httpd.conf

- HTTP daemon configuration file

# cp /etc/examples/httpd.conf /etc

/etc/httpd.conf:

server "example.com" {
	listen on * port 80
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
	location * {
		block return 302 "https://$HTTP_HOST$REQUEST_URI"
	}
}

server "example.com" {
	listen on * tls port 443
	tls {
		certificate "/etc/ssl/example.com.fullchain.pem"
		key "/etc/ssl/private/example.com.key"
		ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA"
		dhe "none"
		ecdhe "P-384"
		ticket lifetime default
		protocols "TLSv1.2,TLSv1.3"
	}
	hsts {
		max-age 16000000
		preload
		subdomains
	}
	location "/pub/*" {
		directory auto index
	}
}

# rcctl -f restart httpd
# rcctl enable httpd