add apache tls config

2023-05-23 09:54:21 +02:00 · 2023-05-23 09:54:21 +02:00 · 46446f69d8
parent 90bd9dde1d
commit 46446f69d8
1 changed files with 41 additions and 0 deletions
--- a/roles/apache/templates/wordpress-site.conf.j2
+++ b/roles/apache/templates/wordpress-site.conf.j2
@ -17,3 +17,44 @@

 </VirtualHost>

+<VirtualHost *:10000>
+	DocumentRoot /var/www/html/wordpress
+
+	LogLevel info ssl:warn
+	LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	SSLEngine on
+	SSLCertificateFile "{{ nginx_cert_position }}"
+	SSLCertificateKeyFile "{{ nginx_key_position }}"
+	SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
+	SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+	SSLHonorCipherOrder on
+	SSLCompression      off
+	SSLSessionTickets   off
+
+	<Directory /var/www/html/wordpress/>
+		<RequireAny>
+			Require ip 127.0.0.1
+			Require ip 192.168.2.0/24
+		</RequireAny>
+		Options -Indexes
+		LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so
+		AuthType Kerberos
+		AuthName "KERBEROS AUTHENTICATION"
+		KrbAuthRealms EPITAF.LOCAL
+		Krb5Keytab /etc/krb5.keytab
+		KrbMethodNegotiate Off
+		KrbSaveCredentials Off
+		KrbVerifyKDC Off
+		Require valid-user
+		AllowOverride All
+	</Directory>
+
+	<IfModule mod_dir.c>
+	DirectoryIndex index.php index.html
+	</IfModule>
+</VirtualHost>
+