Last active
July 24, 2019 07:35
-
-
Save enqtran/bf3fabaae4d287ed35a49f610145240b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo yum install mod_ssl -y | |
| sudo yum install wget curl bc git socat -y | |
| yum install epel-release mod_ssl | |
| rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm | |
| yum --enablerepo=ius install git python27 python27-devel python27-pip python27- setuptools python27-virtualenv -y | |
| git clone https://github.com/letsencrypt/letsencrypt | |
| cd letsencrypt | |
| ./letsencrypt-auto --apache -d domain.org -d www.domain.org | |
| ./letsencrypt-auto certonly --webroot -w /var/www/html/domain/ -d domain.org | |
| ./letsencrypt-auto --apache -d domain.com -d www.domain.com | |
| ./letsencrypt-auto certonly --webroot -w /var/www/html/domain/ -d domain.org | |
| yum install crontabs -y | |
| yum install vixie-cron -y | |
| service crond start | |
| chkconfig crond on | |
| cd /etc/letsencrypt/ && ./certbot-auto renew --dry-run && /etc/init.d/apache2 restart | |
| ./certbot-auto certonly --standalone -d domain.org -d www.domain.org | |
| ./certbot-auto certonly --standalone -d domain.com -d www.domain.com | |
| crontab -e | |
| 0 0 * * 1 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart | |
| esc -> :i -> :w -> :q! | |
| ./certbot-auto renew | |
| certbot-auto certonly --standalone -d domain.com -d www.domain.com -d sub.domain.com -d sub2.domain.com --expand | |
| curl -I https://www.example.com | |
| * revoke ssl | |
| ./certbot-auto revoke --cert-path /etc/letsencrypt/archive/musicthienthan.com/cert1.pem | |
| Check ssl|: https://www.sslshopper.com/ssl-checker.html | |
| If you’re using Apache 2.4.8 or newer, it should be: | |
| SSLCertificateFile /etc/letsencrypt/live/www.domain.org/fullchain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.org/privkey.pem | |
| If it’s older, it should be: | |
| SSLCertificateFile /etc/letsencrypt/live/www.domain.org/cert.pem | |
| SSLCertificateChainFile /etc/letsencrypt/live/www.domain.org/chain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.org/privkey.pem |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| <IfModule ssl_module> | |
| SSLRandomSeed startup builtin | |
| SSLRandomSeed connect builtin | |
| </IfModule> | |
| ServerTokens Prod | |
| ServerSignature Off | |
| Include /etc/httpd/conf.d/*.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost _default_:80> | |
| DocumentRoot "/var/www/html" | |
| ServerName 103.9.79.74 | |
| ErrorLog /var/log/httpd/error_log | |
| CustomLog /var/log/httpd/access_log combined | |
| BrowserMatch ".*MSIE.*" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| <Directory "/home/phpmyadmin/public_html"> | |
| Order Allow,Deny | |
| Allow from all | |
| Options Indexes FollowSymLinks | |
| Require all granted | |
| RGroups daemon | |
| RMode config | |
| RUidGid phpmyadmin phpmyadmin | |
| </Directory> | |
| Alias /phpmyadmin /home/phpmyadmin/public_html | |
| </VirtualHost> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName www.domain.org | |
| DocumentRoot /var/www/html/domain | |
| ServerAlias domain.org | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| </Directory> | |
| RewriteEngine on | |
| RewriteCond %{SERVER_NAME} = www.domain.org.org [OR] | |
| RewriteCond %{SERVER_NAME} = domain.org.org | |
| RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | |
| </VirtualHost> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_ssl.c> | |
| <VirtualHost *:443> | |
| ServerName www.domain.org | |
| DocumentRoot /var/www/html/domain | |
| ServerAlias domain.org | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| Allow from all | |
| </Directory> | |
| Include /etc/letsencrypt/options-ssl-apache.conf | |
| SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem | |
| RewriteEngine On | |
| RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] | |
| RewriteRule ^(.*)$ https://%1$1 [R=301,L] | |
| </VirtualHost> | |
| </IfModule> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_expires.c> | |
| # Turn on the module. | |
| ExpiresActive on | |
| # Set the default expiry times. | |
| ExpiresDefault "access plus 2 days" | |
| ExpiresByType image/jpg "access plus 1 month" | |
| ExpiresByType image/gif "access plus 1 month" | |
| ExpiresByType image/jpeg "access plus 1 month" | |
| ExpiresByType image/png "access plus 1 month" | |
| ExpiresByType text/javascript "access plus 1 month" | |
| ExpiresByType application/javascript "access plus 1 month" | |
| ExpiresByType application/x-shockwave-flash "access plus 1 month" | |
| ExpiresByType text/css "now plus 1 month" | |
| ExpiresByType image/ico "access plus 1 month" | |
| ExpiresByType image/x-icon "access plus 1 month" | |
| ExpiresByType text/html "access plus 600 seconds" | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment