ServerTokens ProductOnly # # AddType application/font-woff .woff # AddType application/x-font-ttf .ttf # Listen 8443 ServerAdmin tango@voicecom.ee ServerName klient.liisi.ee # ErrorDocument 500 /maintenance_holm.html # #RewriteEngine On # #RewriteCond %{REQUEST_URI} !=/maintenance # #RewriteRule ^ /maintenance [R=302] # # Alias "/home/tango/tangoweb/templates/maintenance_holm.html" # Require all granted # SSLEngine On SSLVerifyClient none # Sisaldab: klient.liisi.ee, pood.liisi.ee, TODO: crs.liisi.ee, vana.liisi.ee? SSLCertificateFile /etc/letsencrypt/live/prelive.liisi.ee/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/prelive.liisi.ee/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/prelive.liisi.ee/chain.pem # SSLProtocol ALL -SSLv2 SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite "ECDHE+AESGCM DHE+AESGCM ECDH+AESGCM DH+AESGCM ECDHE+AES256 DHE+AES256 ECDH+AES256 DH+AES256 ECDHE+AES128 DHE+AES ECDH+AES128 DH+AES ECDHE+3DES DHE+3DES ECDH+3DES DH+3DES RSA+AESGCM RSA+AES RSA+3DES !aNULL !MD5 !DSS" # Kliendi sertifikaadi kontroll SSLCACertificatePath /etc/pki/esteid/ca #SSLCARevocationPath /etc/pki/esteid/crl # Limiidipäringu iframe lubamine # Header always append X-Frame-Options ALLOW-FROM "http://www.liisi.ee" SSLVerifyClient require SSLVerifyDepth 3 SSLOptions +StdEnvVars SSLVerifyClient optional SSLVerifyDepth 2 SSLOptions +StdEnvVars #Header set Strict-Transport-Security "max-age=15768000" Header set X-UA-Compatible "IE=edge" Header set X-Frame-Options "SAMEORIGIN" # Lubatud iframe's laadida Header unset X-Frame-Options Options FollowSymLinks AllowOverride None # Lubatud iframe's laadida Header unset X-Frame-Options # Lubatud iframe's laadida Header unset X-Frame-Options # Lubatud iframe's laadida Header unset X-Frame-Options AllowOverride None Require all granted ExpiresActive On ExpiresDefault "access plus 30 minutes" # Apache 2.4 Require all granted WSGIDaemonProcess linkweb processes=8 threads=1 display-name=%{GROUP} \ python-path=/home/tango/env/lib/python3.6/site-packages WSGIProcessGroup linkweb WSGIPassAuthorization On # Work around psycopg2 "can't adapt type Decimal" (?) # https://code.google.com/p/modwsgi/wiki/ApplicationIssues WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias / /home/tango/tangoweb/link/wsgi.py Alias /static /home/tango/tangoweb/static_serve