile "/path/to/ssl-privkey"
SSLOpenSSLConfCmd ECDHParameters prime256v1
SSLProtocol TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
# Prefer the most secure ciphers supported
SSLHonorCipherOrder on
# Deactivate compression to prevent CRIME attack
SSLCompression off
# Prevent session tickets that might identify the user
SSLSessionTickets off
# Only allow CONNECT requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^CONNECT [NC]
RewriteRule ^/(.*)$ - [F,L]
ProxyRequests On
ProxyBadHeader Ignore
ProxyVia Full
# Only allow establishing connections to HTTPS
AllowCONNECT 443
<Proxy>
Require all granted
</Proxy>
</VirtualHost>