

Code: Select all
# Main apache config file for using PHP web applications on IPFire (Roundcube, Nextcloud...)
Listen 443
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName mydomain.com
ServerAdmin root@localhost
ServerSignature Off
ErrorLog /var/log/httpd/apps_error_log
TransferLog /var/log/httpd/apps_access_log
#LogLevel debug
# HTTP2 configuration
Protocols h2 h2c http/1.1
H2ModernTLSOnly on
H2Push on
H2PushDiarySize 256
# Hardening
Header set X-Content-Type-Options nosniff
Header set X-Robots-Tag none
Header set X-XSS-Protection "1; mode=block"
# force strict transport security
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
# TLS configuration
SSLEngine on
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA25
# ECDSA certificate
SSLCertificateFile /etc/ssl/certs/webapps-ecdsa.crt
SSLCertificateKeyFile /etc/ssl/private/webapps-ecdsa.key
# RSA certificate
SSLCertificateFile /etc/ssl/certs/webapps-rsa.crt
SSLCertificateKeyFile /etc/ssl/private/webapps-rsa.key
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# php-fpm proxy handler
<FilesMatch "\.php$">
SetHandler "proxy:unix:/var/run/php-fpm.sock|fcgi://127.0.0.1:9000"
</FilesMatch>
# include web applications definitions
Include /etc/httpd/conf/apps.d/*.conf
</VirtualHost>
Code: Select all
# Nextcloud
<Directory /var/www/html/nextcloud>
DirectoryIndex index.php
Options +FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
Code: Select all
# enable autostart of php-fpm daemon
ln -sf ../init.d/php-fpm /etc/rc.d/rc0.d/K21php-fpm
ln -sf ../init.d/php-fpm /etc/rc.d/rc3.d/S46php-fpm
ln -sf ../init.d/php-fpm /etc/rc.d/rc6.d/K21php-fpm
chmod 0754 /etc/rc.d/init.d/php-fpm