FreeBSD ➔ Apache


Writing Icon

Lizenz: Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
Letzte Aktualisierung:
Veröffentlicht:
Verfasser: Markus Kohlmeyer
Beitragender: Jesco Freund


Zu den Voraussetzungen für dieses HowTo siehe bitte: FreeBSD ➔ WebHosting System ➔ Voraussetzungen

Einleitung

Unser WebHosting System wird um folgende Dienste erweitert.

  • Apache 2.4.33 (MPM-Event, HTTP/2, mod_brotli)

Installation

Wir installieren www/apache24 und dessen Abhängigkeiten.

mkdir -p /var/db/ports/www_apache24
cat > /var/db/ports/www_apache24/options << "EOF"
_OPTIONS_READ=apache24-2.4.33
_FILE_COMPLETE_OPTIONS_LIST=ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS AUTHNZ_FCGI AUTHNZ_LDAP AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX BROTLI BUFFER CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID CHARSET_LITE DATA DAV DAV_FS DAV_LOCK DBD DEFLATE DIALUP DIR DUMPIO ENV EXPIRES EXT_FILTER FILE_CACHE FILTER HEADERS HEARTBEAT HEARTMONITOR HTTP2 IDENT IMAGEMAP INCLUDE INFO IPV4_MAPPED LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC LBMETHOD_HEARTBEAT LDAP LOGIO LOG_DEBUG LOG_FORENSIC LUA LUAJIT MACRO MD MIME MIME_MAGIC NEGOTIATION PROXY RATELIMIT REFLECTOR REMOTEIP REQTIMEOUT REQUEST REWRITE SED SESSION SETENVIF SLOTMEM_PLAIN SLOTMEM_SHM SOCACHE_DBM SOCACHE_DC SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING SSL STATUS SUBSTITUTE SUEXEC UNIQUE_ID USERDIR USERTRACK VERSION VHOST_ALIAS WATCHDOG XML2ENC MPM_PREFORK MPM_WORKER MPM_EVENT MPM_SHARED PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI PROXY_HTTP2 PROXY_FDPASS PROXY_FTP PROXY_HCHECK PROXY_HTML PROXY_HTTP PROXY_SCGI PROXY_UWSGI PROXY_WSTUNNEL SESSION_COOKIE SESSION_CRYPTO SESSION_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN ECHO EXAMPLE_HOOKS EXAMPLE_IPC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT
OPTIONS_FILE_SET+=ACCESS_COMPAT
OPTIONS_FILE_SET+=ACTIONS
OPTIONS_FILE_SET+=ALIAS
OPTIONS_FILE_SET+=ALLOWMETHODS
OPTIONS_FILE_SET+=ASIS
OPTIONS_FILE_SET+=AUTHNZ_FCGI
OPTIONS_FILE_UNSET+=AUTHNZ_LDAP
OPTIONS_FILE_SET+=AUTHN_ANON
OPTIONS_FILE_SET+=AUTHN_CORE
OPTIONS_FILE_SET+=AUTHN_DBD
OPTIONS_FILE_SET+=AUTHN_DBM
OPTIONS_FILE_SET+=AUTHN_FILE
OPTIONS_FILE_SET+=AUTHN_SOCACHE
OPTIONS_FILE_SET+=AUTHZ_CORE
OPTIONS_FILE_SET+=AUTHZ_DBD
OPTIONS_FILE_SET+=AUTHZ_DBM
OPTIONS_FILE_SET+=AUTHZ_GROUPFILE
OPTIONS_FILE_SET+=AUTHZ_HOST
OPTIONS_FILE_SET+=AUTHZ_OWNER
OPTIONS_FILE_SET+=AUTHZ_USER
OPTIONS_FILE_SET+=AUTH_BASIC
OPTIONS_FILE_SET+=AUTH_DIGEST
OPTIONS_FILE_SET+=AUTH_FORM
OPTIONS_FILE_SET+=AUTOINDEX
OPTIONS_FILE_SET+=BROTLI
OPTIONS_FILE_SET+=BUFFER
OPTIONS_FILE_SET+=CACHE
OPTIONS_FILE_SET+=CACHE_DISK
OPTIONS_FILE_SET+=CACHE_SOCACHE
OPTIONS_FILE_SET+=CERN_META
OPTIONS_FILE_SET+=CGI
OPTIONS_FILE_SET+=CGID
OPTIONS_FILE_UNSET+=CHARSET_LITE
OPTIONS_FILE_SET+=DATA
