AllowOverride None Require all denied DocumentRoot /var/www/clients/client1/web9/web ServerName DOMAIN.TLD ServerAlias www.DOMAIN.TLD ServerAdmin webmaster@DOMAIN.TLD ErrorLog /var/log/ispconfig/httpd/DOMAIN.TLD/error.log # Clear PHP settings of this website SetHandler None Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # Clear PHP settings of this website SetHandler None Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # suexec enabled SuexecUserGroup web9 client1 Require all granted SetHandler php-fcgi SetHandler php-fcgi Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client1/web9/cgi-bin/php-fcgi-138.201.190.45-80-DOMAIN.TLD FastCgiExternalServer /var/www/clients/client1/web9/cgi-bin/php-fcgi-138.201.190.45-80-DOMAIN.TLD -idle-timeout 300 -host 127.0.0.1:9018 -pass-header Authorization -pass-header Content-Type = 2.4.26> ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web" ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}" ProxyFCGISetEnvIf "true" HOME "%{reqenv:DOCUMENT_ROOT}" ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:DOCUMENT_ROOT}%{reqenv:SCRIPT_NAME}" #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:9018/var/www/clients/client1/web9/web/$1 SetHandler "proxy:fcgi://127.0.0.1:9018" RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE] # add support for apache mpm_itk AssignUserId web9 client1 # Do not execute PHP files in webdav directory SecRuleRemoveById 960015 SecRuleRemoveById 960032 SetHandler None DavLockDB /var/www/clients/client1/web9/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END # skipping apache_directives, as that will be handled by the ssl vhost DocumentRoot /var/www/clients/client1/web9/web ServerName DOMAIN.TLD ServerAlias www.DOMAIN.TLD ServerAdmin webmaster@DOMAIN.TLD Protocols h2 http/1.1 AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml application/xml+rss application/atom+xml application/json application/x-font-ttf application/vnd.ms-fontobject image/x-icon ErrorLog /var/log/ispconfig/httpd/DOMAIN.TLD/error.log SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # # Header always add Strict-Transport-Security "max-age=15768000" # SSLCertificateFile /var/www/clients/client1/web9/ssl/DOMAIN.TLD-le.crt SSLCertificateKeyFile /var/www/clients/client1/web9/ssl/DOMAIN.TLD-le.key SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off # Clear PHP settings of this website SetHandler None Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # Clear PHP settings of this website SetHandler None Options +SymlinksIfOwnerMatch AllowOverride All Require all granted # suexec enabled SuexecUserGroup web9 client1 Require all granted SetHandler php-fcgi SetHandler php-fcgi Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client1/web9/cgi-bin/php-fcgi-138.201.190.45-443-DOMAIN.TLD FastCgiExternalServer /var/www/clients/client1/web9/cgi-bin/php-fcgi-138.201.190.45-443-DOMAIN.TLD -idle-timeout 300 -host 127.0.0.1:9018 -pass-header Authorization -pass-header Content-Type = 2.4.26> ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web" ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}" ProxyFCGISetEnvIf "true" HOME "%{reqenv:DOCUMENT_ROOT}" ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:DOCUMENT_ROOT}%{reqenv:SCRIPT_NAME}" #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:9018/var/www/clients/client1/web9/web/$1 SetHandler "proxy:fcgi://127.0.0.1:9018" RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] # add support for apache mpm_itk AssignUserId web9 client1 # Do not execute PHP files in webdav directory SecRuleRemoveById 960015 SecRuleRemoveById 960032 SetHandler None DavLockDB /var/www/clients/client1/web9/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END DocumentRoot /var/www/clients/client1/web9/web/public SSLStaplingCache shmcb:/var/run/ocsp(128000)