diff options
-rw-r--r-- | etc/apache2/conf-available/local-compression.conf | 22 | ||||
-rw-r--r-- | etc/apache2/conf-available/local-tls.conf | 73 |
2 files changed, 95 insertions, 0 deletions
diff --git a/etc/apache2/conf-available/local-compression.conf b/etc/apache2/conf-available/local-compression.conf new file mode 100644 index 0000000..03d4299 --- /dev/null +++ b/etc/apache2/conf-available/local-compression.conf @@ -0,0 +1,22 @@ +# TODO: support serving pre-compressed files using Multi-Views +# <https://kevinlocke.name/bits/2016/01/20/serving-pre-compressed-files-with-apache-multiviews/> + +<IfDefine !TRANSFER_COMPRESSION> + <IfModule mod_brotli.c> + Define TRANSFER_COMPRESSION BROTLI_COMPRESS + </IfModule> +</IfDefine> +<IfDefine !TRANSFER_COMPRESSION> + <IfModule mod_deflate.c> + Define TRANSFER_COMPRESSION DEFLATE + </IfModule> +</IfDefine> + +<IfDefine TRANSFER_COMPRESSION> + <IfModule mod_filter.c> + AddOutputFilterByType ${TRANSFER_COMPRESSION} text/html text/plain text/xml text/css text/javascript + AddOutputFilterByType ${TRANSFER_COMPRESSION} application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType ${TRANSFER_COMPRESSION} application/rss+xml + AddOutputFilterByType ${TRANSFER_COMPRESSION} application/xml + </IfModule> +</IfDefine> diff --git a/etc/apache2/conf-available/local-tls.conf b/etc/apache2/conf-available/local-tls.conf new file mode 100644 index 0000000..1876e0a --- /dev/null +++ b/etc/apache2/conf-available/local-tls.conf @@ -0,0 +1,73 @@ +<IfDefine !_TLS_HOST> + <IfDefine _HOST> + Define __TLS_HOST + Define _TLS_HOST ${_HOST} + </IfDefine> +</IfDefine> +<IfDefine !_TLS_KEY> + <IfDefine _TLS_HOST> + Define __TLS_CERT_CHAIN + Define __TLS_KEY + <IfDefine _TLS_USE_DEHYDRATED> + Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLS_HOST}/fullchain.pem + Define _TLS_KEY /var/lib/dehydrated/certs/${_TLS_HOST}/privkey.pem + </IfDefine> + <IfDefine !_TLS_USE_DEHYDRATED> + Define _TLS_CERT_CHAIN /etc/ssl/shared/${_TLS_HOST}.chain.pem + Define _TLS_KEY /etc/ssl/private/${_TLS_HOST}.key + </IfDefine> + </IfDefine> +</IfDefine> + +<IfDefine _TLS_HOST> + +<If "%{HTTPS} != 'on'"> + RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}$1 +</If> + +<IfModule mod_gnutls.c> + GnuTLSEnable on + <IfDefine _TLS_KEY> + GnuTLSCertificateFile ${_TLS_CERT_CHAIN} + GnuTLSKeyFile ${_TLS_KEY} + </IfDefine> + <IfDefine _OCSP_RESPONSE> + GnuTLSOCSPStapling on + GnuTLSOCSPResponseFile ${_OCSP_RESPONSE} + </IfDefine> + <IfDefine !_OCSP_RESPONSE> + GnuTLSOCSPStapling off + </IfDefine> +</IfModule> + +<IfModule mod_ssl.c> +<IfModule !mod_gnutls.c> + SSLEngine on + <IfDefine _TLS_KEY> + SSLCertificateFile ${_TLS_CERT_CHAIN} + SSLCertificateKeyFile ${_TLS_KEY} + </IfDefine> + + <FilesMatch "\.(cgi|shtml|phtml|php)$"> + SSLOptions +StdEnvVars + </FilesMatch> + <Directory /usr/lib/cgi-bin> + SSLOptions +StdEnvVars + </Directory> +</IfModule> +</IfModule> + +</IfDefine> + +<IfDefine __TLS_HOST> + Undefine _TLS_HOST + Undefine __TLS_HOST +</IfDefine> +<IfDefine __TLS_CERT_CHAIN> + Undefine _TLS_CERT_CHAIN + Undefine __TLS_CERT_CHAIN +</IfDefine> +<IfDefine __TLS_KEY> + Undefine _TLS_KEY + Undefine __TLS_KEY +</IfDefine> |