# https://palmure.fr/blog.html#default-https-but-only-for-recent-browsers # # # Require all denied # # # # SSLEngine on # Include /etc/letsencrypt/options-ssl-apache.conf # SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem # SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem # # Require all denied # # ServerName nycki.net SSLEngine on Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem #Header always add Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;" Header always add Vary: Upgrade-Insecure-Requests Redirect / https://nycki.net DocumentRoot /data/nycki.net/site ErrorDocument 404 /404.html RewriteEngine on #LogLevel alert rewrite:trace3 RewriteCond "%{DOCUMENT_ROOT}/%{REQUEST_URI}" -f RewriteRule "(.+)" "/$1" [L] Options FollowSymLinks MultiViews Require all granted # If file isn't in repo, fall back on public_html Define public_html "/home/nycki/public_html" Alias /p ${public_html} RewriteCond "${public_html}/%{REQUEST_URI}" -f RewriteRule "(.+)" "/p/$1" [PT,L] Options FollowSymLinks Require all granted ServerName rss.nycki.net SSLEngine on Include /etc/letsencrypt/options-ssl-apache.conf ProxyPass http://localhost:8400/ SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem ServerName git.nycki.net SSLEngine on Include /etc/letsencrypt/options-ssl-apache.conf # https://stackoverflow.com/a/9933890/3821202 AllowEncodedSlashes NoDecode ProxyPass http://localhost:8500/ nocanon SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem