AllowOverride None Require all denied Protocols h2 h2c http/1.1 DocumentRoot DocumentRoot ServerName ServerAdmin webmaster@ Protocols h2 http/1.1 SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS' ErrorLog "|/usr/local/ispconfig/server/scripts/vlogger -e -n -P -t \"error.log\" /var/log/ispconfig/httpd/" ErrorLog /var/log/ispconfig/httpd//error.log Alias /error/ "/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # SSLCipherSuite TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # # Header always add Strict-Transport-Security "max-age=15768000" # SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off # Clear PHP settings of this website SetHandler None Options +FollowSymLinks AllowOverride Require all granted # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes Require all denied # Clear PHP settings of this website SetHandler None Options +FollowSymLinks AllowOverride Require all granted # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes Require all denied Options +ExecCGI RubyRequire apache/ruby-run #RubySafeLevel 0 AddType text/html .rb AddType text/html .rbx SetHandler ruby-object RubyHandler Apache::RubyRun.instance SetHandler ruby-object RubyHandler Apache::RubyRun.instance PerlModule ModPerl::Registry PerlModule Apache2::Reload PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI SetHandler perl-script SetHandler mod_python PythonHandler mod_python.publisher PythonDebug On SetHandler mod_python PythonHandler mod_python.publisher PythonDebug On # cgi enabled Require all granted ScriptAlias /cgi-bin/ /cgi-bin/ SetHandler cgi-script # suexec enabled SuexecUserGroup # mod_php enabled AddType application/x-httpd-php .php .php3 .php4 .php5 SetEnv TMP /tmp SetEnv TMPDIR /tmp SetEnv TEMP /tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@" php_admin_value upload_tmp_dir /tmp php_admin_value session.save_path /tmp # PHPIniDir php_admin_value open_basedir # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html FcgidIdleTimeout 300 FcgidProcessLifeTime 3600 # FcgidMaxProcesses 1000 FcgidMaxRequestsPerProcess FcgidMinProcessesPerClass 0 FcgidMaxProcessesPerClass 10 FcgidConnectTimeout 3 FcgidIOTimeout 600 FcgidBusyTimeout 3600 FcgidMaxRequestLen 1073741824 SetHandler fcgid-script FCGIWrapper .php FCGIWrapper .php3 FCGIWrapper .php4 FCGIWrapper .php5 Options +ExecCGI AllowOverride Require all granted SetHandler fcgid-script FCGIWrapper .php FCGIWrapper .php3 FCGIWrapper .php4 FCGIWrapper .php5 Options +ExecCGI AllowOverride Require all granted Require all granted SetHandler php-fcgi SetHandler php-fcgi SetHandler php-fcgi SetHandler php-fcgi Action php-fcgi /php-fcgi virtual Alias /php-fcgi {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1: -pass-header Authorization -pass-header Content-Type FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket -pass-header Authorization -pass-header Content-Type #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:/$1 SetHandler "proxy:fcgi://127.0.0.1:" SetHandler "proxy:fcgi://127.0.0.1:" #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://|fcgi://localhost//$1 SetHandler "proxy:unix:|fcgi://localhost" SetHandler "proxy:unix:|fcgi://localhost" RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTP_HOST} ^$ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^ https://%{REQUEST_URI} [R=301,NE,L] RewriteCond %{HTTP_HOST} ^$ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^ https://%{REQUEST_URI} [R=301,NE,L] RewriteCond %{HTTP_HOST} $ [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteCond %{REQUEST_URI} !^/webdav/ RewriteCond %{REQUEST_URI} !^/php-fcgi/ RewriteCond %{REQUEST_URI} !^ RewriteRule /(.*) $1 RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE] # add support for apache mpm_itk AssignUserId SecRuleRemoveById 960015 SecRuleRemoveById 960032 DirectoryIndex disabled SetHandler None DavLockDB {tmpl_var name='document_root'}/tmp/DavLock # needed by apache2_plugin.inc.php # WEBDAV BEGIN # WEBDAV END