Apache
跳至導覽
跳至搜尋
Apache是一套網頁伺服器軟件。
設定
Rewrite
把mod_rewrite開起來(現在大多數的情況應該都會用到):
$ sudo a2enmod rewrite
$ sudo service apache2 restart
SSL
先啟動啟動SSL模組:
$ sudo a2enmod ssl
$ sudo service apache2 restart
Cipher
在/etc/apache2/conf-available/sslciphersuite.conf
內設定:
# SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1 SSLHonorCipherOrder On
接着用a2enconf sslciphersuite
啟動。
SSL Stapling
在/etc/apache2/conf-available/sslstapling.conf
內設定:
# SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
接着用a2enconf sslstapling
啟動。
VirtualHost
先啟動header模組:
$ sudo a2enmod headers
$ sudo service apache2 restart
這邊設定將HTTP導去HTTPS:
<VirtualHost *:80> ServerName example.com:80 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com-error.log CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined Redirect / https://example.com/ </VirtualHost>
<VirtualHost *:80> ServerName www.example.com:80 DocumentRoot /srv/www.example.com/public ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined Redirect / https://www.example.com/ </VirtualHost>
以及HTTPS站台導去有www
的網站:
<VirtualHost *:443> Protocols h2 http/1.1 ServerName example.com:443 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined SSLEngine on SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem Header always set Strict-Transport-Security "max-age=31536000" Redirect / https://www.example.com/ </VirtualHost>
最後是本體:
<VirtualHost *:443> Protocols h2 http/1.1 ServerName www.example.com:443 DocumentRoot /srv/www.example.com/public ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined SSLEngine on SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem Header always set Strict-Transport-Security "max-age=31536000" </VirtualHost>
外部連結
- 官方網站 (英文)