httpd-secure
Toto je starší verze dokumentu!
HTTPD secure
Konfigurace SSL VirtualHost HTTPD Apache 2.4
- /etc/httpd/conf.d/example.com.conf
<VirtualHost *:443> ServerName example.com DocumentRoot /data/www/example.com/www ServerAdmin admin@example.com SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder on # Prefer PFS, allow TLS, avoid SSL, for IE8 on XP still allow 3DES SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+AESGCM EECDH EDH+AESGCM EDH+aRSA HIGH !MEDIUM !LOW !aNULL !eNULL !LOW !RC4 !MD5 !EXP !PSK !SRP !DSS" # Prevent CRIME/BREACH compression attacks SSLCompression Off # Commit to HTTPS only traffic for at least 180 days Header add Strict-Transport-Security "max-age=15552000" SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/example.com.key SSLCACertificateFile /etc/pki/tls/certs/example.com.pem ErrorLog logs/example.com-error_log CustomLog logs/example.com-access_log common <Directory "/data/www/example.com/www"> AllowOverride All Require all granted </Directory> </VirtualHost>
Test
Mělo by být dosaženo známky bezpečnosti A+.
httpd-secure.1443275845.txt.bz2 · Poslední úprava: 2023/12/26 19:13 (upraveno mimo DokuWiki)