Zu den Voraussetzungen für dieses HowTo siehe bitte: FreeBSD ➔ WebHosting System ➔ Voraussetzungen
Einleitung
Unser WebHosting System wird um folgende Dienste erweitert.
- Apache 2.4.33 (MPM-Event, HTTP/2, mod_brotli)
Installation
Wir installieren www/apache24
und dessen Abhängigkeiten.
mkdir -p /var/db/ports/www_apache24
cat > /var/db/ports/www_apache24/options << "EOF"
_OPTIONS_READ=apache24-2.4.33
_FILE_COMPLETE_OPTIONS_LIST=ACCESS_COMPAT ACTIONS ALIAS ALLOWMETHODS ASIS AUTHNZ_FCGI AUTHNZ_LDAP AUTHN_ANON AUTHN_CORE AUTHN_DBD AUTHN_DBM AUTHN_FILE AUTHN_SOCACHE AUTHZ_CORE AUTHZ_DBD AUTHZ_DBM AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTH_FORM AUTOINDEX BROTLI BUFFER CACHE CACHE_DISK CACHE_SOCACHE CERN_META CGI CGID CHARSET_LITE DATA DAV DAV_FS DAV_LOCK DBD DEFLATE DIALUP DIR DUMPIO ENV EXPIRES EXT_FILTER FILE_CACHE FILTER HEADERS HEARTBEAT HEARTMONITOR HTTP2 IDENT IMAGEMAP INCLUDE INFO IPV4_MAPPED LBMETHOD_BYBUSYNESS LBMETHOD_BYREQUESTS LBMETHOD_BYTRAFFIC LBMETHOD_HEARTBEAT LDAP LOGIO LOG_DEBUG LOG_FORENSIC LUA LUAJIT MACRO MD MIME MIME_MAGIC NEGOTIATION PROXY RATELIMIT REFLECTOR REMOTEIP REQTIMEOUT REQUEST REWRITE SED SESSION SETENVIF SLOTMEM_PLAIN SLOTMEM_SHM SOCACHE_DBM SOCACHE_DC SOCACHE_MEMCACHE SOCACHE_SHMCB SPELING SSL STATUS SUBSTITUTE SUEXEC UNIQUE_ID USERDIR USERTRACK VERSION VHOST_ALIAS WATCHDOG XML2ENC MPM_PREFORK MPM_WORKER MPM_EVENT MPM_SHARED PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_EXPRESS PROXY_FCGI PROXY_HTTP2 PROXY_FDPASS PROXY_FTP PROXY_HCHECK PROXY_HTML PROXY_HTTP PROXY_SCGI PROXY_UWSGI PROXY_WSTUNNEL SESSION_COOKIE SESSION_CRYPTO SESSION_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN ECHO EXAMPLE_HOOKS EXAMPLE_IPC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT
OPTIONS_FILE_SET+=ACCESS_COMPAT
OPTIONS_FILE_SET+=ACTIONS
OPTIONS_FILE_SET+=ALIAS
OPTIONS_FILE_SET+=ALLOWMETHODS
OPTIONS_FILE_SET+=ASIS
OPTIONS_FILE_SET+=AUTHNZ_FCGI
OPTIONS_FILE_UNSET+=AUTHNZ_LDAP
OPTIONS_FILE_SET+=AUTHN_ANON
OPTIONS_FILE_SET+=AUTHN_CORE
