<VirtualHost *:80>
ServerName HOSTNAME.gatech.edu
ServerAdmin --YOUR-EMAIL-HERE--
Redirect / https://HOSTNAME.gatech.edu/
ErrorLog /var/log/apache2/site/ACCTNAME/error.log
CustomLog /var/log/apache2/site/ACCTNAME/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin --YOUR-EMAIL-HERE--
ServerName HOSTNAME.gatech.edu
DocumentRoot /home/ACCTNAME/httpsdocs
<Directory /home/ACCTNAME/httpsdocs>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews SymLinksIfOwnerMatch
</Directory>
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/site/ACCTNAME/error-ssl.log
CustomLog /var/log/apache2/site/ACCTNAME/access-ssl.log combined
SSLEngine On
SSLCertificateFile --PATH-TO-SSL-CERT--
SSLCertificateKeyFile --PATH-TO-SSL-KEY--
SSLCACertificateFile --PATH-TO-CA-CERT--
<FilesMatch "\.(php)$">
SetHandler "proxy:unix:/run/php/php8.2-fpm-ACCTNAME.sock|fcgi://localhost/"
</FilesMatch>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
</VirtualHost>
Building a LAMP Based Web Server in the 21st Century