OPTIONS_FILE_SET+=DAV
OPTIONS_FILE_SET+=DAV_FS
OPTIONS_FILE_SET+=DAV_LOCK
OPTIONS_FILE_SET+=DBD
OPTIONS_FILE_SET+=DEFLATE
OPTIONS_FILE_UNSET+=DIALUP
OPTIONS_FILE_SET+=DIR
OPTIONS_FILE_SET+=DUMPIO
OPTIONS_FILE_SET+=ENV
OPTIONS_FILE_SET+=EXPIRES
OPTIONS_FILE_SET+=EXT_FILTER
OPTIONS_FILE_SET+=FILE_CACHE
OPTIONS_FILE_SET+=FILTER
OPTIONS_FILE_SET+=HEADERS
OPTIONS_FILE_UNSET+=HEARTBEAT
OPTIONS_FILE_UNSET+=HEARTMONITOR
OPTIONS_FILE_SET+=HTTP2
OPTIONS_FILE_UNSET+=IDENT
OPTIONS_FILE_SET+=IMAGEMAP
OPTIONS_FILE_SET+=INCLUDE
OPTIONS_FILE_SET+=INFO
OPTIONS_FILE_UNSET+=IPV4_MAPPED
OPTIONS_FILE_UNSET+=LBMETHOD_BYBUSYNESS
OPTIONS_FILE_UNSET+=LBMETHOD_BYREQUESTS
OPTIONS_FILE_UNSET+=LBMETHOD_BYTRAFFIC
OPTIONS_FILE_UNSET+=LBMETHOD_HEARTBEAT
OPTIONS_FILE_UNSET+=LDAP
OPTIONS_FILE_SET+=LOGIO
OPTIONS_FILE_SET+=LOG_DEBUG
OPTIONS_FILE_UNSET+=LOG_FORENSIC
OPTIONS_FILE_UNSET+=LUA
OPTIONS_FILE_UNSET+=LUAJIT
OPTIONS_FILE_SET+=MACRO
OPTIONS_FILE_UNSET+=MD
OPTIONS_FILE_SET+=MIME
OPTIONS_FILE_SET+=MIME_MAGIC
OPTIONS_FILE_SET+=NEGOTIATION
OPTIONS_FILE_SET+=PROXY
OPTIONS_FILE_SET+=RATELIMIT
OPTIONS_FILE_SET+=REFLECTOR
OPTIONS_FILE_SET+=REMOTEIP
OPTIONS_FILE_SET+=REQTIMEOUT
OPTIONS_FILE_SET+=REQUEST
OPTIONS_FILE_SET+=REWRITE
OPTIONS_FILE_SET+=SED
OPTIONS_FILE_SET+=SESSION
OPTIONS_FILE_SET+=SETENVIF
OPTIONS_FILE_SET+=SLOTMEM_PLAIN
OPTIONS_FILE_SET+=SLOTMEM_SHM
OPTIONS_FILE_SET+=SOCACHE_DBM
OPTIONS_FILE_UNSET+=SOCACHE_DC
OPTIONS_FILE_UNSET+=SOCACHE_MEMCACHE
OPTIONS_FILE_SET+=SOCACHE_SHMCB
OPTIONS_FILE_UNSET+=SPELING
OPTIONS_FILE_SET+=SSL
OPTIONS_FILE_SET+=STATUS
OPTIONS_FILE_SET+=SUBSTITUTE
OPTIONS_FILE_UNSET+=SUEXEC
OPTIONS_FILE_SET+=UNIQUE_ID
OPTIONS_FILE_SET+=USERDIR
OPTIONS_FILE_SET+=USERTRACK
OPTIONS_FILE_SET+=VERSION
OPTIONS_FILE_UNSET+=VHOST_ALIAS
OPTIONS_FILE_SET+=WATCHDOG
OPTIONS_FILE_SET+=XML2ENC
OPTIONS_FILE_UNSET+=MPM_PREFORK
OPTIONS_FILE_UNSET+=MPM_WORKER
OPTIONS_FILE_SET+=MPM_EVENT
OPTIONS_FILE_SET+=MPM_SHARED
OPTIONS_FILE_UNSET+=PROXY_AJP
OPTIONS_FILE_SET+=PROXY_BALANCER
OPTIONS_FILE_SET+=PROXY_CONNECT
OPTIONS_FILE_SET+=PROXY_EXPRESS
OPTIONS_FILE_SET+=PROXY_FCGI
OPTIONS_FILE_SET+=PROXY_HTTP2
OPTIONS_FILE_SET+=PROXY_FDPASS
OPTIONS_FILE_SET+=PROXY_FTP
OPTIONS_FILE_SET+=PROXY_HCHECK
OPTIONS_FILE_SET+=PROXY_HTML
OPTIONS_FILE_SET+=PROXY_HTTP
OPTIONS_FILE_SET+=PROXY_SCGI
OPTIONS_FILE_SET+=PROXY_UWSGI
OPTIONS_FILE_SET+=PROXY_WSTUNNEL
OPTIONS_FILE_SET+=SESSION_COOKIE
OPTIONS_FILE_SET+=SESSION_CRYPTO
OPTIONS_FILE_SET+=SESSION_DBD
OPTIONS_FILE_UNSET+=BUCKETEER
OPTIONS_FILE_UNSET+=CASE_FILTER
OPTIONS_FILE_UNSET+=CASE_FILTER_IN
OPTIONS_FILE_UNSET+=ECHO
OPTIONS_FILE_UNSET+=EXAMPLE_HOOKS
OPTIONS_FILE_UNSET+=EXAMPLE_IPC
OPTIONS_FILE_UNSET+=OPTIONAL_FN_EXPORT
OPTIONS_FILE_UNSET+=OPTIONAL_FN_IMPORT
OPTIONS_FILE_UNSET+=OPTIONAL_HOOK_EXPORT
OPTIONS_FILE_UNSET+=OPTIONAL_HOOK_IMPORT
"EOF"

