Apache2 : SSL/TLS Setting2019/01/25 |
Configure SSL/TLS setting to use secure encrypt HTTPS connection.
|
|
[1] | |
[2] | Configure Apache2 for SSL/TLS. |
www:~ # a2enmod ssl www:~ # a2enmod -l actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout php7
www:~ #
vi /etc/apache2/listen.conf # line 17: uncomment Listen 443
www:~ #
vi /etc/apache2/vhosts.d/default-ssl.conf # create new <VirtualHost *:443> DocumentRoot "/srv/www/htdocs" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile /etc/letsencrypt/live/www.srv.world/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.srv.world/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www.srv.world/chain.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> </VirtualHost> systemctl restart apache2 |
[3] | If you'd like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), configure each Virtualhost like follows. It's also OK to set it in [.htaccess] not in httpd.conf. |
www:~ # a2enmod rewrite www:~ # a2enmod -l actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout php7 rewrite
www:~ #
vi /etc/apache2/vhosts.d/defalt.site.conf
<VirtualHost *:80>
DocumentRoot /srv/www/htdocs
ServerName www.srv.world
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
www:~ # systemctl restart apache2 |
[4] | If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP. |
www:~ # firewall-cmd --add-service=https --permanent success www:~ # firewall-cmd --reload success |
[5] | Verify to access to the test page from a client computer with a Web browser via HTTPS. If you set Always On SSL/TLS, access with HTTP to verify the connection is redirected to HTTPS normally, too. |
Sponsored Link |
|