ServerTokens ProductOnly
#
# AddType application/font-woff .woff
# AddType application/x-font-ttf .ttf
#
Listen 8443
ServerAdmin tango@voicecom.ee
ServerName klient.liisi.ee
# ErrorDocument 500 /maintenance_holm.html
# #RewriteEngine On
# #RewriteCond %{REQUEST_URI} !=/maintenance
# #RewriteRule ^ /maintenance [R=302]
#
# Alias "/home/tango/tangoweb/templates/maintenance_holm.html"
# Require all granted
#
SSLEngine On
SSLVerifyClient none
# Sisaldab: klient.liisi.ee, pood.liisi.ee, TODO: crs.liisi.ee, vana.liisi.ee?
SSLCertificateFile /etc/letsencrypt/live/prelive.liisi.ee/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/prelive.liisi.ee/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/prelive.liisi.ee/chain.pem
# SSLProtocol ALL -SSLv2
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "ECDHE+AESGCM DHE+AESGCM ECDH+AESGCM DH+AESGCM ECDHE+AES256 DHE+AES256 ECDH+AES256 DH+AES256 ECDHE+AES128 DHE+AES ECDH+AES128 DH+AES ECDHE+3DES DHE+3DES ECDH+3DES DH+3DES RSA+AESGCM RSA+AES RSA+3DES !aNULL !MD5 !DSS"
# Kliendi sertifikaadi kontroll
SSLCACertificatePath /etc/pki/esteid/ca
#SSLCARevocationPath /etc/pki/esteid/crl
# Limiidipäringu iframe lubamine
# Header always append X-Frame-Options ALLOW-FROM "http://www.liisi.ee"
SSLVerifyClient require
SSLVerifyDepth 3
SSLOptions +StdEnvVars
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +StdEnvVars
#Header set Strict-Transport-Security "max-age=15768000"
Header set X-UA-Compatible "IE=edge"
Header set X-Frame-Options "SAMEORIGIN"
# Lubatud iframe's laadida
Header unset X-Frame-Options
Options FollowSymLinks
AllowOverride None
# Lubatud iframe's laadida
Header unset X-Frame-Options
# Lubatud iframe's laadida
Header unset X-Frame-Options
# Lubatud iframe's laadida
Header unset X-Frame-Options
AllowOverride None
Require all granted
ExpiresActive On
ExpiresDefault "access plus 30 minutes"
# Apache 2.4
Require all granted
WSGIDaemonProcess linkweb processes=8 threads=1 display-name=%{GROUP} \
python-path=/home/tango/env/lib/python3.6/site-packages
WSGIProcessGroup linkweb
WSGIPassAuthorization On
# Work around psycopg2 "can't adapt type Decimal" (?)
# https://code.google.com/p/modwsgi/wiki/ApplicationIssues
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /home/tango/tangoweb/link/wsgi.py
Alias /static /home/tango/tangoweb/static_serve