Overview

File 0000-default-ssl.conf of Package vicibox-install

<VirtualHost _default_:443>
	ServerAdmin support@vicibox.local
	ServerName vicibox.local
	DocumentRoot /srv/www/htdocs
	ErrorLog /var/log/apache2/error_log
	CustomLog /var/log/apache2/access_log combined
	#CustomLog /dev/null combined
	HostnameLookups Off
	UseCanonicalName Off
	ServerSignature Off
	TraceEnable Off
	Include /etc/apache2/conf.d/*.conf
	DirectoryIndex index.html index.php index.htm

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl.crt/vicibox.crt
	#SSLCACertificateFile /etc/apache2/ssl.crt/CAchain.crt
	SSLCertificateKeyFile /etc/apache2/ssl.key/vicibox.key

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

	<Files ~ "^\.ht">
		Require all denied
	</Files>
	<Files ~ "opcache.php">
		Require ip 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 127.0.0.1
	</Files>

	<Directory "/srv/www/htdocs">
		Options -Indexes +FollowSymLinks
		AllowOverride None
		Require all granted
	</Directory>

	### Below is for PCI WebDSS scans, but will likely break ViciDial
	#<IfModule mod_headers.c>
	#	Header always set X-Frame-Options: DENY
	#	Header always set X-XSS-Protection "1; mode=block"
	#	Header always set X-Content-Type-Options: nosniff
	#	Header always set Content-Security-Policy "script-src 'self'; object-src 'self'"
	#	Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
	#</IfModule>

</VirtualHost>
openSUSE Build Service is sponsored by
Places