cd /usr/ports/www/apache24
make config-recursive all install clean-depends clean

echo 'apache24_enable="YES"' >> /etc/rc.conf
echo 'apache24limits_enable="YES"' >> /etc/rc.conf
echo 'apache24_http_accept_enable="YES"' >> /etc/rc.conf

mkdir -p /usr/local/etc/newsyslog.conf.d
cat >> /usr/local/etc/newsyslog.conf.d/apache24 << "EOF"
/var/log/httpd-*.log                    644  13    *    $W6D0 JCG   /var/run/httpd.pid
/data/www/vhosts/*/logs/apache_*_log    644  24    *    $M1D0 JCG   /var/run/httpd.pid
"EOF"

Konfiguration

Verzeichnisse für die ersten VirtualHosts erstellen.

mkdir -p /data/www/{cache,tmp}
chmod 1777 /data/www/{cache,tmp}
chown www:www /data/www/{cache,tmp}

mkdir -p /data/www/acme/.well-known

mkdir -p /data/www/vhosts/_{default,localhost}_/logs
mkdir -p /data/www/vhosts/_{default,localhost}_/data/.well-known
chmod 0750 /data/www/vhosts/_{default,localhost}_/data
chown www:www /data/www/vhosts/_{default,localhost}_/data

mkdir -p /data/www/vhosts/pki.example.com/logs
mkdir -p /data/www/vhosts/pki.example.com/data/.well-known
chmod 0750 /data/www/vhosts/pki.example.com/data
chown www:www /data/www/vhosts/pki.example.com/data

mkdir -p /data/www/vhosts/mail.example.com/logs
mkdir -p /data/www/vhosts/mail.example.com/data/.well-known
chmod 0750 /data/www/vhosts/mail.example.com/data
chown www:www /data/www/vhosts/mail.example.com/data

mkdir -p /data/www/vhosts/www.example.com/logs
mkdir -p /data/www/vhosts/www.example.com/data/.well-known
chmod 0750 /data/www/vhosts/www.example.com/data
chown www:www /data/www/vhosts/www.example.com/data

Die folgende Konfiguration verwendet für den localhost den Pfad /data/www/vhosts/_localhost_, für den Default-Host den Pfad /data/www/vhosts/_default_ und für die regulären Virtual-Hosts den Pfad /data/www/vhosts/sub.domain.tld.

httpd.conf einrichten.

cat > /usr/local/etc/apache24/httpd.conf << "EOF"
ServerRoot "/usr/local"
PidFile "/var/run/httpd.pid"
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadFile /usr/local/lib/libxml2.so
LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule brotli_module libexec/apache24/mod_brotli.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule http2_module libexec/apache24/mod_http2.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
#LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
    LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
    LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
<IfModule mpm_prefork_module>
    StartServers             16
    MinSpareServers          32
    MaxSpareServers          64
    MaxRequestWorkers       256
    MaxConnectionsPerChild 5000
</IfModule>
<IfModule mpm_worker_module>
    StartServers             16
    ServerLimit              64
    ThreadsPerChild          64
    ThreadLimit             128
    MinSpareThreads         128
    MaxSpareThreads         256
    MaxRequestWorkers      1024
    MaxConnectionsPerChild 5000
</IfModule>
<IfModule mpm_event_module>
    StartServers             16
    ServerLimit              64
    ThreadsPerChild          64
    ThreadLimit             128
    MinSpareThreads         128
    MaxSpareThreads         256
    MaxRequestWorkers      1024
    MaxConnectionsPerChild 5000
</IfModule>
<IfModule unixd_module>
    User www
    Group www
</IfModule>
HttpProtocolOptions Strict LenientMethods Require1.0
<IfModule http2_module>
    Protocols h2 http/1.1
    ProtocolsHonorOrder On
    H2MinWorkers 64
    H2MaxWorkers 128
    H2EarlyHints On
    H2PushDiarySize 1024
    H2PushPriority * After 16
    H2PushPriority text/css Before
    H2PushPriority image/vnd.microsoft.icon Before
    H2PushPriority application/javascript Interleaved
    H2PushPriority text/javascript Interleaved
    H2StreamMaxMemSize 262144
    H2WindowSize 262144
</IfModule>
<IfDefine NOHTTPACCEPT>
    AcceptFilter http none
    AcceptFilter https none
</IfDefine>
<IfModule log_config_module>
    <IfModule logio_module>
        LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%v %a %h %l %u %t \"%r\" %>s %b" common
    <IfModule ssl_module>
        <IfModule logio_module>
            LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combinediossl
        </IfModule>
        LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combinedssl
        LogFormat "%v %a %h %l %u %t \"%r\" %>s %b %{SSL_PROTOCOL}x %{SSL_CIPHER}x" commonssl
    </IfModule>
</IfModule>
LogLevel info
<IfModule ssl_module>
    Listen 443
</IfModule>
Listen 80
Timeout 60
KeepAlive Off
KeepAliveTimeout 2
MaxKeepAliveRequests 100
UseCanonicalName On
HostnameLookups Double
ServerTokens OS
ServerSignature Off
AccessFileName .htaccess
AllowEncodedSlashes NoDecode
AddDefaultCharset UTF-8
<Directory "/">
    Options None +FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>
<LocationMatch "^/?(.+/)*[\._]">
    Require all denied
</LocationMatch>
<LocationMatch "^/?\.well-known">
    Require all granted
</LocationMatch>
AliasMatch "^/?\.well-known/acme-challenge(.*)" "/data/www/acme/.well-known/acme-challenge$1"
<Directory "/data/www/acme">
    Options None +FollowSymlinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule reqtimeout_module>
    RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>
<IfModule dir_module>
    DirectoryIndex index.html index.htm index.php
</IfModule>
<IfModule cgi_module>
    <FilesMatch "\.(?:cgi|pl|py|rb)$">
        SetHandler cgi-script
    </FilesMatch>
</IfModule>
<IfModule cgid_module>
    <FilesMatch "\.(?:cgi|pl|py|rb)$">
        SetHandler cgi-script
    </FilesMatch>
    Scriptsock "/var/run/cgisock"
</IfModule>
<IfModule include_module>
    AddOutputFilter INCLUDES .shtml
</IfModule>
<IfModule mime_module>
    TypesConfig "etc/apache24/mime.types"
    AddType application/pkcs8                           key
    AddType application/pkcs10                          csr
    AddType application/x-pkcs7-crl                     crl
    AddType application/x-pem-file                      pem
    AddType application/x-gzip                          gz tgz
    AddType text/html                                   shtml
    AddType application/json                            map topojson
    AddType application/ld+json                         jsonld
    AddType application/vnd.geo+json                    geojson
    AddType application/manifest+json                   webmanifest
    AddType application/x-web-app-manifest+json         webapp
    AddType application/font-woff2                      woff2
    AddType font/opentype                               otf
    AddType text/markdown                               md markdown
    AddType text/vcard                                  vcf
    AddType text/vnd.rim.location.xloc                  xloc
    AddType text/vtt                                    vtt
    AddType text/x-component                            htc
    <FilesMatch "favicon\.ico$">
        AddType image/vnd.microsoft.icon                ico
    </FilesMatch>
    AddEncoding gzip                                    svgz
    AddHandler type-map var
    <IfModule negotiation_module>
        AddLanguage ca    .ca
        AddLanguage cs    .cz    .cs
        AddLanguage da    .dk
        AddLanguage de    .de
        AddLanguage el    .el
        AddLanguage en    .en
        AddLanguage eo    .eo
        AddLanguage es    .es
        AddLanguage et    .et
        AddLanguage fr    .fr
        AddLanguage he    .he
        AddLanguage hr    .hr
        AddLanguage it    .it
        AddLanguage ja    .ja
        AddLanguage ko    .ko
        AddLanguage ltz   .ltz
        AddLanguage nl    .nl
        AddLanguage nn    .nn
        AddLanguage no    .no
        AddLanguage pl    .po
        AddLanguage pt    .pt
        AddLanguage pt-BR .pt-br
        AddLanguage ru    .ru
        AddLanguage sv    .sv
        AddLanguage tr    .tr
        AddLanguage zh-CN .zh-cn
        AddLanguage zh-TW .zh-tw
        LanguagePriority en de ca cs da el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
        ForceLanguagePriority Prefer Fallback
        AddCharset us-ascii.ascii  .us-ascii
