diff options
| author | nodiscc <nodiscc@gmail.com> | 2020-08-15 19:59:34 +0200 |
|---|---|---|
| committer | nodiscc <nodiscc@gmail.com> | 2020-09-12 14:31:45 +0200 |
| commit | f3ab2616314834508c36b5e97406572ecd9af7a4 (patch) | |
| tree | 68c8d4ebacb2bda8f1413fb96b8aaf1c2cd4fcd6 /doc | |
| parent | 38d66e1a40c20678e34408a069a615928d2c244c (diff) | |
| download | Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.tar.gz Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.tar.zst Shaarli-f3ab2616314834508c36b5e97406572ecd9af7a4.zip | |
doc: apache: add example configuration for mod_md
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/md/Server-configuration.md | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index d32cc786..73e23886 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md | |||
| @@ -128,20 +128,22 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
| 128 | ServerName shaarli.mydomain.org | 128 | ServerName shaarli.mydomain.org |
| 129 | DocumentRoot /var/www/shaarli.mydomain.org/ | 129 | DocumentRoot /var/www/shaarli.mydomain.org/ |
| 130 | 130 | ||
| 131 | # Redirect HTTP requests to HTTPS | 131 | # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests |
| 132 | RewriteEngine on | 132 | RewriteEngine on |
| 133 | RewriteRule ^.well-known/acme-challenge/ - [L] | 133 | RewriteRule ^.well-known/acme-challenge/ - [L] |
| 134 | # except for Let's Encrypt ACME challenge requests | ||
| 135 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org | 134 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org |
| 136 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] | 135 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] |
| 136 | # If you are using mod_md, use this instead | ||
| 137 | #MDCertificateAgreement accepted | ||
| 138 | #MDContactEmail admin@shaarli.mydomain.org | ||
| 139 | #MDPrivateKeys RSA 4096 | ||
| 137 | </VirtualHost> | 140 | </VirtualHost> |
| 138 | 141 | ||
| 139 | <VirtualHost *:443> | 142 | <VirtualHost *:443> |
| 140 | ServerName shaarli.mydomain.org | 143 | ServerName shaarli.mydomain.org |
| 141 | DocumentRoot /var/www/shaarli.mydomain.org/ | 144 | DocumentRoot /var/www/shaarli.mydomain.org/ |
| 142 | 145 | ||
| 143 | # SSL/TLS configuration (for Let's Encrypt certificates) | 146 | # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone |
| 144 | # If certificates were acquired from certbot standalone | ||
| 145 | SSLEngine on | 147 | SSLEngine on |
| 146 | SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem | 148 | SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem |
| 147 | SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem | 149 | SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem |
| @@ -152,6 +154,9 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |||
| 152 | SSLSessionTickets off | 154 | SSLSessionTickets off |
| 153 | SSLOptions +StrictRequire | 155 | SSLOptions +StrictRequire |
| 154 | 156 | ||
| 157 | # SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md | ||
| 158 | #MDomain shaarli.mydomain.org | ||
| 159 | |||
| 155 | # SSL/TLS configuration (for self-signed certificates) | 160 | # SSL/TLS configuration (for self-signed certificates) |
| 156 | #SSLEngine on | 161 | #SSLEngine on |
| 157 | #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | 162 | #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem |