SSLEngine on
# for security reasons you may restrict the SSL protocol, but some clients may fail if SSLv2 is not supported
- SSLProtocol all
+ SSLProtocol all -SSLv2 -SSLv3
+
+ # pedantic security
+ SSLCipherSuite kEECDH:HIGH:MEDIUM:!aNULL:!MD5:!RC4:!eNULL
+ SSLHonorCipherOrder On
# this should point to your server host certificate
SSLCertificateFile /etc/grid-security/hostcert.pem
# directory containing the Root CA certificates and their hashes
SSLCACertificatePath /etc/grid-security/certificates
- # set to optional, this tells Apache to attempt to verify SSL certificates i
-f provided
+ # set to optional, this tells Apache to attempt to verify SSL certificates if provided
# for X.509 access with GridSite/VOMS, however, set to 'require'
SSLVerifyClient optional
#SSLVerifyClient require
SSLVerifyDepth 10
ServerName localhost
- DocumentRoot /var/www/html/pOCCI-flask
- <Directory /var/www/html/pOCCI-flask>
+ DocumentRoot /var/www/html/pOCCI-flask/public
+ <Directory /var/www/html/pOCCI-flask/public>
Options -MultiViews
#Allow from all
# Uncomment this if you're on Apache >= 2.4:
Require all granted
</Directory>
- Alias /pocci /var/www/html/pOCCI-flask
+ Alias /pocci /var/www/html/pOCCI-flask/public
<Location /pocci>
PassengerBaseURI /pocci
PassengerAppRoot /var/www/html/pOCCI-flask
<VirtualHost *:80>
ServerName localhost
- DocumentRoot /var/www/html/pOCCI-flask
- <Directory /var/www/html/pOCCI-flask>
+ DocumentRoot /var/www/html/pOCCI-flask/public
+ <Directory /var/www/html/pOCCI-flask/public>
Options -MultiViews
#Allow from all
# Uncomment this if you're on Apache >= 2.4:
Require all granted
</Directory>
- Alias /pocci /var/www/html/pOCCI-flask
+ Alias /pocci /var/www/html/pOCCI-flask/public
<Location /pocci>
PassengerBaseURI /pocci
PassengerAppRoot /var/www/html/pOCCI-flask
git://scientific.zcu.cz / pOCCI-flask.git / commitdiff