aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authornodiscc <nodiscc@gmail.com>2020-05-18 21:07:32 +0200
committernodiscc <nodiscc@gmail.com>2020-09-12 14:31:45 +0200
commitc84d1430472bac5c8f437f41b8e845b808acfdd2 (patch)
treeb1bd3b615a38e5ae8c08be93087f4405004d7b17
parent30255b794ab3ddfaf2e813d173b445800102d748 (diff)
downloadShaarli-c84d1430472bac5c8f437f41b8e845b808acfdd2.tar.gz
Shaarli-c84d1430472bac5c8f437f41b8e845b808acfdd2.tar.zst
Shaarli-c84d1430472bac5c8f437f41b8e845b808acfdd2.zip
apache: fix let's encrypt configuration , copy it directly from reference file
including options-ssl-apache.conf requires python3-certbot-apache which pulls a lot of dependencies
-rw-r--r--doc/md/Server-configuration.md9
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md
index b4dfc53d..70ae087a 100644
--- a/doc/md/Server-configuration.md
+++ b/doc/md/Server-configuration.md
@@ -77,7 +77,6 @@ sudo systemctl stop apache2
77sudo systemctl stop nginx 77sudo systemctl stop nginx
78 78
79# generate initial certificates - Let's Encrypt ACME servers must be able to access your server! 79# generate initial certificates - Let's Encrypt ACME servers must be able to access your server!
80# (DNS records must be correctly pointing to it, firewall/NAT on port 80/443 must be open)
81sudo certbot certonly --standalone --noninteractive --agree-tos --email "admin@shaarli.mydomain.org" -d shaarli.mydomain.org 80sudo certbot certonly --standalone --noninteractive --agree-tos --email "admin@shaarli.mydomain.org" -d shaarli.mydomain.org
82# this will generate a private key and certificate at /etc/letsencrypt/live/shaarli.mydomain.org/{privkey,fullchain}.pem 81# this will generate a private key and certificate at /etc/letsencrypt/live/shaarli.mydomain.org/{privkey,fullchain}.pem
83 82
@@ -150,7 +149,13 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
150 SSLEngine on 149 SSLEngine on
151 SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem 150 SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem
152 SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem 151 SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem
153 Include /etc/letsencrypt/options-ssl-apache.conf 152
153 # Let's Encrypt settings from https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
154 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
155 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
156 SSLHonorCipherOrder off
157 SSLSessionTickets off
158 SSLOptions +StrictRequire
154 159
155 # SSL/TLS configuration (for self-signed certificates) 160 # SSL/TLS configuration (for self-signed certificates)
156 #SSLEngine on 161 #SSLEngine on