        AddCharset ISO-8859-1      .iso8859-1   .latin1
        AddCharset ISO-8859-2      .iso8859-2   .latin2    .cen
        AddCharset ISO-8859-3      .iso8859-3   .latin3
        AddCharset ISO-8859-4      .iso8859-4   .latin4
        AddCharset ISO-8859-5      .iso8859-5   .cyr       .iso-ru
        AddCharset ISO-8859-6      .iso8859-6   .arb       .arabic
        AddCharset ISO-8859-7      .iso8859-7   .grk       .greek
        AddCharset ISO-8859-8      .iso8859-8   .heb       .hebrew
        AddCharset ISO-8859-9      .iso8859-9   .latin5    .trk
        AddCharset ISO-8859-10     .iso8859-10  .latin6
        AddCharset ISO-8859-13     .iso8859-13
        AddCharset ISO-8859-14     .iso8859-14  .latin8
        AddCharset ISO-8859-15     .iso8859-15  .latin9
        AddCharset ISO-8859-16     .iso8859-16  .latin10
        AddCharset ISO-2022-JP     .iso2022-jp  .jis
        AddCharset ISO-2022-KR     .iso2022-kr  .kis
        AddCharset ISO-2022-CN     .iso2022-cn  .cis
        AddCharset Big5.Big5       .big5        .b5
        AddCharset cn-Big5         .cn-big5
        AddCharset WINDOWS-1251    .cp-1251     .win-1251
        AddCharset CP866           .cp866
        AddCharset KOI8            .koi8
        AddCharset KOI8-E          .koi8-e
        AddCharset KOI8-r          .koi8-r      .koi8-ru
        AddCharset KOI8-U          .koi8-u
        AddCharset KOI8-ru         .koi8-uk     .ua
        AddCharset ISO-10646-UCS-2 .ucs2
        AddCharset ISO-10646-UCS-4 .ucs4
        AddCharset UTF-7           .utf7
        AddCharset UTF-8           .utf8
        AddCharset UTF-16          .utf16
        AddCharset UTF-16BE        .utf16be
        AddCharset UTF-16LE        .utf16le
        AddCharset UTF-32          .utf32
        AddCharset UTF-32BE        .utf32be
        AddCharset UTF-32LE        .utf32le
        AddCharset euc-cn          .euc-cn
        AddCharset euc-gb          .euc-gb
        AddCharset euc-jp          .euc-jp
        AddCharset euc-kr          .euc-kr
        AddCharset EUC-TW          .euc-tw
        AddCharset gb2312          .gb2312      .gb
        AddCharset iso-10646-ucs-2 .ucs-2       .iso-10646-ucs-2
        AddCharset iso-10646-ucs-4 .ucs-4       .iso-10646-ucs-4
        AddCharset shift_jis       .shift_jis   .sjis
        AddCharset UTF-8 .atom \
                         .bbaw \
                         .css \
                         .geojson \
                         .js \
                         .json \
                         .jsonld \
                         .md \
                         .manifest \
                         .markdown \
                         .rdf \
                         .rss \
                         .topojson \
                         .vtt \
                         .webapp \
                         .webmanifest \
                         .xloc \
                         .xml \
                         .xsl
    </IfModule>
</IfModule>
<IfModule mime_magic_module>
    MIMEMagicFile "etc/apache24/magic"
</IfModule>
<IfModule autoindex_module>
    <IfModule alias_module>
        Alias "/icons/" "/usr/local/www/apache24/icons/"
        <Directory "/usr/local/www/apache24/icons">
            Options None +MultiViews
            AllowOverride None
            Require all granted
        </Directory>
        IndexOrderDefault Ascending Name
        IndexOptions FancyIndexing VersionSort FoldersFirst IgnoreCase IgnoreClient NameWidth=* SuppressDescription XHTML
        IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t .git .svn *.bak *.orig
        AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
        AddIconByType (TXT,/icons/text.gif) text/*
        AddIconByType (IMG,/icons/image2.gif) image/*
        AddIconByType (SND,/icons/sound2.gif) audio/*
        AddIconByType (VID,/icons/movie.gif) video/*
        AddIcon /icons/binary.gif .bin .exe
        AddIcon /icons/binhex.gif .hqx
        AddIcon /icons/tar.gif .tar
        AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
        AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
        AddIcon /icons/a.gif .ps .ai .eps
        AddIcon /icons/layout.gif .html .shtml .htm .pdf
        AddIcon /icons/text.gif .txt
        AddIcon /icons/c.gif .c
        AddIcon /icons/p.gif .pl .py
        AddIcon /icons/f.gif .for
        AddIcon /icons/dvi.gif .dvi
        AddIcon /icons/uuencoded.gif .uu
        AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
        AddIcon /icons/tex.gif .tex
        AddIcon /icons/bomb.gif core
        AddIcon /icons/back.gif ..
        AddIcon /icons/hand.right.gif README
        AddIcon /icons/folder.gif ^^DIRECTORY^^
        AddIcon /icons/blank.gif ^^BLANKICON^^
        DefaultIcon /icons/unknown.gif
        ReadmeName README.html
        HeaderName HEADER.html
    </IfModule>
</IfModule>
<IfModule expires_module>
    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"
    ExpiresByType text/css                              "access plus 1 week"
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rdf+xml                   "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"
    ExpiresByType application/xhtml+xml                 "access plus 0 seconds"
    ExpiresByType application/json                      "access plus 0 seconds"
    ExpiresByType application/ld+json                   "access plus 0 seconds"
    ExpiresByType application/schema+json               "access plus 0 seconds"
    ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"
    ExpiresByType text/xsl                              "access plus 0 seconds"
    ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
    ExpiresByType image/x-icon                          "access plus 1 week"
    ExpiresByType text/html                             "access plus 0 seconds"
    ExpiresByType text/markdown                         "access plus 0 seconds"
    ExpiresByType application/javascript                "access plus 1 week"
    ExpiresByType application/x-javascript              "access plus 1 week"
    ExpiresByType text/javascript                       "access plus 1 week"
    ExpiresByType application/manifest+json             "access plus 1 week"
