ServerTokens ProductOnly
AddType application/font-woff .woff
AddType application/x-font-ttf .ttf
# Listen 8950
ErrorDocument 500 /maintenance.html
#RewriteEngine On
#RewriteCond %{REQUEST_URI} !=/maintenance
#RewriteRule ^ /maintenance [R=302]
Alias "/home/tango/tangoweb/templates/maintenance.html"
Require all granted
ServerAdmin tango@voicecom.ee
ServerName devel.liisi.ee
SSLEngine On
# Sisaldab ka devel.liisi.ee
SSLCertificateFile /etc/letsencrypt/live/prelive.liisi.ee/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/prelive.liisi.ee/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/prelive.liisi.ee/chain.pem
# SSLProtocol -ALL +TLSv1 +TLSv1.2
SSLProtocol ALL -TLSv1.3 -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Kliendi sertifikaadi kontroll
SSLCACertificatePath /etc/pki/esteid/ca
#SSLCARevocationPath /etc/pki/esteid/crl
#SSLCACertificateFile /etc/sk_certs/id.crt
SSLVerifyClient require
SSLVerifyDepth 3
SSLOptions +StdEnvVars
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +StdEnvVars
#Header set Strict-Transport-Security "max-age=15768000"
Header set X-UA-Compatible "IE=edge"
Header set X-Frame-Options "SAMEORIGIN"
Options FollowSymLinks
AllowOverride All
AllowOverride None
# Apache 2.2
Order allow,deny
Allow from all
# Apache 2.4
Require all granted
ExpiresActive On
ExpiresDefault "access plus 30 minutes"
# Apache 2.4
Require all granted
WSGIDaemonProcess tangoweb processes=4 threads=1 display-name=%{GROUP} \
python-path=/home/tango/env/lib/python3.6/site-packages
WSGIProcessGroup tangoweb
WSGIPassAuthorization On
# Work around psycopg2 "can't adapt type Decimal" (?)
# https://code.google.com/p/modwsgi/wiki/ApplicationIssues
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /home/tango/tangoweb/wsgi.py
Alias /static /home/tango/tangoweb/static_serve
SetEnv nokeepalive ssl-unclean-shutdown