doc: apache: add example configuration for mod_md

This commit is contained in:
nodiscc 2020-08-15 19:59:34 +02:00
parent 38d66e1a40
commit f3ab261631

View file

@ -128,20 +128,22 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
ServerName shaarli.mydomain.org ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/ DocumentRoot /var/www/shaarli.mydomain.org/
# Redirect HTTP requests to HTTPS # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests
RewriteEngine on RewriteEngine on
RewriteRule ^.well-known/acme-challenge/ - [L] RewriteRule ^.well-known/acme-challenge/ - [L]
# except for Let's Encrypt ACME challenge requests
RewriteCond %{HTTP_HOST} =shaarli.mydomain.org RewriteCond %{HTTP_HOST} =shaarli.mydomain.org
RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent]
# If you are using mod_md, use this instead
#MDCertificateAgreement accepted
#MDContactEmail admin@shaarli.mydomain.org
#MDPrivateKeys RSA 4096
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <VirtualHost *:443>
ServerName shaarli.mydomain.org ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/ DocumentRoot /var/www/shaarli.mydomain.org/
# SSL/TLS configuration (for Let's Encrypt certificates) # SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone
# If certificates were acquired from certbot standalone
SSLEngine on SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem
@ -152,6 +154,9 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
SSLSessionTickets off SSLSessionTickets off
SSLOptions +StrictRequire SSLOptions +StrictRequire
# SSL/TLS configuration for Let's Encrypt certificates acquired with mod_md
#MDomain shaarli.mydomain.org
# SSL/TLS configuration (for self-signed certificates) # SSL/TLS configuration (for self-signed certificates)
#SSLEngine on #SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem