en_installation:apache
Rozdíly
Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.
Obě strany předchozí revizePředchozí verzeNásledující verze | Předchozí verze | ||
en_installation:apache [2022/05/24 12:22] – kozak | en_installation:apache [2024/04/17 11:32] (aktuální) – [Apache configuration] kozak | ||
---|---|---|---|
Řádek 1: | Řádek 1: | ||
- | Konfigurace | + | ====== |
- | Výchozí konfigurace Apache, kterou vytvoří instalace nodu se nachází v / | + | |
- | < | + | The default Apache configuration created by the node installation is located in **/ |
- | ServerAdmin mail pro Let's encrypt | + | < |
- | MDCertificateAgreement accepted\\ | + | ServerAdmin |
- | MDomain blockchain.vaseDomena\\ | + | MDCertificateAgreement accepted |
- | MDPrivateKeys RSA 4096\\ | + | MDomain |
+ | MDPrivateKeys RSA 4096 | ||
SSLStaplingCache shmcb:/ | SSLStaplingCache shmcb:/ | ||
- | < | + | < |
- | ServerName blockchain.vaseDomena\\ | + | ServerName |
- | < | + | < |
- | | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | < | + | < |
- | SSLOptions +StdEnvVars\\ | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | ErrorLog ${APACHE_LOG_DIR}/ | + | ErrorLog ${APACHE_LOG_DIR}/ |
- | CustomLog ${APACHE_LOG_DIR}/ | + | CustomLog ${APACHE_LOG_DIR}/ |
- | DocumentRoot / | + | DocumentRoot / |
- | ProxyPreserveHost On\\ | + | ProxyPreserveHost On |
- | ProxyRequests Off\\ | + | ProxyRequests Off |
- | ProxyPass /admin http:// | + | ProxyPass /admin http:// |
- | ProxyPass / http:// | + | ProxyPass / http:// |
- | ProxyPassReverse /admin http:// | + | ProxyPassReverse /admin http:// |
- | ProxyPassReverse / http:// | + | ProxyPassReverse / http:// |
- | SSLEngine on\\ | + | SSLEngine on |
- | SSLProtocol | + | SSLProtocol |
- | SSLCipherSuite | + | SSLCipherSuite |
- | SSLHonorCipherOrder | + | SSLHonorCipherOrder |
- | SSLCompression | + | SSLCompression |
- | SSLUseStapling | + | SSLUseStapling |
- | SSLStaplingResponderTimeout 5\\ | + | SSLStaplingResponderTimeout 5 |
- | SSLStaplingReturnResponderErrors off\\ | + | SSLStaplingReturnResponderErrors off |
- | Protocols h2 http/1.1\\ | + | Protocols h2 http/1.1 |
- | Header always set Strict-Transport-Security " | + | Header always set Strict-Transport-Security " |
- | Header always append X-Frame-Options SAMEORIGIN\\ | + | Header always append X-Frame-Options SAMEORIGIN |
- | Header always append X-Content-Type-Options nosniff\\ | + | Header always append X-Content-Type-Options nosniff |
- | Header always set X-Xss-Protection "1; mode=block" | + | Header always set X-Xss-Protection "1; mode=block" |
- | Header always set Referrer-Policy " | + | Header always set Referrer-Policy " |
- | Header set Content-Security-Policy " | + | Header set Content-Security-Policy " |
- | Header set Feature-Policy " | + | |
</ | </ | ||
- | < | + | < |
- | ServerName blockchain.vaseDomena\\ | + | ServerName |
- | < | + | < |
- | SSLOptions +StdEnvVars\\ | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | < | + | < |
- | SSLOptions +StdEnvVars\\ | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | ErrorLog ${APACHE_LOG_DIR}/ | + | ErrorLog ${APACHE_LOG_DIR}/ |
- | CustomLog ${APACHE_LOG_DIR}/ | + | CustomLog ${APACHE_LOG_DIR}/ |
- | ProxyPreserveHost On\\ | + | ProxyPreserveHost On |
- | ProxyRequests Off\\ | + | ProxyRequests Off |
- | ProxyPass / http:// | + | ProxyPass / http:// |
- | ProxyPassReverse / http:// | + | ProxyPassReverse / http:// |
- | SSLEngine on\\ | + | SSLEngine on |
- | SSLProtocol | + | SSLProtocol |
- | SSLCipherSuite | + | SSLCipherSuite |
- | SSLHonorCipherOrder | + | SSLHonorCipherOrder |
- | SSLCompression | + | SSLCompression |
- | SSLUseStapling | + | SSLUseStapling |
- | SSLStaplingResponderTimeout 5\\ | + | SSLStaplingResponderTimeout 5 |
- | SSLStaplingReturnResponderErrors off\\ | + | SSLStaplingReturnResponderErrors off |
- | Protocols h2 http/1.1\\ | + | Protocols h2 http/1.1 |
- | Header always set Strict-Transport-Security " | + | Header always set Strict-Transport-Security " |
