Server Installation/Apache: Unterschied zwischen den Versionen
Aus Opennet
(→HTTP/2) |
|||
Zeile 157: | Zeile 157: | ||
* Apache neu starten: | * Apache neu starten: | ||
systemctl restart apache2 | systemctl restart apache2 | ||
+ | * Kontrolle: | ||
+ | curl -vso /dev/null --http2 https://<site> | ||
+ | ... | ||
+ | * Using HTTP2, server supports multi-use | ||
+ | * Connection state changed (HTTP/2 confirmed) | ||
+ | * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 | ||
+ | * Using Stream ID: 1 (easy handle 0x7ffa00805200) | ||
+ | > GET / HTTP/2 | ||
+ | ... | ||
[[Kategorie:Server]] | [[Kategorie:Server]] |
Version vom 18. Januar 2019, 11:21 Uhr
Protokoll | Host | VHost/Path | Service | Bemerkung |
---|---|---|---|---|
HTTPS | www | *opennet-initiative.de/transfer | WebDAV | Umziehen? Ehem. transfer., webdav. existiert |
HTTP(S) | www | www.opennet-initiative.de/ | Redirect -> wiki | |
HTTP(S) | www | www.opennet-initiative.de/download | Download | OK. |
HTTP(S) | www | www.opennet-initiative.de/gallery/ | Gallery Rewrite | |
HTTP(S) | www | www.opennet-initiative.de/graphen/ | Graph Rewrite | |
HTTP(S) | www | list.opennet-initiative.de | Mailman Rewrite | |
HTTP(S) | www | mail.opennet-initiative.de/mail | ?? | |
HTTP(S) | www | mail.opennet-initiative.de/service | ?? | |
HTTP(S) | www | olsr.opennet-initiative.de | SSID Rewrite | Löschen? |
HTTP(S) | www | www.opennet-initiative.de/forum | Forum Rewrite | Löschen |
HTTP(S) | wiki | wiki.opennet-initiative.de/wiki/ | MediaWiki Rewrite |
Werkzeuge
- apachectl configcheck - Überprüfung der Konfiguration (sinnvoll vor dem Neustart vom Apache Dienst)
Default Config
- /etc/apache2/ports.conf
Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
- /etc/apache2/conf-enabled/security.conf
ServerTokens Prod ServerSignature Off TraceEnable Off
- /etc/apache2/mods-enabled/ssl.conf
SSLProtocol all -SSLv2 -SSLv3
- /etc/apache2/sites-enabled/000-default
<VirtualHost *:80> ServerAdmin admin@opennet-initiative.de DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- /etc/apache2/sites-enabled/001-default-ssl
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@opennet-initiative.de DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/<servername>.opennet-initiative.de_certchain.crt SSLCertificateKeyFile /etc/ssl/private/<servername>.opennet-initiative.de.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
HTTP/2
- Modul Apache HTTP/2 aktivieren:
a2enmod http2
- Protokoll für HTTPS Site aktivieren:
<VirtualHost *:443> Protocols h2 h2c http/1.1 ...
- Apache neu starten:
systemctl restart apache2
- Kontrolle:
curl -vso /dev/null --http2 https://<site> ... * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7ffa00805200) > GET / HTTP/2 ...