#-------------------------------------------------------------------------------
# wiki.hmuna.com
#-------------------------------------------------------------------------------
ServerName wiki.hmuna.com
ServerAdmin server-admin@hmuna.com
DocumentRoot /raid_vol/www/html/pukiwiki
Options FollowSymLinks
AllowOverride all
#-------------------------------------------------------------------------------------------
# http://wiki.hmuna.com アクセスを https://wiki.hmuna.com に転送する設定
#-------------------------------------------------------------------------------------------
Redirect / https://wiki.hmuna.com/
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
ServerName wiki.hmuna.com
DocumentRoot /raid_vol/www/html/pukiwiki
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "Knowlege Bank"
# nanamochahiko
AuthUserFile "/raid_vol/home/munakata/.webpass"
Require user munakata
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
AuthType Basic
AuthName "Enter Gallery password"
# peeweepasswd
AuthUserFile "/raid_vol/home/munakata/.gallerypass"
Require user munakata
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#
# AllowOverride None
# Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
# Order allow,deny
# Allow from all
#
#
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
# Server Certificate:
#SSLCertificateFile /etc/ssl/official/sslcsr/wiki_hmuna_com.crt
# Server Private Key:
#SSLCertificateKeyFile /etc/ssl/official/sslkey/domainname.key
# Server Certificate Chain:
#SSLCertificateChainFile /etc/ssl/official/sslcsr/AAACertificateServices_2.crt
# 上記の公式証明書が失効したので なんちゃって証明書 2048bit を作成
SSLCertificateFile /etc/ssl/Server/cert-ca.pem
SSLCertificateKeyFile /etc/ssl/Server/private.pem
SSLOptions +StdEnvVars
## SSL Protocol Adjustments:
## The safe and default but still SSL/TLS standard compliant shutdown
## approach is that mod_ssl sends the close notify alert but doesn't wait for
## the close notify alert from client. When you need a different shutdown
## approach you can use one of the following variables:
## o ssl-unclean-shutdown:
## This forces an unclean shutdown when the connection is closed, i.e. no
## SSL close notify alert is send or allowed to received. This violates
## the SSL/TLS standard but is needed for some brain-dead browsers. Use
## this when you receive I/O errors because of the standard approach where
## mod_ssl sends the close notify alert.
## o ssl-accurate-shutdown:
## This forces an accurate shutdown when the connection is closed, i.e. a
## SSL close notify alert is send and mod_ssl waits for the close notify
## alert of the client. This is 100% SSL/TLS standard compliant, but in
## practice often causes hanging connections with brain-dead browsers. Use
## this only for browsers where you know that their SSL implementation
## works correctly.
## Notice: Most problems of broken clients are also related to the HTTP
## keep-alive facility, so you usually additionally want to disable
## keep-alive for those clients, too. Use variable "nokeepalive" for this.
## Similarly, one has to force some clients to use HTTP/1.0 to workaround
## their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
## "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0