OPTIONS_FILE_SET+=AUTHN_DBD
OPTIONS_FILE_SET+=AUTHN_DBM
OPTIONS_FILE_SET+=AUTHN_FILE
OPTIONS_FILE_SET+=AUTHN_SOCACHE
OPTIONS_FILE_SET+=AUTHZ_CORE
OPTIONS_FILE_SET+=AUTHZ_DBD
OPTIONS_FILE_SET+=AUTHZ_DBM
OPTIONS_FILE_SET+=AUTHZ_GROUPFILE
OPTIONS_FILE_SET+=AUTHZ_HOST
OPTIONS_FILE_SET+=AUTHZ_OWNER
OPTIONS_FILE_SET+=AUTHZ_USER
OPTIONS_FILE_SET+=AUTH_BASIC
OPTIONS_FILE_SET+=AUTH_DIGEST
OPTIONS_FILE_SET+=AUTH_FORM
OPTIONS_FILE_SET+=AUTOINDEX
OPTIONS_FILE_SET+=BROTLI
OPTIONS_FILE_SET+=BUFFER
OPTIONS_FILE_SET+=CACHE
OPTIONS_FILE_SET+=CACHE_DISK
OPTIONS_FILE_SET+=CACHE_SOCACHE
OPTIONS_FILE_SET+=CERN_META
OPTIONS_FILE_SET+=CGI
OPTIONS_FILE_SET+=CGID
OPTIONS_FILE_UNSET+=CHARSET_LITE
OPTIONS_FILE_SET+=DATA
OPTIONS_FILE_SET+=DAV
OPTIONS_FILE_SET+=DAV_FS
OPTIONS_FILE_SET+=DAV_LOCK
OPTIONS_FILE_SET+=DBD
OPTIONS_FILE_SET+=DEFLATE
OPTIONS_FILE_UNSET+=DIALUP
OPTIONS_FILE_SET+=DIR
OPTIONS_FILE_SET+=DUMPIO
OPTIONS_FILE_SET+=ENV
OPTIONS_FILE_SET+=EXPIRES
OPTIONS_FILE_SET+=EXT_FILTER
OPTIONS_FILE_SET+=FILE_CACHE
OPTIONS_FILE_SET+=FILTER
OPTIONS_FILE_SET+=HEADERS
OPTIONS_FILE_UNSET+=HEARTBEAT
OPTIONS_FILE_UNSET+=HEARTMONITOR
OPTIONS_FILE_SET+=HTTP2
OPTIONS_FILE_UNSET+=IDENT
OPTIONS_FILE_SET+=IMAGEMAP
OPTIONS_FILE_SET+=INCLUDE
OPTIONS_FILE_SET+=INFO
OPTIONS_FILE_UNSET+=IPV4_MAPPED
OPTIONS_FILE_UNSET+=LBMETHOD_BYBUSYNESS
OPTIONS_FILE_UNSET+=LBMETHOD_BYREQUESTS
OPTIONS_FILE_UNSET+=LBMETHOD_BYTRAFFIC
OPTIONS_FILE_UNSET+=LBMETHOD_HEARTBEAT
OPTIONS_FILE_UNSET+=LDAP
OPTIONS_FILE_SET+=LOGIO
OPTIONS_FILE_SET+=LOG_DEBUG
OPTIONS_FILE_UNSET+=LOG_FORENSIC
OPTIONS_FILE_UNSET+=LUA
OPTIONS_FILE_UNSET+=LUAJIT
OPTIONS_FILE_SET+=MACRO
OPTIONS_FILE_UNSET+=MD
OPTIONS_FILE_SET+=MIME
OPTIONS_FILE_SET+=MIME_MAGIC
OPTIONS_FILE_SET+=NEGOTIATION
OPTIONS_FILE_SET+=PROXY
OPTIONS_FILE_SET+=RATELIMIT
OPTIONS_FILE_SET+=REFLECTOR
OPTIONS_FILE_SET+=REMOTEIP
OPTIONS_FILE_SET+=REQTIMEOUT
OPTIONS_FILE_SET+=REQUEST
OPTIONS_FILE_SET+=REWRITE
OPTIONS_FILE_SET+=SED
OPTIONS_FILE_SET+=SESSION
OPTIONS_FILE_SET+=SETENVIF
OPTIONS_FILE_SET+=SLOTMEM_PLAIN
