91 lines
3.8 KiB
Text
91 lines
3.8 KiB
Text
ServerName keys.fedoraproject.org
|
|
Listen 140.211.169.202:11371
|
|
NameVirtualHost *:443
|
|
|
|
<ifModule !mod_proxy.c>
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_proxy_http.c>
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_proxy_balancer.c>
|
|
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_headers.c>
|
|
LoadModule headers_module modules/mod_headers.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_authz_host.c>
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_log_config.c>
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
</IfModule>
|
|
|
|
<IfModule !mod_env.c>
|
|
LoadModule env_module modules/mod_env.so
|
|
</IfModule>
|
|
|
|
<Directory />
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Order deny,allow
|
|
Deny from all
|
|
</Directory>
|
|
|
|
<VirtualHost *:80>
|
|
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
|
ServerName keys.fedoraproject.org
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
|
|
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
|
ServerName keys.fedoraproject.org
|
|
ServerAlias keys02.fedoraproject.org
|
|
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
|
|
SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
|
|
SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
|
|
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
|
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
|
|
|
ProxyPass / http://localhost:11371/
|
|
ProxyPassReverse / http://localhost:11371/
|
|
SetEnv proxy-nokeepalive 1
|
|
ProxyVia Full
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
|
ServerName pool.sks-keyservers.net
|
|
ServerAlias sks-keyservers.net
|
|
ServerAlias *.sks-keyservers.net
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
|
|
SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
|
|
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
|
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
|
|
|
ProxyPass / http://localhost:11371/
|
|
ProxyPassReverse / http://localhost:11371/
|
|
SetEnv proxy-nokeepalive 1
|
|
ProxyVia Full
|
|
</VirtualHost>
|
|
<VirtualHost *:11371>
|
|
ServerAdmin sysadmin-keys-members@fedoraproject.org
|
|
ServerName keys.fedoraproject.org
|
|
ProxyPass / http://127.0.0.1:11371/
|
|
ProxyPassReverse / http://127.0.0.1:11371/
|
|
SetEnv proxy-nokeepalive 1
|
|
ProxyVia Full
|
|
</VirtualHost>
|