onboardingwebsite

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Nächste Überarbeitung		 Vorhergehende Überarbeitung
onboardingwebsite [20200218 17:50] – angelegt Dirk Deimekeonboardingwebsite [20200321 16:03] (aktuell) Dirk Deimeke
Zeile 6: Zeile 6:
   * IPv6 = IPv6-Adresse des Servers der Webseite   * IPv6 = IPv6-Adresse des Servers der Webseite
  
-===== Vorarbeiten =====+===== DNS-Eintrag erstellen ===== 
 + 
 +CNAME generieren, der auf die Maschine zeigt, auf der die Webseite liegen soll. 
 + 
 +===== Verzeichnisse anlegen =====
  
 <code> <code>
Zeile 13: Zeile 17:
 </code> </code>
  
-===== /etc/httpd/conf.d/sub.domain.tld =====+===== Vorbereitung Let's encrypt ===== 
 + 
 +<code> 
 +vim /etc/httpd/conf.d/sub.domain.tld.conf 
 +</code>
  
 <code> <code>
Zeile 36: Zeile 44:
 </VirtualHost> </VirtualHost>
 </code> </code>
 +
 +<code>
 +apachectl configtest
 +apachectl graceful
 +</code>
 +
 +===== Konfiguration ACMEfetch =====
 +
 +<code>
 +vim /opt/acmefetch/etc/sub.domain.tld.cfg
 +</code>
 +
 +<code>
 +{
 +    "GENERAL": {
 +        "ACMEstaging": "acme-staging.api.letsencrypt.org",
 +        "ACMEservice": "acme-v01.api.letsencrypt.org",
 +        "accountKeyPath": "/etc/letsencrypt/ddeimeke.key"
 +    },
 +    "CERTS": [
 +        {
 +            "certOutput": "/etc/letsencrypt/sub.domain.tld.crt",
 +            "certFormat": "PEM",
 +            "keyOutput": "/etc/letsencrypt/sub.domain.tld.key",
 +            "keyFormat": "PEM",
 +            "chainOutput": "/etc/letsencrypt/chain.crt",
 +            "chainFormat": "PEM",
 +            "commonName": "sub.domain.tld",
 +            "SITES": {
 +                "sub.domain.tld": {
 +                    "challengeHandler": "LocalFile",
 +                    "challengeConfig": {
 +                        "www_root": "/srv/www/sub.domain.tld/",
 +                    }
 +                }
 +            }
 +        }
 +    ]
 +}
 +</code>
 +
 +<code>
 +/opt/acmefetch/bin/acmefetch --cfg=/opt/acmefetch/etc/sub.domain.tld.cfg
 +</code>
 +
 +===== Redirect von http auf https =====
 +
 +<code>
 +vim /etc/httpd/conf.d/sub.domain.tld.conf
 +</code>
 +
 +<code>
 +<VirtualHost IPv4:80 [IPv6]:80>
 +    ServerName sub.domain.tld
 +
 +#    DocumentRoot /srv/www/sub.domain.tld
 +#    ErrorLog /var/log/httpd/sub.domain.tld/error.log
 +#    CustomLog /var/log/httpd/sub.domain.tld/access.log combined
 +
 +#    <Directory /srv/www/sub.domain.tld>
 +#        Order allow,deny
 +#        Allow from all
 +#        Require all granted
 +#        Options Indexes
 +#        AllowOverride all
 +#    </Directory>
 +
 +    RewriteEngine on
 +    RewriteCond %{HTTP_HOST}   !^$
 +    RewriteRule ^/(.*)         https://sub.domain.tld/$1 [L,R]
 +</VirtualHost>
 +</code>
 +
 +===== SSL-Konfiguration Apache =====
 +
 +<code>
 +vim /etc/httpd/conf.d/00-sub.domain.tld.conf
 +</code>
 +
 +<code>
 +<VirtualHost IPv4:443 [IPv6]:443>
 +    ServerName sub.domain.tld
 +    ServerAdmin dirk.deimeke@myown-it.com
 +    DocumentRoot /srv/www/sub.domain.tld
 +
 +    <Directory /srv/www/sub.domain.tld/.git>
 +        Order deny,allow
 +        Deny from all
 +        Require all denied
 +    </Directory>
 +
 +    ErrorLog /var/log/httpd/sub.domain.tld/error.log
 +    CustomLog /var/log/httpd/sub.domain.tld/access.log combined
 +
 +    RewriteEngine On
 +
 +    SSLEngine On
 +    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
 +    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 +    SSLHonorCipherOrder     on
 +    SSLCompression          off
 +
 +    Header add Strict-Transport-Security "max-age=15768000"
 +
 +    SSLCertificateFile /etc/letsencrypt/sub.domain.tld.crt
 +    SSLCertificateKeyFile /etc/letsencrypt/sub.domain.tld.key
 +    SSLCertificateChainFile /etc/letsencrypt/chain.crt
 +
 +    ExpiresActive on ExpiresDefault "access plus 1 week"
 +
 +    <Directory /srv/www/sub.domain.tld>
 +        Order allow,deny
 +        Allow from all
 +        Require all granted
 +        Options Indexes FollowSymLinks
 +        AllowOverride all
 +    </Directory>
 +
 +</VirtualHost>
 +</code>
 +
 +<code>
 +apachectl configtest
 +apachectl graceful
 +</code>
 +
  • onboardingwebsite.1582044659.txt.gz
  • Zuletzt geändert: 20200218 17:50
  • von Dirk Deimeke