    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/bmp                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"
    ExpiresByType image/webp                            "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"
    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
    ExpiresByType font/eot                              "access plus 1 month"
    ExpiresByType font/opentype                         "access plus 1 month"
    ExpiresByType application/x-font-ttf                "access plus 1 month"
    ExpiresByType application/font-woff                 "access plus 1 month"
    ExpiresByType application/x-font-woff               "access plus 1 month"
    ExpiresByType font/woff                             "access plus 1 month"
    ExpiresByType application/font-woff2                "access plus 1 month"
    ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
</IfModule>
<If "%{HTTP:Accept-Encoding} =~ /br/i">
    <IfModule brotli_module>
        AddOutputFilterByType BROTLI_COMPRESS \
                              "application/atom+xml" \
                              "application/javascript" \
                              "application/json" \
                              "application/ld+json" \
                              "application/manifest+json" \
                              "application/rdf+xml" \
                              "application/rss+xml" \
                              "application/schema+json" \
                              "application/vnd.geo+json" \
                              "application/vnd.ms-fontobject" \
                              "application/x-font-ttf" \
                              "application/x-javascript" \
                              "application/x-web-app-manifest+json" \
                              "application/xhtml+xml" \
                              "application/xml" \
                              "font/eot" \
                              "font/opentype" \
                              "image/bmp" \
                              "image/svg+xml" \
                              "image/vnd.microsoft.icon" \
                              "image/x-icon" \
                              "text/cache-manifest" \
                              "text/css" \
                              "text/html" \
                              "text/javascript" \
                              "text/markdown" \
                              "text/plain" \
                              "text/vcard" \
                              "text/vnd.rim.location.xloc" \
                              "text/vtt" \
                              "text/x-component" \
                              "text/x-cross-domain-policy" \
                              "text/xml" \
                              "text/xsl"
    </IfModule>
    <IfModule !brotli_module>
        <IfModule deflate_module>
            AddOutputFilterByType DEFLATE \
                              "application/atom+xml" \
                              "application/javascript" \
                              "application/json" \
                              "application/ld+json" \
                              "application/manifest+json" \
                              "application/rdf+xml" \
                              "application/rss+xml" \
                              "application/schema+json" \
                              "application/vnd.geo+json" \
                              "application/vnd.ms-fontobject" \
                              "application/x-font-ttf" \
                              "application/x-javascript" \
                              "application/x-web-app-manifest+json" \
                              "application/xhtml+xml" \
                              "application/xml" \
                              "font/eot" \
                              "font/opentype" \
                              "image/bmp" \
                              "image/svg+xml" \
                              "image/vnd.microsoft.icon" \
                              "image/x-icon" \
                              "text/cache-manifest" \
                              "text/css" \
                              "text/html" \
                              "text/javascript" \
                              "text/markdown" \
                              "text/plain" \
                              "text/vcard" \
                              "text/vnd.rim.location.xloc" \
                              "text/vtt" \
                              "text/x-component" \
                              "text/x-cross-domain-policy" \
                              "text/xml" \
                              "text/xsl"
        </IfModule>
    </IfModule>
</If>
<ElseIf "%{HTTP:Accept-Encoding} =~ /deflate/i">
    <IfModule deflate_module>
        AddOutputFilterByType DEFLATE \
                              "application/atom+xml" \
                              "application/javascript" \
                              "application/json" \
                              "application/ld+json" \
                              "application/manifest+json" \
                              "application/rdf+xml" \
                              "application/rss+xml" \
                              "application/schema+json" \
                              "application/vnd.geo+json" \
                              "application/vnd.ms-fontobject" \
                              "application/x-font-ttf" \
                              "application/x-javascript" \
                              "application/x-web-app-manifest+json" \
                              "application/xhtml+xml" \
                              "application/xml" \
                              "font/eot" \
                              "font/opentype" \
                              "image/bmp" \
                              "image/svg+xml" \
                              "image/vnd.microsoft.icon" \
                              "image/x-icon" \
                              "text/cache-manifest" \
                              "text/css" \
                              "text/html" \
                              "text/javascript" \
                              "text/markdown" \
