From f3ab2616314834508c36b5e97406572ecd9af7a4 Mon Sep 17 00:00:00 2001 From: nodiscc Date: Sat, 15 Aug 2020 19:59:34 +0200 Subject: doc: apache: add example configuration for mod_md --- doc/md/Server-configuration.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index d32cc786..73e23886 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -128,20 +128,22 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf ServerName shaarli.mydomain.org DocumentRoot /var/www/shaarli.mydomain.org/ - # Redirect HTTP requests to HTTPS + # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests RewriteEngine on RewriteRule ^.well-known/acme-challenge/ - [L] - # except for Let's Encrypt ACME challenge requests RewriteCond %{HTTP_HOST} =shaarli.mydomain.org RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] + # If you are using mod_md, use this instead + #MDCertificateAgreement accepted + #MDContactEmail admin@shaarli.mydomain.org + #MDPrivateKeys RSA 4096 ServerName shaarli.mydomain.org DocumentRoot /var/www/shaarli.mydomain.org/ - # SSL/TLS configuration (for Let's Encrypt certificates) - # If certificates were acquired from certbot standalone + # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone SSLEngine on SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem @@ -152,6 +154,9 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf SSLSessionTickets off SSLOptions +StrictRequire + # SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md + #MDomain shaarli.mydomain.org + # SSL/TLS configuration (for self-signed certificates) #SSLEngine on #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem -- cgit v1.2.3