# Ensure mod_ssl is loaded
LoadModule ssl_module modules/mod_ssl.so

# Listen on port 443 for SSL
Listen 443

# NameVirtualHost for SSL
NameVirtualHost *:443

# Global SSL configuration
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

# Default SSL VirtualHost
<VirtualHost _default_:443>
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

# Custom SSL VirtualHost
<VirtualHost *:443>
    ServerAdmin admin@geumdo.net
    ServerName geumdo.net
    ServerAlias geumdo.net www.geumdo.net
    DocumentRoot /webFolder/geumdo
    ErrorLog /var/log/httpd/geumdo.net-error_log
    CustomLog /var/log/httpd/geumdo.net-access_log combined
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /webFolder/geumdo/ssl/2023/geumdo.net.crt
    SSLCertificateKeyFile /webFolder/geumdo/ssl/2023/geumdo.net.key
    SSLCACertificateFile /webFolder/geumdo/ssl/2023/TrustedRootG2.crt
    SSLCertificateChainFile /webFolder/geumdo/ssl/2023/DigiCertCAG1.crt

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    <Directory /webFolder/geumdo/>
        Order Allow,Deny
        Allow from all
        Deny from env=bad_bot
    </Directory>
</VirtualHost>