SLES 15
Sponsored Link

Apache2 : SSL/TLS Setting2019/01/25

 
Configure SSL/TLS setting to use secure encrypt HTTPS connection.
[1]
[2] Configure Apache2 for SSL/TLS.
www:~ #
a2enmod ssl

www:~ #
a2enmod -l

actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout php7

www:~ #
vi /etc/apache2/listen.conf
# line 17: uncomment

Listen 443
www:~ #
vi /etc/apache2/vhosts.d/default-ssl.conf
# create new

<VirtualHost *:443>
    DocumentRoot "/srv/www/htdocs"
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCertificateFile /etc/letsencrypt/live/www.srv.world/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.srv.world/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/www.srv.world/chain.pem
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/srv/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>

www:~ #
systemctl restart apache2

[3] If you'd like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), configure each Virtualhost like follows. It's also OK to set it in [.htaccess] not in httpd.conf.
www:~ #
a2enmod rewrite

www:~ #
a2enmod -l

actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout php7 rewrite

www:~ #
vi /etc/apache2/vhosts.d/defalt.site.conf
<VirtualHost *:80>
    DocumentRoot /srv/www/htdocs
    ServerName www.srv.world
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

www:~ #
systemctl restart apache2

[4] If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP.
www:~ #
firewall-cmd --add-service=https --permanent

success
www:~ #
firewall-cmd --reload

success
[5] Verify to access to the test page from a client computer with a Web browser via HTTPS. If you set Always On SSL/TLS, access with HTTP to verify the connection is redirected to HTTPS normally, too.
Matched Content