summaryrefslogtreecommitdiff
path: root/etc/apache2
diff options
context:
space:
mode:
Diffstat (limited to 'etc/apache2')
-rw-r--r--etc/apache2/conf-available/local-compression.conf22
-rw-r--r--etc/apache2/conf-available/local-tls.conf73
2 files changed, 95 insertions, 0 deletions
diff --git a/etc/apache2/conf-available/local-compression.conf b/etc/apache2/conf-available/local-compression.conf
new file mode 100644
index 0000000..03d4299
--- /dev/null
+++ b/etc/apache2/conf-available/local-compression.conf
@@ -0,0 +1,22 @@
+# TODO: support serving pre-compressed files using Multi-Views
+# <https://kevinlocke.name/bits/2016/01/20/serving-pre-compressed-files-with-apache-multiviews/>
+
+<IfDefine !TRANSFER_COMPRESSION>
+ <IfModule mod_brotli.c>
+ Define TRANSFER_COMPRESSION BROTLI_COMPRESS
+ </IfModule>
+</IfDefine>
+<IfDefine !TRANSFER_COMPRESSION>
+ <IfModule mod_deflate.c>
+ Define TRANSFER_COMPRESSION DEFLATE
+ </IfModule>
+</IfDefine>
+
+<IfDefine TRANSFER_COMPRESSION>
+ <IfModule mod_filter.c>
+ AddOutputFilterByType ${TRANSFER_COMPRESSION} text/html text/plain text/xml text/css text/javascript
+ AddOutputFilterByType ${TRANSFER_COMPRESSION} application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType ${TRANSFER_COMPRESSION} application/rss+xml
+ AddOutputFilterByType ${TRANSFER_COMPRESSION} application/xml
+ </IfModule>
+</IfDefine>
diff --git a/etc/apache2/conf-available/local-tls.conf b/etc/apache2/conf-available/local-tls.conf
new file mode 100644
index 0000000..1876e0a
--- /dev/null
+++ b/etc/apache2/conf-available/local-tls.conf
@@ -0,0 +1,73 @@
+<IfDefine !_TLS_HOST>
+ <IfDefine _HOST>
+ Define __TLS_HOST
+ Define _TLS_HOST ${_HOST}
+ </IfDefine>
+</IfDefine>
+<IfDefine !_TLS_KEY>
+ <IfDefine _TLS_HOST>
+ Define __TLS_CERT_CHAIN
+ Define __TLS_KEY
+ <IfDefine _TLS_USE_DEHYDRATED>
+ Define _TLS_CERT_CHAIN /var/lib/dehydrated/certs/${_TLS_HOST}/fullchain.pem
+ Define _TLS_KEY /var/lib/dehydrated/certs/${_TLS_HOST}/privkey.pem
+ </IfDefine>
+ <IfDefine !_TLS_USE_DEHYDRATED>
+ Define _TLS_CERT_CHAIN /etc/ssl/shared/${_TLS_HOST}.chain.pem
+ Define _TLS_KEY /etc/ssl/private/${_TLS_HOST}.key
+ </IfDefine>
+ </IfDefine>
+</IfDefine>
+
+<IfDefine _TLS_HOST>
+
+<If "%{HTTPS} != 'on'">
+ RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}$1
+</If>
+
+<IfModule mod_gnutls.c>
+ GnuTLSEnable on
+ <IfDefine _TLS_KEY>
+ GnuTLSCertificateFile ${_TLS_CERT_CHAIN}
+ GnuTLSKeyFile ${_TLS_KEY}
+ </IfDefine>
+ <IfDefine _OCSP_RESPONSE>
+ GnuTLSOCSPStapling on
+ GnuTLSOCSPResponseFile ${_OCSP_RESPONSE}
+ </IfDefine>
+ <IfDefine !_OCSP_RESPONSE>
+ GnuTLSOCSPStapling off
+ </IfDefine>
+</IfModule>
+
+<IfModule mod_ssl.c>
+<IfModule !mod_gnutls.c>
+ SSLEngine on
+ <IfDefine _TLS_KEY>
+ SSLCertificateFile ${_TLS_CERT_CHAIN}
+ SSLCertificateKeyFile ${_TLS_KEY}
+ </IfDefine>
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+</IfModule>
+</IfModule>
+
+</IfDefine>
+
+<IfDefine __TLS_HOST>
+ Undefine _TLS_HOST
+ Undefine __TLS_HOST
+</IfDefine>
+<IfDefine __TLS_CERT_CHAIN>
+ Undefine _TLS_CERT_CHAIN
+ Undefine __TLS_CERT_CHAIN
+</IfDefine>
+<IfDefine __TLS_KEY>
+ Undefine _TLS_KEY
+ Undefine __TLS_KEY
+</IfDefine>