Apache

来自Gea-Suan Lin's Wiki
Gslin讨论 | 贡献2018年8月9日 (四) 10:46的版本 設定
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳到导航 跳到搜索

Apache是一套网页服务器软件。

设定

Rewrite

把mod_rewrite开起来(现在大多数的情况应该都会用到):

$ sudo a2enmod rewrite
$ sudo service apache2 restart

SSL

先启动启动SSL模组:

$ sudo a2enmod ssl
$ sudo service apache2 restart

Cipher

/etc/apache2/conf-available/sslciphersuite.conf内设定:

#
SSLCipherSuite CHACHA20+ECDHE:AESGCM+ECDHE:AES+ECDHE:CAMELLIA+ECDHE:!ADH:!AECDH:!DSS:!ECDSA:!MD5:!SHA1
SSLHonorCipherOrder On

接着用a2enconf sslciphersuite启动。

SSL Stapling

/etc/apache2/conf-available/sslstapling.conf内设定:

#
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

接着用a2enconf sslstapling启动。

VirtualHost

先启动header模组:

$ sudo a2enmod headers
$ sudo service apache2 restart

这边设定将HTTP导去HTTPS:

<VirtualHost *:80>
    ServerName example.com:80

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined

    Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName www.example.com:80

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com-access.log combined

    Redirect / https://www.example.com/
</VirtualHost>

以及HTTPS站台导去有www的网站:

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName example.com:443

    DocumentRoot /srv/example.com/public
    ErrorLog ${APACHE_LOG_DIR}/example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
    Redirect / https://www.example.com/
</VirtualHost>

最后是本体:

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName www.example.com:443

    DocumentRoot /srv/www.example.com/public
    ErrorLog ${APACHE_LOG_DIR}/www.example.com_ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/www.example.com_ssl-access.log combined

    SSLEngine on
    SSLCertificateFile /etc/dehydrated/certs/www.example.com/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/www.example.com/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/www.example.com/chain.pem

    Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>

外部链接