- | Header always append X-Frame-Options SAMEORIGIN\\ | + | Header always append X-Frame-Options SAMEORIGIN |
- | Header always append X-Content-Type-Options nosniff\\ | + | Header always append X-Content-Type-Options nosniff |
- | Header always set X-Xss-Protection "1; mode=block" | + | Header always set X-Xss-Protection "1; mode=block" |
- | Header always set Referrer-Policy " | + | Header always set Referrer-Policy " |
- | Header set Content-Security-Policy " | + | Header set Content-Security-Policy " |
- | Header set Feature-Policy " | + | </ |
- | </ | + | </ |
- | </ | + | |
- | Dále se také do / | + | |
- | A do / | + | |
- | Redirect permanent / https:// | + | |
- | Nezapomeňte, | + | |
- | sudo a2enmod md\\ | + | |
- | sudo a2enmod ssl\\ | + | |
- | SSL certifikáty se automaticky generují přes mod_md modul zabudovaný v Apachi. Pokud chcete přidat další doménu, pro kterou je potřeba generovat certifikáty (například Vaše aplikace bežící na nodu pod jinou doménou), doporučujeme vytvořit nový config například aplikace.vaseDomena.conf v / | + | |
- | < | + | </ |
- | ServerAdmin mail pro Let's encrypt | + | * The **blockchain.yourDomain.conf** |
- | MDCertificateAgreement accepted\\ | + | * '' |
- | MDomain | + | * To **/ |
- | MDPrivateKeys RSA 4096\\ | + | * In **/ |
+ | * '' | ||
+ | * The following modules need to be enabled: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | SSL certificates are automatically generated via the mod_md module built into Apache. If you want to add another domain for which certificates need to be generated (for example, your application running on a node under another domain), we recommend creating a new config, for example **application.yourDomain.conf** | ||
+ | < | ||
+ | < | ||
+ | ServerAdmin | ||
+ | MDCertificateAgreement accepted | ||
+ | MDomain | ||
+ | MDPrivateKeys RSA 4096 | ||
SSLStaplingCache shmcb:/ | SSLStaplingCache shmcb:/ | ||
- | < | + | < |
- | ServerName | + | ServerName |
- | < | + | < |
- | | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | < | + | < |
- | SSLOptions +StdEnvVars\\ | + | SSLOptions +StdEnvVars |
- | </ | + | </ |
- | ErrorLog ${APACHE_LOG_DIR}/ | + | ErrorLog ${APACHE_LOG_DIR}/ |
- | CustomLog ${APACHE_LOG_DIR}/ | + | CustomLog ${APACHE_LOG_DIR}/ |
- | ProxyPreserveHost On\\ | + | ProxyPreserveHost On |
- | ProxyRequests Off\\ | + | ProxyRequests Off |
- | ProxyPass / http:// | + | ProxyPass / http:// |
- | ProxyPassReverse / http:// | + | ProxyPassReverse / http:// |
- | SSLEngine on\\ | + | SSLEngine on |
- | SSLProtocol | + | SSLProtocol |
- | SSLCipherSuite | + | SSLCipherSuite |
- | SSLHonorCipherOrder | + | SSLHonorCipherOrder |
- | SSLCompression | + | SSLCompression |
- | SSLUseStapling | + | SSLUseStapling |
- | SSLStaplingResponderTimeout 5\\ | + | SSLStaplingResponderTimeout 5 |
- | SSLStaplingReturnResponderErrors off\\ | + | SSLStaplingReturnResponderErrors off |
- | Protocols h2 http/1.1\\ | + | Protocols h2 http/1.1 |
- | Header always set Strict-Transport-Security " | + | Header always set Strict-Transport-Security " |
- | Header always append X-Frame-Options SAMEORIGIN\\ | + | Header always append X-Frame-Options SAMEORIGIN |
- | Header always append X-Content-Type-Options nosniff\\ | + | Header always append X-Content-Type-Options nosniff |
- | Header always set X-Xss-Protection "1; mode=block" | + | Header always set X-Xss-Protection "1; mode=block" |
- | Header always set Referrer-Policy " | + | Header always set Referrer-Policy " |
- | Header set Content-Security-Policy " | + | Header set Content-Security-Policy " |
- | | + | </ |
- | </ | + | </ |
- | </IfModule>\\ | + | |
- | | + | </ |
+ | |||
+ | | ||
+ | |||
+ | ==== Your own SSL certificates ==== | ||
+ | |||
+ | Just add the path to the certificate to the mentioned config **/ | ||
+ | |||
+ | 4th line '' | ||
+ | <code> | ||
+ | <MDomain **blockchain.yourDomain**> | ||
+ | | ||
+ | MDCertificateKeyFile / | ||
+ | </ | ||
+ | </ | ||
en_installation/apache.1653387761.txt.gz · Poslední úprava: 2022/05/24 12:22 autor: kozak