「Apache」:修訂間差異
跳至導覽
跳至搜尋
| 第28行: | 第28行: | ||
=== VirtualHost === | === VirtualHost === | ||
這邊設定 | 這邊設定將HTTP導去HTTPS: | ||
<pre> | <pre> | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
| 第38行: | 第38行: | ||
Redirect / https://example.com/ | Redirect / https://example.com/ | ||
</VirtualHost> | |||
</pre> | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName www.example.com:80 | |||
DocumentRoot /srv/www.example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log | |||
CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined | |||
Redirect / https://www.example.com/ | |||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> | ||
| 第58行: | 第70行: | ||
Header always set Strict-Transport-Security "max-age=31536000" | Header always set Strict-Transport-Security "max-age=31536000" | ||
Redirect / https://www.example.com/ | Redirect / https://www.example.com/ | ||
</VirtualHost> | |||
</pre> | |||
最後是本體: | |||
<pre> | |||
<VirtualHost *:443> | |||
Protocols h2 http/1.1 | |||
ServerName www.example.com:443 | |||
DocumentRoot /srv/www.example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log | |||
CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined | |||
SSLEngine on | |||
SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem | |||
SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem | |||
SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem | |||
Header always set Strict-Transport-Security "max-age=31536000" | |||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> | ||
於 2018年8月8日 (三) 12:45 的修訂
Apache是一套網頁伺服器軟體。
設定
SSL
先用a2enmod ssl啟動SSL模組。
Cipher
在/etc/apache2/conf-available/sslciphersuite.conf內設定:
# SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1 SSLHonorCipherOrder On
接著用a2enconf sslciphersuite啟動。
SSL Stapling
在/etc/apache2/conf-available/sslstapling.conf內設定:
# SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
接著用a2enconf sslstapling啟動。
VirtualHost
這邊設定將HTTP導去HTTPS:
<VirtualHost *:80>
ServerName example.com:80
DocumentRoot /srv/example.com/public
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com:80
DocumentRoot /srv/www.example.com/public
ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log
CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined
Redirect / https://www.example.com/
</VirtualHost>
以及HTTPS站台導去有www的網站:
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName example.com:443
DocumentRoot /srv/example.com/public
ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log
CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined
SSLEngine on
SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem
SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem
SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem
Header always set Strict-Transport-Security "max-age=31536000"
Redirect / https://www.example.com/
</VirtualHost>
最後是本體:
<VirtualHost *:443>
Protocols h2 http/1.1
ServerName www.example.com:443
DocumentRoot /srv/www.example.com/public
ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log
CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined
SSLEngine on
SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem
SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem
SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem
Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
外部連結
- 官方網站 (英文)