thomas
/
sovereign


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
							<VirtualHost *:80> 
    ServerName {{ webmail_domain }}

    Redirect permanent / https://{{ webmail_domain }}/
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ webmail_domain }}

    SSLEngine on
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCompression off
    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
    SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
    SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"

    # Those aliases do not work properly with several hosts on your apache server
    # Uncomment them to use it or adapt them to your configuration
    #    Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
    #    Alias /roundcube /var/lib/roundcube

    # Access to tinymce files
    DocumentRoot /var/lib/roundcube 
    <Directory "/usr/share/tinymce/www/">
          Options Indexes MultiViews FollowSymLinks
          AllowOverride None
          Order allow,deny
          allow from all
    </Directory>

    <Directory /var/lib/roundcube/>
      Options +FollowSymLinks
      # This is needed to parse /var/lib/roundcube/.htaccess. See its
      # content before setting AllowOverride to None.
      AllowOverride All
      order allow,deny
      allow from all
    </Directory>

    # Protecting basic directories:
    <Directory /var/lib/roundcube/config>
            Options -FollowSymLinks
            AllowOverride None
    </Directory>

    <Directory /var/lib/roundcube/temp>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    <Directory /var/lib/roundcube/logs>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    CustomLog /var/log/apache2/webmail_access.log combined 
    ErrorLog /var/log/apache2/webmail_error.log 
</VirtualHost>