Friday, March 10, 2017

SSL Configuration for Apache


openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr

Put below settings in /etc/apache2/sites-enabled/default_ssl and change necessary settings.


< IfModule mod_ssl.c>
< VirtualHost _default_:443>
    ServerAdmin webmaster@localhost
        ServerName domain.com
       
        DocumentRoot /home/ubuntu/folder_name

        <Directory /home/ubuntu/folder_name>
            Options FollowSymLinks
           AllowOverride All
           Require all granted
       </Directory>

        ErrorLog /var/log/apache2/domainname.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/domainname.log combined

        SSLEngine on

        SSLCertificateFile    /etc/ssl/certs/domainname.com.crt
        SSLCertificateKeyFile /etc/ssl/private/domainname.com.key
        SSLCertificateChainFile /etc/ssl/certs/gs_intermediate_ca.crt
        SSLCertificateChainFile /etc/ssl/certs/domainname.com.ca-bundle

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        #   SSL Protocol Adjustments:
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

## For Vulnerability
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS!RC4


< /VirtualHost>
< /IfModule>

2 comments:

  1. What does the minimum deposit amount for Slots at casinos? - TrickToAction
    Slots are also commonly 먹튀폴리스 스포츠중계 벳무브 referred to as regular casino slots, and a progressive 토토365 jackpot slot 야구 분석 with the 배트맨토토 highest 넷마블머니상 house edge is not found among slot-related slots.

    ReplyDelete
  2. They already restrict what you can to|you presumably can} win in free spins, but no want to fret about the $100 max, your fortunate to get $3 on free spins. Jackpot City uses top-notch software provided 카지노사이트.online by variety of the} industry’s finest and biggest developers. It has partnered with Microgaming, Evolution Gaming, and others. Several on line casino websites listed in our reviews might not be obtainable in your area.

    ReplyDelete