OPTIONS_FILE_SET+=SLOTMEM_SHM
OPTIONS_FILE_SET+=SOCACHE_DBM
OPTIONS_FILE_UNSET+=SOCACHE_DC
OPTIONS_FILE_UNSET+=SOCACHE_MEMCACHE
OPTIONS_FILE_SET+=SOCACHE_SHMCB
OPTIONS_FILE_UNSET+=SPELING
OPTIONS_FILE_SET+=SSL
OPTIONS_FILE_SET+=STATUS
OPTIONS_FILE_SET+=SUBSTITUTE
OPTIONS_FILE_UNSET+=SUEXEC
OPTIONS_FILE_SET+=UNIQUE_ID
OPTIONS_FILE_SET+=USERDIR
OPTIONS_FILE_SET+=USERTRACK
OPTIONS_FILE_SET+=VERSION
OPTIONS_FILE_UNSET+=VHOST_ALIAS
OPTIONS_FILE_SET+=WATCHDOG
OPTIONS_FILE_SET+=XML2ENC
OPTIONS_FILE_UNSET+=MPM_PREFORK
OPTIONS_FILE_UNSET+=MPM_WORKER
OPTIONS_FILE_SET+=MPM_EVENT
OPTIONS_FILE_SET+=MPM_SHARED
OPTIONS_FILE_UNSET+=PROXY_AJP
OPTIONS_FILE_SET+=PROXY_BALANCER
OPTIONS_FILE_SET+=PROXY_CONNECT
OPTIONS_FILE_SET+=PROXY_EXPRESS
OPTIONS_FILE_SET+=PROXY_FCGI
OPTIONS_FILE_SET+=PROXY_HTTP2
OPTIONS_FILE_SET+=PROXY_FDPASS
OPTIONS_FILE_SET+=PROXY_FTP
OPTIONS_FILE_SET+=PROXY_HCHECK
OPTIONS_FILE_SET+=PROXY_HTML
OPTIONS_FILE_SET+=PROXY_HTTP
OPTIONS_FILE_SET+=PROXY_SCGI
OPTIONS_FILE_SET+=PROXY_UWSGI
OPTIONS_FILE_SET+=PROXY_WSTUNNEL
OPTIONS_FILE_SET+=SESSION_COOKIE
OPTIONS_FILE_SET+=SESSION_CRYPTO
OPTIONS_FILE_SET+=SESSION_DBD
OPTIONS_FILE_UNSET+=BUCKETEER
OPTIONS_FILE_UNSET+=CASE_FILTER
OPTIONS_FILE_UNSET+=CASE_FILTER_IN
OPTIONS_FILE_UNSET+=ECHO
OPTIONS_FILE_UNSET+=EXAMPLE_HOOKS
OPTIONS_FILE_UNSET+=EXAMPLE_IPC
OPTIONS_FILE_UNSET+=OPTIONAL_FN_EXPORT
OPTIONS_FILE_UNSET+=OPTIONAL_FN_IMPORT
OPTIONS_FILE_UNSET+=OPTIONAL_HOOK_EXPORT
OPTIONS_FILE_UNSET+=OPTIONAL_HOOK_IMPORT
"EOF"
cd /usr/ports/www/apache24
make config-recursive all install clean-depends clean
echo 'apache24_enable="YES"' >> /etc/rc.conf
echo 'apache24limits_enable="YES"' >> /etc/rc.conf
echo 'apache24_http_accept_enable="YES"' >> /etc/rc.conf
mkdir -p /usr/local/etc/newsyslog.conf.d
cat >> /usr/local/etc/newsyslog.conf.d/apache24 << "EOF"
/var/log/httpd-*.log 644 13 * $W6D0 JCG /var/run/httpd.pid
/data/www/vhosts/*/logs/apache_*_log 644 24 * $M1D0 JCG /var/run/httpd.pid
"EOF"
Konfiguration
Verzeichnisse für die ersten VirtualHosts erstellen.
