###################################################### # This virtual host contains the configuration # for the ISPConfig controlpanel ###################################################### Listen NameVirtualHost *: > ServerAdmin webmaster@localhost SetHandler None SetHandler None DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig Options -Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo SetHandler fcgid-script FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Require all granted Order allow,deny Allow from all IPCCommTimeout 7200 MaxRequestLen 15728640 DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Require all granted Order allow,deny Allow from all php_value magic_quotes_gpc 0 # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off SecRuleEngine Off # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 SSLProtocol All -SSLv2 -SSLv3 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder On SSLCompression Off SSLSessionTickets Off # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" Header set X-Content-Type-Options: nosniff Header set X-Frame-Options: SAMEORIGIN Header set X-XSS-Protection: "1; mode=block" Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" Header setifempty Strict-Transport-Security "max-age=15768000" RequestHeader unset Proxy early SSLUseStapling On SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors Off SSLStaplingCache shmcb:/var/run/ocsp(128000) AllowOverride None Require all denied Order Deny,Allow Deny from all AllowOverride None Require all denied Order Deny,Allow Deny from all