Apache:修订间差异
跳到导航
跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
(→首段) |
(→設定) |
||
(未显示同一用户的9个中间版本) | |||
第2行: | 第2行: | ||
== 設定 == | == 設定 == | ||
=== Rewrite === | |||
把mod_rewrite開起來(現在大多數的情況應該都會用到): | |||
<syntaxhighlight lang="shell-session"> | |||
$ sudo a2enmod rewrite | |||
$ sudo service apache2 restart | |||
</syntaxhighlight> | |||
=== SSL === | === SSL === | ||
先啟動啟動SSL模組: | |||
<syntaxhighlight lang="shell-session"> | |||
$ sudo a2enmod ssl | |||
$ sudo service apache2 restart | |||
</syntaxhighlight> | |||
==== Cipher ==== | ==== Cipher ==== | ||
在<code>/etc/apache2/conf-available/sslciphersuite.conf</code>內設定: | 在<code>/etc/apache2/conf-available/sslciphersuite.conf</code>內設定: | ||
第8行: | 第23行: | ||
<pre> | <pre> | ||
# | # | ||
SSLCipherSuite | SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1 | ||
SSLHonorCipherOrder On | SSLHonorCipherOrder On | ||
</pre> | </pre> | ||
接著 用<code>a2enconf sslciphersuite</code>啟動。 | |||
==== SSL Stapling ==== | ==== SSL Stapling ==== | ||
第21行: | 第36行: | ||
SSLUseStapling On | SSLUseStapling On | ||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" | SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" | ||
</pre> | |||
接著用<code>a2enconf sslstapling</code>啟動。 | |||
=== VirtualHost === | |||
先啟動header模組: | |||
<syntaxhighlight lang="shell-session"> | |||
$ sudo a2enmod headers | |||
$ sudo service apache2 restart | |||
</syntaxhighlight> | |||
這邊設定將HTTP導去HTTPS: | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName example.com:80 | |||
DocumentRoot /srv/example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log | |||
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined | |||
Redirect / https://example.com/ | |||
</VirtualHost> | |||
</pre> | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName www.example.com:80 | |||
DocumentRoot /srv/www.example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log | |||
CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined | |||
Redirect / https://www.example.com/ | |||
</VirtualHost> | |||
</pre> | |||
以及HTTPS站台導去有<code>www</code>的網站: | |||
<pre> | |||
<VirtualHost *:443> | |||
Protocols h2 http/1.1 | |||
ServerName example.com:443 | |||
DocumentRoot /srv/example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log | |||
CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined | |||
SSLEngine on | |||
SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem | |||
SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem | |||
SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem | |||
Header always set Strict-Transport-Security "max-age=31536000" | |||
Redirect / https://www.example.com/ | |||
</VirtualHost> | |||
</pre> | |||
最後是本體: | |||
<pre> | |||
<VirtualHost *:443> | |||
Protocols h2 http/1.1 | |||
ServerName www.example.com:443 | |||
DocumentRoot /srv/www.example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log | |||
CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined | |||
SSLEngine on | |||
SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem | |||
SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem | |||
SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem | |||
Header always set Strict-Transport-Security "max-age=31536000" | |||
</VirtualHost> | |||
</pre> | </pre> | ||
2018年8月9日 (四) 10:46的最新版本
Apache是一套网页服务器软件。
设定
Rewrite
把mod_rewrite开起来(现在大多数的情况应该都会用到):
$ sudo a2enmod rewrite
$ sudo service apache2 restart
SSL
先启动启动SSL模组:
$ sudo a2enmod ssl
$ sudo service apache2 restart
Cipher
在/etc/apache2/conf-available/sslciphersuite.conf
内设定:
# SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1 SSLHonorCipherOrder On
接着用a2enconf sslciphersuite
启动。
SSL Stapling
在/etc/apache2/conf-available/sslstapling.conf
内设定:
# SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
接着用a2enconf sslstapling
启动。
VirtualHost
先启动header模组:
$ sudo a2enmod headers
$ sudo service apache2 restart
这边设定将HTTP导去HTTPS:
<VirtualHost *:80> ServerName example.com:80 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com-error.log CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined Redirect / https://example.com/ </VirtualHost>
<VirtualHost *:80> ServerName www.example.com:80 DocumentRoot /srv/www.example.com/public ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined Redirect / https://www.example.com/ </VirtualHost>
以及HTTPS站台导去有www
的网站:
<VirtualHost *:443> Protocols h2 http/1.1 ServerName example.com:443 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined SSLEngine on SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem Header always set Strict-Transport-Security "max-age=31536000" Redirect / https://www.example.com/ </VirtualHost>
最后是本体:
<VirtualHost *:443> Protocols h2 http/1.1 ServerName www.example.com:443 DocumentRoot /srv/www.example.com/public ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined SSLEngine on SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem Header always set Strict-Transport-Security "max-age=31536000" </VirtualHost>
外部链接
- 官方网站 (英文)