diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/apache/httpd.conf | 11 | ||||
| -rw-r--r-- | etc/haproxy.cfg | 6 |
2 files changed, 15 insertions, 2 deletions
diff --git a/etc/apache/httpd.conf b/etc/apache/httpd.conf index 578db68..4884193 100644 --- a/etc/apache/httpd.conf +++ b/etc/apache/httpd.conf @@ -90,6 +90,13 @@ HostnameLookups Off FcgidMaxRequestsPerProcess 100 FcgidMinProcessesPerClass 1 SSLSessionCache shmcb:/run/apache2/ +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 +SSLHonorCipherOrder on +SSLCompression off +SSLSessionTickets off +SSLUseStapling on +SSLStaplingCache shmcb:/tmp/stapling_cache(128000) AddType application/x-httpd-php .php AddType text/xsl .xsl @@ -162,7 +169,7 @@ AddHandler markdown .md SSLCertificateFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/chain.pem - Header always set Strict-Transport-Security "max-age=864000; includeSubDomains" + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" </VirtualHost> <VirtualHost *:11443> ServerName git.randomdan.homeip.net @@ -170,5 +177,5 @@ AddHandler markdown .md SSLCertificateFile /etc/letsencrypt/live/git.randomdan.homeip.net/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/git.randomdan.homeip.net/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/git.randomdan.homeip.net/chain.pem - Header always set Strict-Transport-Security "max-age=864000; includeSubDomains" + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" </VirtualHost> diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index a14c916..43ef958 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -20,6 +20,10 @@ mailers smtp mailer defiant defiant:25 mailer firebrand firebrand:25 +peers randomlan + peer defiant defiant:1024 + peer firebrand firebrand:1024 + # HTTP listen http description Apache HTTP @@ -33,6 +37,8 @@ listen https description Apache HTTPS bind *:443 mode tcp + stick-table type ip size 20k peers randomlan + stick on src server defiant defiant:11443 send-proxy-v2 observe layer4 check server firebrand firebrand:11443 send-proxy-v2 observe layer4 check |