-
Notifications
You must be signed in to change notification settings - Fork 0
/
kresus.conf
96 lines (79 loc) · 3.12 KB
/
kresus.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<VirtualHost *:80>
ServerName your.domain.tld
DocumentRoot /home/kresus/kresus/build/client//
<If "-f '/etc/letsencrypt/live/your.domain.tld/fullchain.pem' && -f '/etc/letsencrypt/live/your.domain.tld/privkey.pem'">
Redirect / https://your.domain.tld/
</If>
<Else>
<Directory /home/kresus/kresus/build/client/>
Options FollowSymLinks
AllowOverride AuthConfig FileInfo Indexes Limit
Require all granted
</Directory>
Header merge Strict-Transport-Security max-age=15768000
<IfModule deflate_module.c>
SetEnv no-gzip 1
</IfModule>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<Location __PATH__/ >
RewriteCond %{DOCUMENT_ROOT} !-f && %{DOCUMENT_ROOT}/index.html !-f
ProxyPass http://127.0.0.1:__PORT__ redirect="" timeout=600
ProxyPreserveHost On
LimitRequestBody 8192
</Location>
<Location ~ __PATH__/\.(css|js|png|jpe?g|svg|eot|woff2?)$ >
Header Cache-Control 'max-age=2592000, must-revalidate, public'
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
SetEnv no-gzip 0
</Location>
ErrorLog {{ freshrss_log_dest }}/freshrss_error.log
CustomLog {{ freshrss_log_dest }}/freshrss_access.log combine
AllowEncodedSlashes On
</Else>
</VirtualHost>
<VirtualHost *:443>
<If "! -f '/etc/letsencrypt/live/your.domain.tld/fullchain.pem' || ! -f '/etc/letsencrypt/live/your.domain.tld/privkey.pem'">
Redirect / http://your.domain.tld/
</If>
<Else>
ServerName your.domain.tld
DocumentRoot /home/kresus/kresus/build/client//
AuthType basic
AuthUserFile {{ kresus_auth_file }}
Require valid-user
Header merge Strict-Transport-Security max-age=15768000
<Directory /home/kresus/kresus/build/client/>
Options FollowSymLinks
AllowOverride AuthConfig FileInfo Indexes Limit
Require all granted
</Directory>
<IfModule deflate_module.c>
SetEnv no-gzip 1
</IfModule>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<Location __PATH__/ >
RewriteCond %{DOCUMENT_ROOT} !-f && %{DOCUMENT_ROOT}/index.html !-f
ProxyPass http://127.0.0.1:__PORT__ redirect="" timeout=600
ProxyPreserveHost On
LimitRequestBody 8192
</Location>
<Location ~ __PATH__/\.(css|js|png|jpe?g|svg|eot|woff2?)$ >
Header Cache-Control 'max-age=2592000, must-revalidate, public'
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
SetEnv no-gzip 0
</Location>
AllowEncodedSlashes On
SSLEngine on
SSLCompression off
SSLSessionCacheTimeout 300
SSLCipherSuite EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!CAMELLIA256-SHA:!AES256-SHA:!CAMELLIA128-SHA:!AES128-SHA
SSLCertificateFile /etc/letsencrypt/live/your.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.tld/privkey.pem
ErrorLog {{ freshrss_log_dest }}/freshrss_error.log
CustomLog {{ freshrss_log_dest }}/freshrss_access.log combined
</Else>
</VirtualHost>