# SPDX-FileCopyrightText: 2023 XWiki CryptPad Team and contributors # # SPDX-License-Identifier: AGPL-3.0-or-later # This file is included strictly as an example of how Apache httpd can be # configured to work with CryptPad. If you are using CryptPad in production # and require professional support please contact sales@cryptpad.fr # This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy, # mod_proxy_http and mod_headers Listen 443 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 86400 SSLSessionTickets off SSLUseStapling on SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" ServerName cryptpad.your-domain.com ServerAlias sandbox.your-domain.com Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" SSLEngine on SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Protocols h2 http/1.1 AddType application/javascript mjs LimitRequestBody 157286400 ProxyPass http://localhost:3000/ upgrade=websocket ProxyPassReverse http://localhost:3000/ ProxyPass http://localhost:3003/ upgrade=websocket ProxyPassReverse http://localhost:3003/