diff options
author | nodiscc <nodiscc@gmail.com> | 2020-08-15 19:59:34 +0200 |
---|---|---|
committer | nodiscc <nodiscc@gmail.com> | 2020-09-12 14:31:45 +0200 |
commit | f3ab2616314834508c36b5e97406572ecd9af7a4 (patch) | |
tree | 68c8d4ebacb2bda8f1413fb96b8aaf1c2cd4fcd6 | |
parent | 38d66e1a40c20678e34408a069a615928d2c244c (diff) | |
download | Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.tar.gz Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.tar.zst Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.zip |
doc: apache: add example configuration for mod_md
-rw-r--r-- | doc/md/Server-configuration.md | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index d32cc786..73e23886 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
@@ -128,20 +128,22 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
128 | ServerName shaarli.mydomain.org | 128 | ServerName shaarli.mydomain.org |
129 | DocumentRoot /var/www/shaarli.mydomain.org/ | 129 | DocumentRoot /var/www/shaarli.mydomain.org/ |
130 | 130 | ||
131 | # Redirect HTTP requests to HTTPS | 131 | # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests |
132 | RewriteEngine on | 132 | RewriteEngine on |
133 | RewriteRule ^.well-known/acme-challenge/ - [L] | 133 | RewriteRule ^.well-known/acme-challenge/ - [L] |
134 | # except for Let's Encrypt ACME challenge requests | ||
135 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org | 134 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org |
136 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] | 135 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] |
136 | # If you are using mod_md, use this instead | ||
137 | #MDCertificateAgreement accepted | ||
138 | #MDContactEmail admin@shaarli.mydomain.org | ||
139 | #MDPrivateKeys RSA 4096 | ||
137 | </VirtualHost> | 140 | </VirtualHost> |
138 | 141 | ||
139 | <VirtualHost *:443> | 142 | <VirtualHost *:443> |
140 | ServerName shaarli.mydomain.org | 143 | ServerName shaarli.mydomain.org |
141 | DocumentRoot /var/www/shaarli.mydomain.org/ | 144 | DocumentRoot /var/www/shaarli.mydomain.org/ |
142 | 145 | ||
143 | # SSL/TLS configuration (for Let's Encrypt certificates) | 146 | # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone |
144 | # If certificates were acquired from certbot standalone | ||
145 | SSLEngine on | 147 | SSLEngine on |
146 | SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem | 148 | SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem |
147 | SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem | 149 | SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem |
@@ -152,6 +154,9 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
152 | SSLSessionTickets off | 154 | SSLSessionTickets off |
153 | SSLOptions +StrictRequire | 155 | SSLOptions +StrictRequire |
154 | 156 | ||
157 | # SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md | ||
158 | #MDomain shaarli.mydomain.org | ||
159 | |||
155 | # SSL/TLS configuration (for self-signed certificates) | 160 | # SSL/TLS configuration (for self-signed certificates) |
156 | #SSLEngine on | 161 | #SSLEngine on |
157 | #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | 162 | #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem |