Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
onboardingwebsite [20200218 17:50] – angelegt Dirk Deimeke | onboardingwebsite [20200321 16:03] (aktuell) – Dirk Deimeke | ||
---|---|---|---|
Zeile 6: | Zeile 6: | ||
* IPv6 = IPv6-Adresse des Servers der Webseite | * IPv6 = IPv6-Adresse des Servers der Webseite | ||
- | ===== Vorarbeiten | + | ===== DNS-Eintrag erstellen ===== |
+ | |||
+ | CNAME generieren, der auf die Maschine zeigt, auf der die Webseite liegen soll. | ||
+ | |||
+ | ===== Verzeichnisse anlegen | ||
< | < | ||
Zeile 13: | Zeile 17: | ||
</ | </ | ||
- | ===== / | + | ===== Vorbereitung Let's encrypt ===== |
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
< | < | ||
Zeile 36: | Zeile 44: | ||
</ | </ | ||
</ | </ | ||
+ | |||
+ | < | ||
+ | apachectl configtest | ||
+ | apachectl graceful | ||
+ | </ | ||
+ | |||
+ | ===== Konfiguration ACMEfetch ===== | ||
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== Redirect von http auf https ===== | ||
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | ServerName sub.domain.tld | ||
+ | |||
+ | # DocumentRoot / | ||
+ | # ErrorLog / | ||
+ | # CustomLog / | ||
+ | |||
+ | # < | ||
+ | # Order allow,deny | ||
+ | # Allow from all | ||
+ | # Require all granted | ||
+ | # Options Indexes | ||
+ | # AllowOverride all | ||
+ | # </ | ||
+ | |||
+ | RewriteEngine on | ||
+ | RewriteCond %{HTTP_HOST} | ||
+ | RewriteRule ^/ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== SSL-Konfiguration Apache ===== | ||
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | ServerName sub.domain.tld | ||
+ | ServerAdmin dirk.deimeke@myown-it.com | ||
+ | DocumentRoot / | ||
+ | |||
+ | < | ||
+ | Order deny,allow | ||
+ | Deny from all | ||
+ | Require all denied | ||
+ | </ | ||
+ | |||
+ | ErrorLog / | ||
+ | CustomLog / | ||
+ | |||
+ | RewriteEngine On | ||
+ | |||
+ | SSLEngine On | ||
+ | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 | ||
+ | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256: | ||
+ | SSLHonorCipherOrder | ||
+ | SSLCompression | ||
+ | |||
+ | Header add Strict-Transport-Security " | ||
+ | |||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | SSLCertificateChainFile / | ||
+ | |||
+ | ExpiresActive on ExpiresDefault " | ||
+ | |||
+ | < | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | Require all granted | ||
+ | Options Indexes FollowSymLinks | ||
+ | AllowOverride all | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | apachectl configtest | ||
+ | apachectl graceful | ||
+ | </ | ||
+ |