# Redirection of port 80 to port 443
ServerName redmine.contoso.com
KeepAlive Off
RewriteEngine On
#RewriteCond %{HTTP_HOST} ^[^\./]+\.[^\./]+$
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
## Enable Strict Transport: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Header add Strict-Transport-Security "max-age=15768000"
NameVirtualHost *:443
ServerName redmine.contoso.com
ServerAdmin postmaster@redmine.contoso.com
ServerName redmine.contoso.com:443
# Enable SSL with Perfect Forward Secrecy
SSLEngine on
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
SSLCertificateFile /etc/apache2/ssl/redmine.crt
SSLCertificateKeyFile /etc/apache2/ssl/redmine.key
## Enable Strict Transport: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Header add Strict-Transport-Security "max-age=15768000"
## SSL Stapling, more at: https://www.insecure.ws/2013/10/11/ssltls-configuration-for-apache-mod_ssl/
# SSLUseStapling on
# SSLStaplingResponderTimeout 5
# SSLStaplingReturnResponderErrors off
# SSLStaplingCache shmcb:/var/run/ocsp(128000)
DocumentRoot /opt/redmine/current/public/
## Passenger Configuration
## Details at http://www.modrails.com/documentation/Users%20guide%20Apache.html
PassengerMinInstances 6
PassengerMaxPoolSize 20
RailsBaseURI /
PassengerAppRoot /opt/redmine/current
# Speeds up spawn time tremendously -- if your app is compatible.
# RMagick seems to be incompatible with smart spawning
RailsSpawnMethod smart
# Keep the application instances alive longer. Default is 300 (seconds)
PassengerPoolIdleTime 1000
# Keep the spawners alive, which speeds up spawning a new Application
# listener after a period of inactivity at the expense of memory.
RailsAppSpawnerIdleTime 3600
# Additionally keep a copy of the Rails framework in memory. If you're
# using multiple apps on the same version of Rails, this will speed up
# the creation of new RailsAppSpawners. This isn't necessary if you're
# only running one or 2 applications, or if your applications use
# different versions of Rails.
PassengerMaxPreloaderIdleTime 0
# Just in case you're leaking memory, restart a listener
# after processing 5000 requests
PassengerMaxRequests 5000
# only check for restart.txt et al up to once every 5 seconds,
# instead of once per processed request
PassengerStatThrottleRate 5
# If user switching support is enabled, then Phusion Passenger will by default run the web application as the owner if the file config/environment.rb (for Rails apps) or config.ru (for Rack apps). This option allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of environment.rb/config.ru.
PassengerUser www-data
PassengerGroup www-data
# By default, Phusion Passenger does not start any application instances until said web application is first accessed. The result is that the first visitor of said web application might experience a small delay as Phusion Passenger is starting the web application on demand. If that is undesirable, then this directive can be used to pre-started application instances during Apache startup.
PassengerPreStart https://localhost
Options Indexes FollowSymLinks -MultiViews
AllowOverride All
Order allow,deny
allow from all
PerlLoadModule Apache2::Redmine
AddOutputFilter DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
ErrorLog ${APACHE_LOG_DIR}/redmine.error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/redmine.access.log combined
ServerSignature Off