# Uncomment this line and set it up with your actual webmaster email
# or with your real email.
#ServerAdmin webmaster@my-domain.com
# Your actual domain name, on witch this virtual host is available.
ServerName SITE_HOSTNAME
# You may want your site to be available on other domain names, this is
# what alias are for.
# You can use the * wildcard caracter to match multiple sub-domains.
#ServerAlias www2.my-domain.com www.my-other-domain.com *.yet-another-domain.com
# The error log and access log. This can be used by awstats
# Note : since we keed theses logs in /var/log/apache2, they are
# automaticaly rotated by logrotate :D.
ErrorLog /var/log/apache2/SITE_HOSTNAME-error.log
LogLevel warn
CustomLog /var/log/apache2/SITE_HOSTNAME-access.log combined
#
# SSL magic
#
# We enable the SSL engine. Without this line, we use HTTP, not HTTPS.
SSLEngine On
# We allow only "high" and "medium" security key lengths.
SSLCipherSuite HIGH:MEDIUM
# We allow SSLv3 and TLSv1 only, we reject the old SSLv2.
SSLProtocol all -SSLv2
# Server public certificate file:
SSLCertificateFile /etc/apache2/ssl/https_cert.cert
# Server private key file:
SSLCertificateKeyFile /etc/apache2/ssl/https_key.pem
# Theses lines only apply of the rewrite module is enabled.
# This is a security enhancement recommanded by the nessus tool.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# Do not ever never comment this line !
# This line prevent your web server to be used
# as a proxy server by lurkers and other lamers.
ProxyRequests Off
# This little option pass the hostname to the proxyfied server.
# This allow you to setup virtual hosts on the proxyfied server.
# Yay ! This can be a life saver, so trust me, you want this option On.
ProxyPreserveHost On
# Here is the magic that proxyfy the LAN server.
# The first line is .... i don't remember what...
# but trust me, it is usefull ;p.
# The second line is a rewrite rule that do the proxy
# magic. I was used to use a ProxyPass rule to do this work, but it
# turned out that sometimes ProxyPass give you a 503 error when under
# heavy load. The RewriteRule does not have this flow.
ProxyPassReverse / SITE_BEHIND
RewriteRule ^/(.*) SITE_BEHIND$1 [P,L]
# WARNING : the two alernatives below can be avoided easyly by setting
# up a virtual host on the proxyfied server. This is the path you should
# follow. The solutions below are very ugly hacks.
# This first solution is for site that can work from the root of the URL
# but keep giving URI that is the one from the proxyfied server.
# It redirect every request to the root of the virtual host.
# This way the user always see the site being at the root of the server.
#
# To use this, comment all ProxyPass and RewriteRule lines of this file,
# and uncomment the following 3 lines.
#ProxyPassReverse / SITE_BEHIND
#RewriteRule ^SITE_BEHIND_URI/(.*) /$1 [R,L]
#RewriteRule ^/(.*) SITE_BEHIND$1 [P,L]
# This second solution is for sites that can not work from the root of the URL
# and keep giving URI that is the one from the proxyfied server.
# It redirect every request to the same URI as the one of the virtual host.
# This way the user always see the site as it would be if he was accessing it
# directly without proxyfying.
#
# To use this, comment all ProxyPass and RewriteRule lines of this file,
# and uncomment the following 3 lines.
#ProxyPassReverse / SITE_BEHIND
#RewriteRule ^SITE_BEHIND_URI(.*) SITE_BEHIND$1 [P,L]
#RewriteRule ^/(.*) SITE_BEHIND_URI/$1 [R,L]
# This Location directives allow users to access to the proxyfied contents.
# Do not remove this if you want your site to work :).
Order deny,allow
Allow from all
# Your actual domain name, on witch this virtual host is available.
# This line is the same as in the HTTPS virtual host.
ServerName SITE_HOSTNAME
# You may want your site to be available on other domain names, this is
# what alias are for.
# You can use the * wildcard caracter to match multiple sub-domains.
# This line is the same as in the HTTPS virtual host.
#ServerAlias www2.my-domain.com www.my-other-domain.com *.yet-another-domain.com
# Theses lines only apply of the rewrite module is enabled.
# This is a security enhancement recommanded by the nessus tool.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^{TRACE|TRACK}
RewriteRule .* - [F]
# Redirect every body to the HTTPS site.
# This make sure that all users use secure version of the site.
# Note the "permanent" : It is good for search engine optimization :D.
Redirect permanent / https://SITE_HOSTNAME/