ServerTokens ProductOnly AddType application/font-woff .woff AddType application/x-font-ttf .ttf # Listen 8950 ErrorDocument 500 /maintenance.html #RewriteEngine On #RewriteCond %{REQUEST_URI} !=/maintenance #RewriteRule ^ /maintenance [R=302] Alias "/home/tango/tangoweb/templates/maintenance.html" Require all granted ServerAdmin tango@voicecom.ee ServerName devel.liisi.ee SSLEngine On # Sisaldab ka devel.liisi.ee SSLCertificateFile /etc/letsencrypt/live/prelive.liisi.ee/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/prelive.liisi.ee/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/prelive.liisi.ee/chain.pem # SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLProtocol ALL -TLSv1.3 -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # Kliendi sertifikaadi kontroll SSLCACertificatePath /etc/pki/esteid/ca #SSLCARevocationPath /etc/pki/esteid/crl #SSLCACertificateFile /etc/sk_certs/id.crt SSLVerifyClient require SSLVerifyDepth 3 SSLOptions +StdEnvVars SSLVerifyClient require SSLVerifyDepth 2 SSLOptions +StdEnvVars #Header set Strict-Transport-Security "max-age=15768000" Header set X-UA-Compatible "IE=edge" Header set X-Frame-Options "SAMEORIGIN" Options FollowSymLinks AllowOverride All AllowOverride None # Apache 2.2 Order allow,deny Allow from all # Apache 2.4 Require all granted ExpiresActive On ExpiresDefault "access plus 30 minutes" # Apache 2.4 Require all granted WSGIDaemonProcess tangoweb processes=4 threads=1 display-name=%{GROUP} \ python-path=/home/tango/env/lib/python3.6/site-packages WSGIProcessGroup tangoweb WSGIPassAuthorization On # Work around psycopg2 "can't adapt type Decimal" (?) # https://code.google.com/p/modwsgi/wiki/ApplicationIssues WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias / /home/tango/tangoweb/wsgi.py Alias /static /home/tango/tangoweb/static_serve SetEnv nokeepalive ssl-unclean-shutdown