+ # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem
+ # Let's Encrypt settings from https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
+ SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ SSLHonorCipherOrder off
+ SSLSessionTickets off
+ SSLOptions +StrictRequire
+
+ # SSL/TLS configuration for self-signed certificates
+ #SSLEngine on
+ #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Optional, log PHP errors, useful for debugging
+ #php_flag log_errors on
+ #php_flag display_errors on
+ #php_value error_reporting 2147483647
+ #php_value error_log /var/log/apache2/shaarli-php-error.log
+
+ <Directory /var/www/shaarli.mydomain.org/>
+ # Required for .htaccess support
+ AllowOverride All
+ Require all granted
+ </Directory>
+
+ <LocationMatch "/\.">
+ # Prevent accessing dotfiles
+ RedirectMatch 404 ".*"
+ </LocationMatch>
+
+ <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$">
+ # allow client-side caching of static files
+ Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"
+ </LocationMatch>
+
+ # serve the Shaarli favicon from its custom location
+ Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico
+
+</VirtualHost>