I broke my Apache 2.4 install and I need help!
@lbutlr
kremels at kreme.com
Mon Apr 2 23:06:23 UTC 2018
On 2018-04-02 (16:40 MDT), William Dudley <wfdudley at gmail.com> wrote:
>
> I've managed to get my apache install working without any SSL stuff
> running. That's progress.
This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf
<VirtualHost *:443>
ServerName oursite.example.net
DocumentRoot /usr/local/www/oursite
SSLEngine on
SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
# I am not sure this is needed or best for TLSv1.2, but it works for us
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;"
</VirtualHost>
--
Well I've seen the Heart of Darkness/Read the writing on the wall/and the
voice out in the desert/Was the voice out in the hall
More information about the freebsd-questions
mailing list