Created
October 13, 2015 23:33
-
-
Save duan-li/1d5cf77533a1c616ac56 to your computer and use it in GitHub Desktop.
setup apache2 SSL based on TLS 1.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_ssl.c> | |
| <VirtualHost *:443> | |
| ServerAdmin webmaster@localhost | |
| ServerName domain.com.au | |
| DocumentRoot /path-to-www | |
| SuexecUserGroup web-data web-data | |
| #LogLevel info ssl:warn | |
| ErrorLog ${APACHE_LOG_DIR}/error-ssl-html.log | |
| CustomLog ${APACHE_LOG_DIR}/access-ssl-html.log combined | |
| SSLEngine on | |
| SSLCertificateFile /path-to-ssl/sdfasdfa8c.crt | |
| SSLCertificateKeyFile /path-to-ssl/website.key | |
| SSLCertificateChainFile /path-to-ssl/gd_bundle.crt | |
| #SSLVerifyClient require | |
| #SSLVerifyDepth 10 | |
| <Directory /path-to-www> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| Require all granted | |
| </Directory> | |
| #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire | |
| <FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
| SSLOptions +StdEnvVars | |
| </FilesMatch> | |
| <Directory /usr/lib/cgi-bin> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| BrowserMatch "MSIE [2-6]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | |
| </VirtualHost> | |
| </IfModule> | |
| # vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment