「Apache」:修訂間差異

出自Gea-Suan Lin's Wiki
跳至導覽 跳至搜尋
本頁面具有訪問限制。如果您看見此訊息,這代表您沒有訪問本頁面的權限。
行 28: 行 28:


=== VirtualHost ===
=== VirtualHost ===
先用<code>a2enmod headers</code>啟用headers模組。
 這邊設定將HTTP導去HTTPS:
 這邊設定將HTTP導去HTTPS:
<pre>
<pre>

於 2018年8月8日 (三) 12:50 的修訂

Apache是一套網頁伺服器軟體。

設定

SSL

先用a2enmod ssl啟動SSL模組。

Cipher

/etc/apache2/conf-available/sslciphersuite.conf內設定: 

#
SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1
SSLHonorCipherOrder On

接著用a2enconf sslciphersuite啟動。

SSL Stapling

/etc/apache2/conf-available/sslstapling.conf內設定: 

#
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

接著用a2enconf sslstapling啟動。

VirtualHost

先用a2enmod headers啟用headers模組。

這邊設定將HTTP導去HTTPS: 

<VirtualHost *:80>
    ServerName example.com:80

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined

    Redirect / https://example.com/
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example.com:80

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined

    Redirect / https://www.example.com/
</VirtualHost>

以及HTTPS站台導去有www的網站: 

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName example.com:443

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
    Redirect / https://www.example.com/
</VirtualHost>

最後是本體: 

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName www.example.com:443

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>

外部連結

取自「https://wiki.gslin.org/index.php?title=Apache&oldid=909