Apache:修订间差异
跳到导航
跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
(→設定) |
|||
第38行: | 第38行: | ||
Redirect / https://example.com/ | Redirect / https://example.com/ | ||
</VirtualHost> | |||
</pre> | |||
以及HTTPS站台導去有<code>www</code>的網站: | |||
<pre> | |||
<VirtualHost *:443> | |||
Protocols h2 http/1.1 | |||
ServerName example.com:443 | |||
DocumentRoot /srv/example.com/public | |||
ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log | |||
CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined | |||
SSLEngine on | |||
SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem | |||
SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem | |||
SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem | |||
Header always set Strict-Transport-Security "max-age=31536000" | |||
Redirect / https://www.example.com/ | |||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> |
2018年8月8日 (三) 12:43的版本
Apache是一套网页服务器软件。
设定
SSL
先用a2enmod ssl
启动SSL模组。
Cipher
在/etc/apache2/conf-available/sslciphersuite.conf
内设定:
# SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1 SSLHonorCipherOrder On
接着用a2enconf sslciphersuite
启动。
SSL Stapling
在/etc/apache2/conf-available/sslstapling.conf
内设定:
# SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
接着用a2enconf sslstapling
启动。
VirtualHost
这边设定将example.com
导去HTTPS:
<VirtualHost *:80> ServerName example.com:80 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com-error.log CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined Redirect / https://example.com/ </VirtualHost>
以及HTTPS站台导去有www
的网站:
<VirtualHost *:443> Protocols h2 http/1.1 ServerName example.com:443 DocumentRoot /srv/example.com/public ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined SSLEngine on SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem Header always set Strict-Transport-Security "max-age=31536000" Redirect / https://www.example.com/ </VirtualHost>
外部链接
- 官方网站 (英文)