Set Custom Headers for Content-Security

efreeman · January 21, 2021, 5:07pm

<VirtualHost *:443>
    ServerName {{ FQDN }}
    DocumentRoot /var/www/html
    ErrorLog /var/log/httpd/{{ HOSTNAME -s }}.err
    CustomLog /var/log/httpd/{{ HOSTNAME -s }}.log combined
    CustomLog "|/usr/bin/logger -p local6.info -t apache-access" combined
    SSLEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    SSLHonorCipherOrder on
    SSLProtocol TLSv1.2
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!3DES

     SSLCertificateFile {{ ssl_cert_path }}
     SSLCertificateKeyFile {{ ssl_key_path }}
     SSLCACertificateFile {{ ssl_bundle_path }}

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine on
ProxyRequests       Off
ProxyPreserveHost On
ProxyVia On

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* https://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto “https”

#RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-SSL on
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always append X-Frame-Options SAMEORIGIN


RequestHeader unset If-Modified-Since
RequestHeader unset If-None-Match
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

<Location /api/v1/websocket>
Require all granted
ProxyPassReverse https://127.0.0.1:8065
ProxyPassReverseCookieDomain 127.0.0.1 {{ FQDN }} </Location>

<Location />
Require all granted
ProxyPassReverse https://127.0.0.1:8065
ProxyPassReverseCookieDomain 127.0.0.1 {{ FQDN }} </Location>

</VirtualHost>

Topic		Replies	Views
Mattermost noob configuration and Apache headache Troubleshooting	3	1374	November 12, 2018
[SOLVED] Mattermost Apache Configuration Troubleshooting	10	10783	September 5, 2016
Https access problem Troubleshooting	4	2143	June 5, 2020
Mattermost behind Apache Proxy - wss not working Troubleshooting	6	4408	January 23, 2022
Settings for Mattermost Troubleshooting	1	1031	February 19, 2018

Set Custom Headers for Content-Security

Related topics