# Uncomment this line and set it up with your actual webmaster email # or with your real email. #ServerAdmin webmaster@my-domain.com # Your actual domain name, on witch this virtual host is available. ServerName SITE_HOSTNAME # You may want your site to be available on other domain names, this is # what alias are for. # You can use the * wildcard caracter to match multiple sub-domains. #ServerAlias www2.my-domain.com www.my-other-domain.com *.yet-another-domain.com # The error log and access log. This can be used by awstats # Note : since we keed theses logs in /var/log/apache2, they are # automaticaly rotated by logrotate :D. ErrorLog /var/log/apache2/SITE_HOSTNAME-error.log LogLevel warn CustomLog /var/log/apache2/SITE_HOSTNAME-access.log combined # # SSL magic # # We enable the SSL engine. Without this line, we use HTTP, not HTTPS. SSLEngine On # We allow only "high" and "medium" security key lengths. SSLCipherSuite HIGH:MEDIUM # We allow SSLv3 and TLSv1 only, we reject the old SSLv2. SSLProtocol all -SSLv2 # Server public certificate file: SSLCertificateFile /etc/apache2/ssl/https_cert.cert # Server private key file: SSLCertificateKeyFile /etc/apache2/ssl/https_key.pem # Theses lines only apply of the rewrite module is enabled. # This is a security enhancement recommanded by the nessus tool. RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # Do not ever never comment this line ! # This line prevent your web server to be used # as a proxy server by lurkers and other lamers. ProxyRequests Off # This little option pass the hostname to the proxyfied server. # This allow you to setup virtual hosts on the proxyfied server. # Yay ! This can be a life saver, so trust me, you want this option On. ProxyPreserveHost On # Here is the magic that proxyfy the LAN server. # The first line is .... i don't remember what... # but trust me, it is usefull ;p. # The second line is a rewrite rule that do the proxy # magic. I was used to use a ProxyPass rule to do this work, but it # turned out that sometimes ProxyPass give you a 503 error when under # heavy load. The RewriteRule does not have this flow. ProxyPassReverse / SITE_BEHIND RewriteRule ^/(.*) SITE_BEHIND$1 [P,L] # WARNING : the two alernatives below can be avoided easyly by setting # up a virtual host on the proxyfied server. This is the path you should # follow. The solutions below are very ugly hacks. # This first solution is for site that can work from the root of the URL # but keep giving URI that is the one from the proxyfied server. # It redirect every request to the root of the virtual host. # This way the user always see the site being at the root of the server. # # To use this, comment all ProxyPass and RewriteRule lines of this file, # and uncomment the following 3 lines. #ProxyPassReverse / SITE_BEHIND #RewriteRule ^SITE_BEHIND_URI/(.*) /$1 [R,L] #RewriteRule ^/(.*) SITE_BEHIND$1 [P,L] # This second solution is for sites that can not work from the root of the URL # and keep giving URI that is the one from the proxyfied server. # It redirect every request to the same URI as the one of the virtual host. # This way the user always see the site as it would be if he was accessing it # directly without proxyfying. # # To use this, comment all ProxyPass and RewriteRule lines of this file, # and uncomment the following 3 lines. #ProxyPassReverse / SITE_BEHIND #RewriteRule ^SITE_BEHIND_URI(.*) SITE_BEHIND$1 [P,L] #RewriteRule ^/(.*) SITE_BEHIND_URI/$1 [R,L] # This Location directives allow users to access to the proxyfied contents. # Do not remove this if you want your site to work :). Order deny,allow Allow from all # Your actual domain name, on witch this virtual host is available. # This line is the same as in the HTTPS virtual host. ServerName SITE_HOSTNAME # You may want your site to be available on other domain names, this is # what alias are for. # You can use the * wildcard caracter to match multiple sub-domains. # This line is the same as in the HTTPS virtual host. #ServerAlias www2.my-domain.com www.my-other-domain.com *.yet-another-domain.com # Theses lines only apply of the rewrite module is enabled. # This is a security enhancement recommanded by the nessus tool. RewriteEngine on RewriteCond %{REQUEST_METHOD} ^{TRACE|TRACK} RewriteRule .* - [F] # Redirect every body to the HTTPS site. # This make sure that all users use secure version of the site. # Note the "permanent" : It is good for search engine optimization :D. Redirect permanent / https://SITE_HOSTNAME/