ServerName FQDN ServerAdmin admin@blockbridge.com DocumentRoot /bb/www/html ErrorLog /bb/www/logs/error_log CustomLog /bb/www/logs/access_log common ProxyRequests off # by default, proxy all traffic to the API adapter SSLProxyEngine On SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off ProxyPass /api https://127.0.0.1:9000/api retry=0 timeout=300 ProxyPassReverse /api https://127.0.0.1:9000/api # ssl configuration SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCertificateFile CERT_PATH # SSLCertificateChainFile INTERMEDIATE_CERT_PATH SSLCertificateKeyFile PRIVATE_KEY_PATH SSLProxyCheckPeerName off Require all granted Require all granted Order deny,allow Allow from all Order deny,allow Allow from all # Use of ETag is discouraged when Last-Modified is present Header unset ETag FileETag None # RFC says only cache for 1 year ExpiresActive On ExpiresDefault "access plus 1 year" SetOutputFilter DEFLATE AddOutputFilterByType DEFLATE application/javascript RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule ^(.*)$ https://FQDN%{REQUEST_URI}