2016-08-03 10:09:49 +02:00
|
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
|
|
|
|
|
|
|
Listen 443
|
|
|
|
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
2018-09-28 12:58:15 +02:00
|
|
|
SSLEngine on
|
|
|
|
|
2016-08-03 10:09:49 +02:00
|
|
|
DocumentRoot /usr/share/zabbix/
|
|
|
|
ServerName zabbix
|
|
|
|
DirectoryIndex index.php
|
2018-09-28 12:58:15 +02:00
|
|
|
|
2016-08-03 10:09:49 +02:00
|
|
|
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
|
|
|
AddType application/x-httpd-php-source .phps
|
|
|
|
|
|
|
|
# Enable/Disable SSL for this virtual host.
|
|
|
|
SSLEngine on
|
|
|
|
|
2018-09-28 12:58:15 +02:00
|
|
|
SSLProtocol all -SSLv2 -SSLv3
|
|
|
|
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
|
|
|
SSLHonorCipherOrder on
|
2016-08-03 10:09:49 +02:00
|
|
|
|
|
|
|
SSLCertificateFile /etc/ssl/apache2/ssl.crt
|
|
|
|
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
|
|
|
|
# SSLCACertificatePath /etc/ssl/apache2/chain/
|
2018-09-28 12:58:15 +02:00
|
|
|
|
|
|
|
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
|
|
|
|
Header always set Strict-Transport-Security "max-age=15768000"
|
|
|
|
|
|
|
|
<Directory "/usr/share/zabbix">
|
|
|
|
Options FollowSymLinks
|
|
|
|
AllowOverride None
|
|
|
|
Require all granted
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory "/usr/share/zabbix/conf">
|
|
|
|
Require all denied
|
|
|
|
<files *.php>
|
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
</files>
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory "/usr/share/zabbix/app">
|
|
|
|
Require all denied
|
|
|
|
<files *.php>
|
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
</files>
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory "/usr/share/zabbix/include">
|
|
|
|
Require all denied
|
|
|
|
<files *.php>
|
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
</files>
|
|
|
|
</Directory>
|
|
|
|
|
|
|
|
<Directory "/usr/share/zabbix/local">
|
|
|
|
Require all denied
|
|
|
|
<files *.php>
|
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
</files>
|
|
|
|
</Directory>
|
2016-08-03 10:09:49 +02:00
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|