mkdir -p /data/www/{cache,tmp}
chmod 1777 /data/www/{cache,tmp}
chown www:www /data/www/{cache,tmp}
mkdir -p /data/www/acme/.well-known
mkdir -p /data/www/vhosts/_{default,localhost}_/logs
mkdir -p /data/www/vhosts/_{default,localhost}_/data/.well-known
chmod 0750 /data/www/vhosts/_{default,localhost}_/data
chown www:www /data/www/vhosts/_{default,localhost}_/data
mkdir -p /data/www/vhosts/pki.example.com/logs
mkdir -p /data/www/vhosts/pki.example.com/data/.well-known
chmod 0750 /data/www/vhosts/pki.example.com/data
chown www:www /data/www/vhosts/pki.example.com/data
mkdir -p /data/www/vhosts/mail.example.com/logs
mkdir -p /data/www/vhosts/mail.example.com/data/.well-known
chmod 0750 /data/www/vhosts/mail.example.com/data
chown www:www /data/www/vhosts/mail.example.com/data
mkdir -p /data/www/vhosts/www.example.com/logs
mkdir -p /data/www/vhosts/www.example.com/data/.well-known
chmod 0750 /data/www/vhosts/www.example.com/data
chown www:www /data/www/vhosts/www.example.com/data
Die folgende Konfiguration verwendet für den localhost den Pfad /data/www/vhosts/_localhost_
, für den Default-Host den Pfad /data/www/vhosts/_default_
und für die regulären Virtual-Hosts den Pfad /data/www/vhosts/sub.domain.tld
.
httpd.conf
einrichten.
cat > /usr/local/etc/apache24/httpd.conf << "EOF"
ServerRoot "/usr/local"
PidFile "/var/run/httpd.pid"
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadFile /usr/local/lib/libxml2.so
LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule brotli_module libexec/apache24/mod_brotli.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule http2_module libexec/apache24/mod_http2.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
#LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
<IfModule mpm_prefork_module>
StartServers 16
MinSpareServers 32
MaxSpareServers 64
MaxRequestWorkers 256
MaxConnectionsPerChild 5000
</IfModule>
<IfModule mpm_worker_module>
StartServers 16
ServerLimit 64
ThreadsPerChild 64
ThreadLimit 128
MinSpareThreads 128
MaxSpareThreads 256
MaxRequestWorkers 1024
MaxConnectionsPerChild 5000
</IfModule>
<IfModule mpm_event_module>
StartServers 16
ServerLimit 64
ThreadsPerChild 64
ThreadLimit 128
MinSpareThreads 128
MaxSpareThreads 256
MaxRequestWorkers 1024
MaxConnectionsPerChild 5000
</IfModule>
<IfModule unixd_module>
User www
Group www
</IfModule>
HttpProtocolOptions Strict LenientMethods Require1.0
<IfModule http2_module>
Protocols h2 http/1.1
ProtocolsHonorOrder On
H2MinWorkers 64
H2MaxWorkers 128
H2EarlyHints On
H2PushDiarySize 1024
H2PushPriority * After 16
H2PushPriority text/css Before
H2PushPriority image/vnd.microsoft.icon Before
H2PushPriority application/javascript Interleaved
H2PushPriority text/javascript Interleaved
H2StreamMaxMemSize 262144
H2WindowSize 262144
</IfModule>
<IfDefine NOHTTPACCEPT>
AcceptFilter http none
AcceptFilter https none
</IfDefine>
<IfModule log_config_module>
<IfModule logio_module>
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b" common
<IfModule ssl_module>
<IfModule logio_module>
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combinediossl
</IfModule>
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combinedssl
LogFormat "%v %a %h %l %u %t \"%r\" %>s %b %{SSL_PROTOCOL}x %{SSL_CIPHER}x" commonssl
</IfModule>
</IfModule>
LogLevel info
<IfModule ssl_module>
Listen 443
</IfModule>
Listen 80
Timeout 60
KeepAlive Off
KeepAliveTimeout 2
MaxKeepAliveRequests 100
UseCanonicalName On
HostnameLookups Double
ServerTokens OS
ServerSignature Off
AccessFileName .htaccess
AllowEncodedSlashes NoDecode
AddDefaultCharset UTF-8
<Directory "/">
Options None +FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<LocationMatch "^/?(.+/)*[\._]">
Require all denied
</LocationMatch>
<LocationMatch "^/?\.well-known">
Require all granted
</LocationMatch>
AliasMatch "^/?\.well-known/acme-challenge(.*)" "/data/www/acme/.well-known/acme-challenge$1"
