File: //etc/httpd/conf.d/ninibaikyaku-soleil.com_ssl.conf
#------------------------------------------
# ninibaikyaku-soleil.com SSL
#------------------------------------------
## OSCP stapling
#SSLUseStapling on
#SSLStaplingResponderTimeout 5
#SSLStaplingReturnResponderErrors off
#SSLStaplingCache shmcb:/var/run/ocsp(128000)
<VirtualHost *:443>
Protocols h2 http/1.1
ServerAdmin webmaster@example.com
DocumentRoot /home/kusanagi/ninibaikyaku-soleil.com/DocumentRoot
ServerName ninibaikyaku-soleil.com
ErrorLog /home/kusanagi/ninibaikyaku-soleil.com/log/httpd/ssl_error.log
CustomLog /home/kusanagi/ninibaikyaku-soleil.com/log/httpd/ssl_access.log kusanagi env=!no_log
LogLevel warn
SSLEngine on
SSLProtocol -All +TLSv1.2 +TLSv1.3
SSLCipherSuite AES128+ECDHE:AES256+ECDHE:AES128+EDH:AES256+EDH:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4!CAMELLIA!AES128-SHA!AES128-SHA256!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES256-SHA256:!AES256-SHA!AES256-CCM8!AES256-CCM!AES128-CCM!ARIA128-GCM-SHA256!AES128-CCM8!ARIA256-GCM-SHA384
SSLCertificateFile /etc/letsencrypt/live/ninibaikyaku-soleil.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ninibaikyaku-soleil.com/privkey.pem
SSLHonorCipherOrder on
SSLCompression off
SSLOpenSSLConfCmd DHParameters "/etc/kusanagi.d/ssl/dhparam.key"
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
<IfModule mod_security2.c>
#IncludeOptional modsecurity.d/kusanagi_activated_rules/wordpress/*.conf
#SecAuditLog /home/kusanagi/ninibaikyaku-soleil.com/log/httpd/waf.log
</IfModule>
<Directory "/home/kusanagi/ninibaikyaku-soleil.com/DocumentRoot">
Require all granted
AllowOverride All
Options FollowSymlinks
</Directory>
</VirtualHost>