######################################################
# This virtual host contains the configuration
# for the ISPConfig apps vhost
######################################################
{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
SetHandler None
# SSL Configuration
SSLEngine On
SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder On
SSLCompression Off
SSLSessionTickets Off
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
Header set X-Content-Type-Options: nosniff
Header set X-Frame-Options: SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
Header always edit Set-Cookie (.*) "$1; Secure"
= 2.4.7>
Header setifempty Strict-Transport-Security "max-age=15768000"
Header set Strict-Transport-Security "max-age=15768000"
RequestHeader unset Proxy early
SSLUseStapling On
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors Off
RequestHeader unset Proxy early
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
Options FollowSymLinks
AllowOverride None
Require all granted
Order allow,deny
Allow from all
DocumentRoot {tmpl_var name='apps_vhost_dir'}
AddType application/x-httpd-php .php
Options FollowSymLinks
AllowOverride None
Require all granted
Order allow,deny
Allow from all
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
SetHandler fcgid-script
FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
Require all granted
Order allow,deny
Allow from all
IPCCommTimeout 7200
MaxRequestLen 15728640
{tmpl_if name="use_rspamd"}
Order allow,deny
Allow from all
RewriteEngine On
RewriteRule ^/rspamd$ /rspamd/ [R,L]
RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
{/tmpl_if}
SSLStaplingCache shmcb:/var/run/ocsp(128000)