<Directory "/data/www/acme">
Options None +FollowSymlinks
AllowOverride None
Require all granted
</Directory>
<IfModule reqtimeout_module>
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php
</IfModule>
<IfModule cgi_module>
<FilesMatch "\.(?:cgi|pl|py|rb)$">
SetHandler cgi-script
</FilesMatch>
</IfModule>
<IfModule cgid_module>
<FilesMatch "\.(?:cgi|pl|py|rb)$">
SetHandler cgi-script
</FilesMatch>
Scriptsock "/var/run/cgisock"
</IfModule>
<IfModule include_module>
AddOutputFilter INCLUDES .shtml
</IfModule>
<IfModule mime_module>
TypesConfig "etc/apache24/mime.types"
AddType application/pkcs8 key
AddType application/pkcs10 csr
AddType application/x-pkcs7-crl crl
AddType application/x-pem-file pem
AddType application/x-gzip gz tgz
AddType text/html shtml
AddType application/json map topojson
AddType application/ld+json jsonld
AddType application/vnd.geo+json geojson
AddType application/manifest+json webmanifest
AddType application/x-web-app-manifest+json webapp
AddType application/font-woff2 woff2
AddType font/opentype otf
AddType text/markdown md markdown
AddType text/vcard vcf
AddType text/vnd.rim.location.xloc xloc
AddType text/vtt vtt
AddType text/x-component htc
<FilesMatch "favicon\.ico$">
AddType image/vnd.microsoft.icon ico
</FilesMatch>
AddEncoding gzip svgz
AddHandler type-map var
<IfModule negotiation_module>
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en de ca cs da el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddCharset us-ascii.ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5.Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis
AddCharset UTF-8 .atom \
.bbaw \
.css \
.geojson \
.js \
.json \
.jsonld \
.md \
.manifest \
.markdown \
.rdf \
.rss \
.topojson \
.vtt \
.webapp \
.webmanifest \
.xloc \
.xml \
.xsl
</IfModule>
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile "etc/apache24/magic"
</IfModule>
<IfModule autoindex_module>
<IfModule alias_module>
Alias "/icons/" "/usr/local/www/apache24/icons/"
<Directory "/usr/local/www/apache24/icons">
Options None +MultiViews
AllowOverride None
Require all granted
</Directory>
IndexOrderDefault Ascending Name
IndexOptions FancyIndexing VersionSort FoldersFirst IgnoreCase IgnoreClient NameWidth=* SuppressDescription XHTML
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t .git .svn *.bak *.orig
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
</IfModule>
</IfModule>
<IfModule expires_module>
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/xhtml+xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType text/xsl "access plus 0 seconds"
ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 week"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/markdown "access plus 0 seconds"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType image/bmp "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType font/eot "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"
ExpiresByType application/font-woff2 "access plus 1 month"
ExpiresByType text/x-cross-domain-policy "access plus 1 week"
</IfModule>
<If "%{HTTP:Accept-Encoding} =~ /br/i">
<IfModule brotli_module>
AddOutputFilterByType BROTLI_COMPRESS \
"application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/markdown" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml" \
"text/xsl"
</IfModule>
<IfModule !brotli_module>
<IfModule deflate_module>
AddOutputFilterByType DEFLATE \
"application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/markdown" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml" \
"text/xsl"
</IfModule>
</IfModule>
</If>
<ElseIf "%{HTTP:Accept-Encoding} =~ /deflate/i">
<IfModule deflate_module>
AddOutputFilterByType DEFLATE \
"application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/markdown" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml" \
"text/xsl"
</IfModule>
</ElseIf>
<IfModule proxy_html_module>
ProxyHTMLLinks a href
ProxyHTMLLinks area href
