...
Info |
---|
All the SSL entries are derived from etc/apache2/sites-available/default-ssl. Read the comments in that file for a more in depth understanding of the configurations. |
First we create the file,
Code Block | ||
---|---|---|
| ||
cd /etc/apache2/sites-available
sudo cp default-ssl www.earth.com-ssl |
Building upon the work in BonsaiFramework Apache Virtual Hosting, below are the minimal recommend lines to enable SSL.
Code Block | ||||
---|---|---|---|---|
| ||||
<IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName www.myrapham.com ServerAlias myrapham.com # Enforce www in front of url. RewriteEngine On RewriteCond %{HTTP_HOST} !^www\.myrapham\.com$ [NC] RewriteRule (.*) https://www.myrapham.com$1 [R,L] DocumentRoot /home/www.myrapham.com/www <Directory /> # This prevents use of .htaccess AllowOverride None </Directory> ErrorLog /var/log/apache2/ssl_www.myrapham.com.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/ssl_ww.myrapham.com.access.log combined # Mount application on Tomcat JkMount /wiki/* tomcat_confluence_a_worker JkMount /wiki tomcat_confluence_a_worker <Location /wiki/> FilterDeclare filter_string_replace FilterProvider filter_string_replace SUBSTITUTE resp=Content-Type $text/html Substitute "s/www.breakitdown.ca/www.myrapham.com/ni" Substitute "s/Break It Down/www.myrapham.com/n" FilterChain filter_string_replace Redirect permanent /wiki/dashboard.action https://www.myrapham.com/wiki/display/myra/Home Redirect permanent /wiki/display/myrahouse/Home https://www.myrapham.com/wiki/display/myra/Home </Location> # --------------------- # Start Enable SSL # ----------------- # # SSL Engine Switch: # # Enable/Disable SSL for this virtual host. SSLEngine on # Load the keys SSLCertificateFile /etc/ssl/certs/www.myrapham.com_server.crt SSLCertificateKeyFile /etc/ssl/private/www.myrapham.com_server.key # Load the Certificate chain SSLCertificateChainFile /etc/ssl/certs/StartSSL_Sub_Class1_CA.pem # Loads all Certificate Authorities in the provided path SSLCACertificatePath /etc/ssl/certs/ # SSL Engine Options <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown # ----------------- # End Enable SSL # --------------------- </VirtualHost> </IfModule> |
...