# vHost file for Apache2 # security - prevent information disclosure about server version ServerTokens Prod ServerName FQDN Redirect permanent / https://FQDN SSLEngine on SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off SSLSessionTickets off SSLCertificateFile /etc/ssl/certs/FQDN.pem; SSLCertificateKeyFile /etc/ssl/private/FQDN.pem; # only if applicable # SSLCertificateChainFile /etc/ssl/certs/cert-bundle.pem; SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem ServerName FQDN HostnameLookups Off UseCanonicalName Off ServerSignature Off ProxyRequests Off ProxyPreserveHost On Require local # Handle websocket connections ProxyPreserveHost On ProxyPass ws://127.0.0.1:3001/api/live/ws ProxyPassReverse ws://127.0.0.1:3001/api/live/ws ProxyPass / http://127.0.0.1:3001/ ProxyPassReverse / http://127.0.0.1:3001/ Options FollowSymLinks AllowOverride None