extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-03-12 13:28:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
f4751fcc80
zabbix-docker/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
Alexey Pustovalov ecdcf6d609 Migrate to PHP-FPM for all Web images
2025-01-14 16:32:43 +09:00

106 lines
3.0 KiB
Plaintext
Raw Blame History

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Listen 8443
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
<VirtualHost *:8443>
# Enable/Disable SSL for this virtual host.
SSLEngine on
# intermediate configuration
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
<LocationMatch "/(ping|status)">
Require all granted
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Require all granted
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory>
<Directory "/usr/share/zabbix/conf">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
<Directory "/usr/share/zabbix/app">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
<Directory "/usr/share/zabbix/local">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
<Directory "/usr/share/zabbix/locale">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
<Directory "/usr/share/zabbix/vendor">
Require all denied
<files *.php>
Require all denied
</files>
</Directory>
</VirtualHost>
Reference in New Issue View Git Blame Copy Permalink