Obě strany předchozí revizePředchozí verze | Následující verzeObě strany příští revize |
en_installation:apache [2022/05/24 14:16] – kozak | en_installation:apache [2022/05/25 16:24] – kozak |
---|
</FilesMatch> | </FilesMatch> |
<Directory /usr/lib/cgi-bin> | <Directory /usr/lib/cgi-bin> |
SSLOptions +StdEnvVars | SSLOptions +StdEnvVars |
</Directory> | </Directory> |
ErrorLog ${APACHE_LOG_DIR}/error.log | ErrorLog ${APACHE_LOG_DIR}/error.log |
ProxyPassReverse / http://localhost:8080 | ProxyPassReverse / http://localhost:8080 |
SSLEngine on | SSLEngine on |
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 | SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 |
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDH-ECDSA-AES-128-GCM-SHA256:ECDH-RSA-AES-128-GCM-SHA2> | SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDH-ECDSA-AES-128-GCM-SHA256:ECDH-RSA-AES-128-GCM-SHA2> |
SSLHonorCipherOrder on | SSLHonorCipherOrder on |
ServerName **blockchain.yourDomain** | ServerName **blockchain.yourDomain** |
<FilesMatch "\.(cgi|shtml|phtml|php)$"> | <FilesMatch "\.(cgi|shtml|phtml|php)$"> |
SSLOptions +StdEnvVars | SSLOptions +StdEnvVars |
</FilesMatch> | </FilesMatch> |
<Directory /usr/lib/cgi-bin> | <Directory /usr/lib/cgi-bin> |
SSLOptions +StdEnvVars | SSLOptions +StdEnvVars |
</Directory> | </Directory> |
ErrorLog ${APACHE_LOG_DIR}/error.log | ErrorLog ${APACHE_LOG_DIR}/error.log |
</code> | </code> |
| |
* To **/etc/apache2/ports.conf** under **ssl_module** needs to be added ''Listen 3000'' for the gateway functionality | * The **blockchain.yourDomain.conf** configuration file needs to be included among the Apache configs |
| * ''sudo a2ensite blockchain.yourDomain'' |
| * To **/etc/apache2/ports.conf** under **ssl_module** needs to be added ''Listen 3000'' for the gateway functionality |
* In **/etc/apache2/sites-available/000-default.conf** it is advisable to add automatic redirect to https to the virtual host | * In **/etc/apache2/sites-available/000-default.conf** it is advisable to add automatic redirect to https to the virtual host |
* ''Redirect permanent / [[https://blockchain.vaseDomena|https://blockchain.yourDomain]]'' | * ''Redirect permanent / [[https://blockchain.vaseDomena|https://blockchain.yourDomain]]'' |
* Remember that you need to have SSL and MD modules enabled | * The following modules need to be enabled: |
* ''sudo a2enmod md'' | * ''sudo a2enmod rewrite'' |
* ''sudo a2enmod ssl'' | * ''sudo a2enmod ssl'' |
| * ''sudo a2enmod md'' |
| * ''sudo a2enmod proxy'' |
| * ''sudo a2enmod proxy_http'' |
| * sudo a2enmod http2 |
| * ''sudo a2enmod headers'' |
SSL certificates are automatically generated via the mod_md module built into Apache. If you want to add another domain for which certificates need to be generated (for example, your application running on a node under another domain), we recommend creating a new config, for example **application.yourDomain.conf** in /etc/apache2/sites-available/ and include it to Apache configs running the command ''sudo a2ensite application.yourDomain''. Then restart Apache ''sudo systemctl restart apache2'' and certificates should start to be generated for this domain on a regular basis. Config for an application running on local port 8083 should look like this: | SSL certificates are automatically generated via the mod_md module built into Apache. If you want to add another domain for which certificates need to be generated (for example, your application running on a node under another domain), we recommend creating a new config, for example **application.yourDomain.conf** in /etc/apache2/sites-available/ and include it to Apache configs running the command ''sudo a2ensite application.yourDomain''. Then restart Apache ''sudo systemctl restart apache2'' and certificates should start to be generated for this domain on a regular basis. Config for an application running on local port 8083 should look like this: |
<code> | <code> |
</FilesMatch> | </FilesMatch> |
<Directory /usr/lib/cgi-bin> | <Directory /usr/lib/cgi-bin> |
SSLOptions +StdEnvVars | SSLOptions +StdEnvVars |
</Directory> | </Directory> |
ErrorLog ${APACHE_LOG_DIR}/error.log | ErrorLog ${APACHE_LOG_DIR}/error.log |
ProxyPassReverse / http://localhost:8083/ | ProxyPassReverse / http://localhost:8083/ |
SSLEngine on | SSLEngine on |
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 | SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 |
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDH-ECDSA-AES-128-GCM-SHA256:ECDH-RSA-AES-128-GCM-SHA2> | SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDH-ECDSA-AES-128-GCM-SHA256:ECDH-RSA-AES-128-GCM-SHA2> |
SSLHonorCipherOrder on | SSLHonorCipherOrder on |
| |
</code> | </code> |
| |
| |
| |
| |