                              "text/plain" \
                              "text/vcard" \
                              "text/vnd.rim.location.xloc" \
                              "text/vtt" \
                              "text/x-component" \
                              "text/x-cross-domain-policy" \
                              "text/xml" \
                              "text/xsl"
    </IfModule>
</ElseIf>
<IfModule proxy_html_module>
    ProxyHTMLLinks  a               href
    ProxyHTMLLinks  area            href
    ProxyHTMLLinks  link            href
    ProxyHTMLLinks  img             src longdesc usemap
    ProxyHTMLLinks  object          classid codebase data usemap
    ProxyHTMLLinks  q               cite
    ProxyHTMLLinks  blockquote      cite
    ProxyHTMLLinks  ins             cite
    ProxyHTMLLinks  del             cite
    ProxyHTMLLinks  form            action
    ProxyHTMLLinks  input           src usemap
    ProxyHTMLLinks  head            profile
    ProxyHTMLLinks  base            href
    ProxyHTMLLinks  script          src for
    ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
                    onmouseover onmousemove onmouseout onkeypress \
                    onkeydown onkeyup onfocus onblur onload \
                    onunload onsubmit onreset onselect onchange
</IfModule>
<IfModule cache_module>
    CacheQuickHandler off
    CacheIgnoreURLSessionIdentifiers sid SID
    <IfModule cache_disk_module>
        CacheRoot "/data/www/cache/"
    </IfModule>
    <IfModule cache_socache_module>
        CacheSocache shmcb
    </IfModule>
</IfModule>
<IfModule userdir_module>
    UserDir disabled
    UserDir "/home/*/public_html"
    <Directory "/home/*/public_html">
        Options None +SymLinksIfOwnerMatch
        AllowOverride None
        Require all granted
    </Directory>
</IfModule>
<IfModule info_module>
    <Location "/.well-known/server-info">
        SetHandler server-info
        <RequireAny>
            Require host localhost
        </RequireAny>
    </Location>
</IfModule>
<IfModule status_module>
    <Location "/.well-known/server-status">
        SetHandler server-status
        <RequireAny>
            Require host localhost
        </RequireAny>
    </Location>
    <IfModule http2_module>
        <Location "/.well-known/server-status2">
            SetHandler http2-status
            <RequireAny>
                Require host localhost
            </RequireAny>
        </Location>
    </IfModule>
</IfModule>
<IfModule headers_module>
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Origin "null"
    <IfModule setenvif_module>
        SetEnvIf Origin ":" IS_CORS
        Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </IfModule>
    Header set Access-Control-Max-Age "600"
    Header set Upgrade-Insecure-Requests "1"
    Header set Referrer-Policy "origin-when-cross-origin"
    Header set Content-Security-Policy "upgrade-insecure-requests; \
                default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; \
                form-action 'self' https: wss:; \
                frame-ancestors 'self'; \
                sandbox allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation"
    Header set X-Content-Security-Policy "upgrade-insecure-requests; \
                default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; \
                form-action 'self' https: wss:; \
                frame-ancestors 'self'; \
                sandbox allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-DNS-Prefetch-Control "on"
    Header set X-UA-Compatible "IE=Edge"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Timing-Allow-Origin "*"
#    Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
</IfModule>
IncludeOptional "etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf"
ServerName localhost
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/_localhost_/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/_localhost_/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/_localhost_/data"
<Directory "/data/www/vhosts/_localhost_/data">
    Options None +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
Include "etc/apache24/vhosts.conf"
<IfModule ssl_module>
    SSLRandomSeed startup "file:/dev/urandom" 65536
    SSLRandomSeed connect "file:/dev/urandom" 65536
    SSLPassPhraseDialog builtin
    <IfModule socache_shmcb_module>
        SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
    </IfModule>
    <IfModule !socache_shmcb_module>
        <IfModule socache_dbm_module>
            SSLSessionCache "dbm:/var/run/ssl_scache"
        </IfModule>
        <IfModule !socache_dbm_module>
            SSLSessionCache "nonenotnull"
        </IfModule>
    </IfModule>
    SSLSessionTickets Off
    SSLHonorCipherOrder On
    SSLStrictSNIVHostCheck On
    SSLOptions +StrictRequire +StdEnvVars
    SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite "EECDH+ECDSA+CHACHA20 EECDH+CHACHA20 \
        EECDH+ECDSA+AESGCM+AES256 EECDH+AESGCM+AES256 \
        EECDH+ECDSA+AESGCM+AES128 EECDH+AESGCM+AES128 \
        EECDH+ECDSA+AES256+SHA384 EECDH+AES256+SHA384 \
        EECDH+ECDSA+AES128+SHA256 EECDH+AES128+SHA256 \
        EECDH+ECDSA+AES256+SHA1 EECDH+AES256+SHA1 \
        EECDH+ECDSA+AES128+SHA1 EECDH+AES128+SHA1 \
        EDH+CHACHA20 \
        EDH+AESGCM+AES256 EDH+AESGCM+AES128 \
        EDH+AES256+SHA256 EDH+AES128+SHA256 \
        EDH+AES256+SHA1 EDH+AES128+SHA1 \
        !CAMELLIA !SEED !IDEA !RC2 !RC4 !3DES !DES !kRSA !kSRP !kPSK !kGOST !kECDHr !kECDHe !kDHr !kDHd !aDSS !aNULL !eNULL !MEDIUM !LOW !EXPORT"
    SSLOCSPEnable On
    SSLStaplingFakeTryLater Off
    SSLStaplingResponderTimeout 2
    SSLStaplingReturnResponderErrors Off
    SSLStaplingStandardCacheTimeout 86400
    <IfModule socache_shmcb_module>
        SSLUseStapling On
        SSLStaplingCache "shmcb:/var/run/stapling_cache(128000000)"
    </IfModule>
    <IfModule !socache_shmcb_module>
        <IfModule socache_dbm_module>
            SSLUseStapling On
            SSLStaplingCache "dbm:/var/run/stapling_cache"
        </IfModule>
        <IfModule !socache_dbm_module>
            SSLUseStapling Off
        </IfModule>
    </IfModule>
    Include "etc/apache24/vhosts-ssl.conf"
</IfModule>
"EOF"

