18
0
Fork 0

add minimale directives for apache

This commit is contained in:
btatu 2017-05-09 13:57:54 +02:00
parent 77497a2843
commit 26d3d9b3c2
1 changed files with 15 additions and 1 deletions

View File

@ -55,7 +55,12 @@ Note : sous Debian, pour regénérer le certificat *snakeoil* (certificat autog
~~~
# make-ssl-cert generate-default-snakeoil --force-overwrite
~~~
~~~ SSLEngine on
SSLCertificateFile /etc/apache2/ssl/secure.crt
SSLCertificateKeyFile /etc/apache2/ssl/secure.key
# On désactive certaines prises en charge de protocole
SSLProtocol All -SSLv2 -SSLv3
### Générer un certificat multi-domaines avec subjectAltName
@ -371,6 +376,15 @@ SSLStaplingCache shmcb:/var/log/apache2/ssl_staplingcache(2048000)
Header always set Strict-Transport-Security "max-age=15552000"
~~~
Voici une configuration minimale :
~~~{.apache}
SSLEngine on
SSLCertificateFile /etc/ssl/certs/secure.crt
SSLCertificateKeyFile /etc/ssl/private/secure.key
SSLProtocol All -SSLv2 -SSLv3
~~~
#### Configuration Nginx
En pratique avec Nginx (sous Debian 8), voici une configuration SSL avancée :