mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-03-11 09:04:54 +00:00
a09aa90145
Previously, we redirected all requests to HTTPS. Now, we redirect only when the user tries to connect to the Plinth site.
60 lines
1.6 KiB
Plaintext
60 lines
1.6 KiB
Plaintext
<VirtualHost *:80>
|
|
|
|
## Force SSL
|
|
RewriteEngine on
|
|
ReWriteCond %{SERVER_PORT} !^443$
|
|
ReWriteCond %{REQUEST_URI} ^/plinth
|
|
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
|
|
|
|
## Shared options.
|
|
DocumentRoot /dev/null
|
|
|
|
## Use this rule to hang plinth off of plinth.(servername)
|
|
# ServerName plinth
|
|
# ServerAlias plinth.*
|
|
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
## Enable SSL
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
|
|
|
## Use HTTP Strict Transport Security to force client to use secure connections only
|
|
Header always set Strict-Transport-Security "max-age=31536000"
|
|
|
|
## Shared options.
|
|
ProxyPreserveHost on
|
|
DocumentRoot /usr/share/plinth
|
|
|
|
## Use this rule to hang plinth off of plinth.(servername)
|
|
# ServerName plinth
|
|
# ServerAlias plinth.*
|
|
# ProxyPass / http://localhost:8000/
|
|
# ProxyPassReverse / http://localhost:8000/
|
|
# <Proxy *>
|
|
# Order Deny,Allow
|
|
# Deny from All
|
|
# Allow from 10.0.0.0/8
|
|
# Allow from 172.16.0.0/12
|
|
# Allow from 192.168.0.0/16
|
|
# </Proxy>
|
|
|
|
## Use this rule to hang plinth off a subdir.
|
|
## Make sure to provide plinth with a default directory: /plinth
|
|
<Location /plinth>
|
|
ProxyPass http://localhost:8000/plinth
|
|
ProxyPassReverse http://localhost:8000/plinth
|
|
|
|
Order Deny,Allow
|
|
Deny from All
|
|
Allow from 10.0.0.0/8
|
|
Allow from 172.16.0.0/12
|
|
Allow from 192.168.0.0/16
|
|
</Location>
|
|
ProxyPass /plinth/static !
|
|
|
|
</VirtualHost>
|