ServerName {{ cgit_domain }} Redirect permanent / https://{{ cgit_domain }}/ ServerName {{ cgit_domain }} SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression off SSLUseStapling On SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem Header add Strict-Transport-Security "max-age=15768000; includeSubdomains" DocumentRoot /var/www/htdocs/cgit/ AllowOverride None Options +ExecCGI Order allow,deny Allow from all Alias /cgit.png /var/www/htdocs/cgit/cgit.png Alias /cgit.css /var/www/htdocs/cgit/cgit.css Alias /favicon.ico /var/www/htdocs/cgit/favicon.ico Alias /robots.txt /var/www/htdocs/cgit/robots.txt ScriptAlias / /var/www/htdocs/cgit/cgit.cgi/ CustomLog /var/log/apache2/cgit_access.log combined ErrorLog /var/log/apache2/cgit_error.log