vhosts.conf einrichten.

cat > /usr/local/etc/apache24/vhosts.conf << "EOF"
<VirtualHost *:80>
    ServerName devnull.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/_default_/logs/apache_access_log" combined
    ErrorLog "/data/www/vhosts/_default_/logs/apache_error_log"
    DocumentRoot "/data/www/vhosts/_default_/data"
    <Directory "/data/www/vhosts/_default_/data">
        Options None +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
        RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
    </IfModule>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
</VirtualHost>

<VirtualHost *:80>
    ServerName pki.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/pki.example.com/logs/apache_access_log" combined
    ErrorLog "/data/www/vhosts/pki.example.com/logs/apache_error_log"
    DocumentRoot "/data/www/vhosts/pki.example.com/data"
    <Directory "/data/www/vhosts/pki.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
        RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
    </IfModule>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
</VirtualHost>

<VirtualHost *:80>
    ServerName mail.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/mail.example.com/logs/apache_access_log" combined
    ErrorLog "/data/www/vhosts/mail.example.com/logs/apache_error_log"
    DocumentRoot "/data/www/vhosts/mail.example.com/data"
    <Directory "/data/www/vhosts/mail.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
        RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
    </IfModule>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/www.example.com/logs/apache_access_log" combined
    ErrorLog "/data/www/vhosts/www.example.com/logs/apache_error_log"
    DocumentRoot "/data/www/vhosts/www.example.com/data"
    <Directory "/data/www/vhosts/www.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond "%{HTTP_HOST}" "!^www\.example\.com$" [NC]
        RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
        RewriteRule "^/?(.*)" "http://www.example.com/$1" [L,QSA,R=308]
        RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
        RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
    </IfModule>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
</VirtualHost>
"EOF"

vhosts-ssl.conf einrichten.

cat > /usr/local/etc/apache24/vhosts-ssl.conf << "EOF"
<VirtualHost *:443>
    ServerName devnull.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/_default_/logs/apache_ssl_access_log" combinedssl
    ErrorLog "/data/www/vhosts/_default_/logs/apache_ssl_error_log"
    DocumentRoot "/data/www/vhosts/_default_/data"
    <Directory "/data/www/vhosts/_default_/data">
        Options None +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
    SSLEngine on
    SSLCertificateFile "/data/pki/certs/devnull.example.com.crt"
    SSLCertificateKeyFile "/data/pki/private/devnull.example.com.key"
</VirtualHost>

<VirtualHost *:443>
    ServerName pki.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/pki.example.com/logs/apache_ssl_access_log" combinedssl
    ErrorLog "/data/www/vhosts/pki.example.com/logs/apache_ssl_error_log"
    DocumentRoot "/data/www/vhosts/pki.example.com/data"
    <Directory "/data/www/vhosts/pki.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
    SSLEngine on
    SSLCertificateFile "/data/pki/certs/pki.example.com.crt"
    SSLCertificateKeyFile "/data/pki/private/pki.example.com.key"
</VirtualHost>

<VirtualHost *:443>
    ServerName mail.example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/mail.example.com/logs/apache_ssl_access_log" combinedssl
    ErrorLog "/data/www/vhosts/mail.example.com/logs/apache_ssl_error_log"
    DocumentRoot "/data/www/vhosts/mail.example.com/data"
    <Directory "/data/www/vhosts/mail.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
    SSLEngine on
    SSLCertificateFile "/data/pki/certs/mail.example.com.crt"
    SSLCertificateKeyFile "/data/pki/private/mail.example.com.key"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
    ServerAdmin webmaster@example.com
    CustomLog "/data/www/vhosts/www.example.com/logs/apache_ssl_access_log" combinedssl
    ErrorLog "/data/www/vhosts/www.example.com/logs/apache_ssl_error_log"
    DocumentRoot "/data/www/vhosts/www.example.com/data"
    <Directory "/data/www/vhosts/www.example.com/data">
        Options None +FollowSymLinks
        AllowOverride Options FileInfo AuthConfig Limit
        Require all granted
    </Directory>
    <IfModule rewrite_module>
        RewriteEngine On
        RewriteCond "%{HTTP_HOST}" "!^www\.example\.com$" [NC]
        RewriteRule "^/?(.*)" "https://www.example.com/$1" [L,QSA,R=301]
    </IfModule>
    <FilesMatch "(.+\.phps?)(/.*)?$">
        ProxyFCGIBackendType GENERIC
        SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
    </FilesMatch>
    <Proxy "fcgi://localhost" enablereuse=on max=10>
    </Proxy>
    SSLEngine on
    SSLCertificateFile "/data/pki/certs/www.example.com.crt"
    SSLCertificateKeyFile "/data/pki/private/www.example.com.key"
</VirtualHost>
"EOF"

Abschluss

Apache kann nun gestartet werden.

service apache24 start

Über den Autor