Differences
This shows you the differences between two versions of the page.
|
apache_ssl [2012/05/08 11:38] |
apache_ssl [2012/05/08 11:38] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Apache SSL ====== | ||
| + | * [[Apache]] | ||
| + | * [[Apache Security]] | ||
| + | * [[OpenSSL]] | ||
| + | * [[PCI Compliance]] | ||
| + | * [[SSL Certificates]] | ||
| + | |||
| + | ==== Configuration ==== | ||
| + | |||
| + | Install certificate files: | ||
| + | |||
| + | <code> | ||
| + | SSLCertificateFile /etc/ssl/certs/domain.com.crt | ||
| + | SSLCertificateKeyFile /etc/ssl/private/private.key | ||
| + | SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle | ||
| + | </code> | ||
| + | |||
| + | A bare-bones SSL-enabled VirtualHost entry: | ||
| + | |||
| + | <code> | ||
| + | Listen 443 | ||
| + | <VirtualHost _default_:443> | ||
| + | ServerName domain.com | ||
| + | DocumentRoot /var/www/localhost/htdocs | ||
| + | <Directory "/var/www/localhost/htdocs"> | ||
| + | Options Indexes FollowSymLinks | ||
| + | AllowOverride All | ||
| + | Order allow,deny | ||
| + | Allow from all | ||
| + | </Directory> | ||
| + | SSLEngine on | ||
| + | SSLProtocol -all +SSLv3 +TLSv1 | ||
| + | SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM | ||
| + | SSLCertificateFile /etc/ssl/certs/domain.com.crt | ||
| + | SSLCertificateKeyFile /etc/ssl/private/private.key | ||
| + | SSLCertificateChainFile /etc/ssl/certs/domain.com.cabundle | ||
| + | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
| + | SSLOptions +StdEnvVars | ||
| + | </FilesMatch> | ||
| + | <Directory "/var/www/localhost/cgi-bin"> | ||
| + | SSLOptions +StdEnvVars | ||
| + | </Directory> | ||
| + | BrowserMatch ".*MSIE.*" \ | ||
| + | nokeepalive ssl-unclean-shutdown \ | ||
| + | downgrade-1.0 force-response-1.0 | ||
| + | </VirtualHost> | ||
| + | </code> | ||
| + | |||
| + | === SSL Virtual Hosts === | ||
| + | |||
| + | In Ubuntu, Apache does not use Virtual Hosts by default. To change this, edit ''/etc/apache2/ports.conf'' and add ''NameVirtualHost *:443'' to the SSL config. | ||
| + | |||
| + | Then, in ''/etc/apache2/sites-available/default-ssl'' change VirtualHost directive from ''_default_:443'' to ''*:443'' | ||
| + | |||
| + | ==== Examples ==== | ||
| + | |||
| + | == Redirect site to HTTPS == | ||
| + | |||
| + | <code>RewriteEngine On | ||
| + | RewriteCond %{HTTPS} off | ||
| + | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}</code> | ||
