Uživatelské nástroje

Nástroje pro tento web


httpd-secure

HTTPD secure

Konfigurace SSL VirtualHost HTTPD Apache 2.4

/etc/httpd/conf.d/example.com.conf
<VirtualHost *:443>
  ServerName example.com
  DocumentRoot /data/www/example.com/www
  ServerAdmin admin@example.com
  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  # Prefer PFS, allow TLS, avoid SSL, for IE8 on XP still allow 3DES
  SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+AESGCM EECDH EDH+AESGCM EDH+aRSA HIGH !MEDIUM !LOW !aNULL !eNULL !LOW !RC4 !MD5 !EXP !PSK !SRP !DSS"
  SSLCompression Off  
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  # Header always set X-Frame-Options SAMEORIGIN
  Header always set X-Frame-Options DENY
  SSLCertificateFile /etc/pki/tls/certs/example.com.crt
  SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
  SSLCACertificateFile /etc/pki/tls/certs/example.com.pem
  ErrorLog logs/example.com-error_log
  CustomLog logs/example.com-access_log common
  <Directory  "/data/www/example.com/www">
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>

Test

Mělo by být dosaženo známky bezpečnosti A+.

httpd-secure.txt · Poslední úprava: 2017/05/11 10:34 autor: blazek