「Apache」:修訂間差異

出自Gea-Suan Lin's Wiki
跳至導覽 跳至搜尋
本頁面具有訪問限制。如果您看見此訊息,這代表您沒有訪問本頁面的權限。
 
(未顯示同一使用者於中間所作的 7 次修訂)
行 2: 行 2:


== 設定 ==
== 設定 ==
=== Rewrite ===
把mod_rewrite開起來(現在大多數的情況應該都會用到):
<syntaxhighlight lang="shell-session">
$ sudo a2enmod rewrite
$ sudo service apache2 restart
</syntaxhighlight>
=== SSL ===
=== SSL ===
 先 <code>a2enmod ssl</code> 啟動SSL模組。
 先 啟動啟動SSL模組:
 
<syntaxhighlight lang="shell-session">
$ sudo a2enmod ssl
$ sudo service apache2 restart
</syntaxhighlight>


==== Cipher ====
==== Cipher ====
行 10: 行 23:
<pre>
<pre>
#
#
SSLCipherSuite ECDH+AESGCM+AES256:DH+AESGCM+AES256:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES:DH+AES:ECDH+CHACHA20:DH+CHACHA20:ECDH+CAMELLIA:DH+CAMELLIA:!ADH:!AECDH:!DSS:!ECDSA:!MD5
SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1
SSLHonorCipherOrder On
SSLHonorCipherOrder On
</pre>
</pre>
行 26: 行 39:


 接著用<code>a2enconf sslstapling</code>啟動。
 接著用<code>a2enconf sslstapling</code>啟動。
=== VirtualHost ===
先啟動header模組:
<syntaxhighlight lang="shell-session">
$ sudo a2enmod headers
$ sudo service apache2 restart
</syntaxhighlight>
這邊設定將HTTP導去HTTPS:
<pre>
<VirtualHost *:80>
   ServerName example.com:80
   DocumentRoot /srv/example.com/public
   ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
   CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
   Redirect / https://example.com/
</VirtualHost>
</pre>
<pre>
<VirtualHost *:80>
   ServerName www.example.com:80
   DocumentRoot /srv/www.example.com/public
   ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log
   CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined
   Redirect / https://www.example.com/
</VirtualHost>
</pre>
以及HTTPS站台導去有<code>www</code>的網站:
<pre>
<VirtualHost *:443>
   Protocols h2 http/1.1
   ServerName example.com:443
   DocumentRoot /srv/example.com/public
   ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log
   CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined
   SSLEngine on
   SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem
   SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem
   SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem
   Header always set Strict-Transport-Security "max-age=31536000"
   Redirect / https://www.example.com/
</VirtualHost>
</pre>
最後是本體:
<pre>
<VirtualHost *:443>
   Protocols h2 http/1.1
   ServerName www.example.com:443
   DocumentRoot /srv/www.example.com/public
   ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log
   CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined
   SSLEngine on
   SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem
   SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem
   SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem
   Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
</pre>


== 外部連結 ==
== 外部連結 ==

於 2018年8月9日 (四) 10:46 的最新修訂

Apache是一套網頁伺服器軟體。

設定

Rewrite

把mod_rewrite開起來(現在大多數的情況應該都會用到):

$ sudo a2enmod rewrite
$ sudo service apache2 restart

SSL

先啟動啟動SSL模組:

$ sudo a2enmod ssl
$ sudo service apache2 restart

Cipher

/etc/apache2/conf-available/sslciphersuite.conf內設定:

#
SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1
SSLHonorCipherOrder On

接著用a2enconf sslciphersuite啟動。

SSL Stapling

/etc/apache2/conf-available/sslstapling.conf內設定:

#
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

接著用a2enconf sslstapling啟動。

VirtualHost

先啟動header模組:

$ sudo a2enmod headers
$ sudo service apache2 restart

這邊設定將HTTP導去HTTPS:

<VirtualHost *:80>
    ServerName example.com:80

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined

    Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName www.example.com:80

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined

    Redirect / https://www.example.com/
</VirtualHost>

以及HTTPS站台導去有www的網站:

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName example.com:443

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
    Redirect / https://www.example.com/
</VirtualHost>

最後是本體:

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName www.example.com:443

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>

外部連結