ProxyHTMLLinks link href
ProxyHTMLLinks img src longdesc usemap
ProxyHTMLLinks object classid codebase data usemap
ProxyHTMLLinks q cite
ProxyHTMLLinks blockquote cite
ProxyHTMLLinks ins cite
ProxyHTMLLinks del cite
ProxyHTMLLinks form action
ProxyHTMLLinks input src usemap
ProxyHTMLLinks head profile
ProxyHTMLLinks base href
ProxyHTMLLinks script src for
ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
onmouseover onmousemove onmouseout onkeypress \
onkeydown onkeyup onfocus onblur onload \
onunload onsubmit onreset onselect onchange
</IfModule>
<IfModule cache_module>
CacheQuickHandler off
CacheIgnoreURLSessionIdentifiers sid SID
<IfModule cache_disk_module>
CacheRoot "/data/www/cache/"
</IfModule>
<IfModule cache_socache_module>
CacheSocache shmcb
</IfModule>
</IfModule>
<IfModule userdir_module>
UserDir disabled
UserDir "/home/*/public_html"
<Directory "/home/*/public_html">
Options None +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
</IfModule>
<IfModule info_module>
<Location "/.well-known/server-info">
SetHandler server-info
<RequireAny>
Require host localhost
</RequireAny>
</Location>
</IfModule>
<IfModule status_module>
<Location "/.well-known/server-status">
SetHandler server-status
<RequireAny>
Require host localhost
</RequireAny>
</Location>
<IfModule http2_module>
<Location "/.well-known/server-status2">
SetHandler http2-status
<RequireAny>
Require host localhost
</RequireAny>
</Location>
</IfModule>
</IfModule>
<IfModule headers_module>
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Origin "null"
<IfModule setenvif_module>
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</IfModule>
Header set Access-Control-Max-Age "600"
Header set Upgrade-Insecure-Requests "1"
Header set Referrer-Policy "origin-when-cross-origin"
Header set Content-Security-Policy "upgrade-insecure-requests; \
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; \
form-action 'self' https: wss:; \
frame-ancestors 'self'; \
sandbox allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation"
Header set X-Content-Security-Policy "upgrade-insecure-requests; \
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; \
form-action 'self' https: wss:; \
frame-ancestors 'self'; \
sandbox allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-DNS-Prefetch-Control "on"
Header set X-UA-Compatible "IE=Edge"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Timing-Allow-Origin "*"
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
</IfModule>
IncludeOptional "etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf"
ServerName localhost
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/_localhost_/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/_localhost_/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/_localhost_/data"
<Directory "/data/www/vhosts/_localhost_/data">
Options None +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Include "etc/apache24/vhosts.conf"
<IfModule ssl_module>
SSLRandomSeed startup "file:/dev/urandom" 65536
SSLRandomSeed connect "file:/dev/urandom" 65536
SSLPassPhraseDialog builtin
<IfModule socache_shmcb_module>
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
</IfModule>
<IfModule !socache_shmcb_module>
<IfModule socache_dbm_module>
SSLSessionCache "dbm:/var/run/ssl_scache"
</IfModule>
<IfModule !socache_dbm_module>
SSLSessionCache "nonenotnull"
</IfModule>
</IfModule>
SSLSessionTickets Off
SSLHonorCipherOrder On
SSLStrictSNIVHostCheck On
SSLOptions +StrictRequire +StdEnvVars
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite "EECDH+ECDSA+CHACHA20 EECDH+CHACHA20 \
EECDH+ECDSA+AESGCM+AES256 EECDH+AESGCM+AES256 \
EECDH+ECDSA+AESGCM+AES128 EECDH+AESGCM+AES128 \
EECDH+ECDSA+AES256+SHA384 EECDH+AES256+SHA384 \
EECDH+ECDSA+AES128+SHA256 EECDH+AES128+SHA256 \
EECDH+ECDSA+AES256+SHA1 EECDH+AES256+SHA1 \
EECDH+ECDSA+AES128+SHA1 EECDH+AES128+SHA1 \
EDH+CHACHA20 \
EDH+AESGCM+AES256 EDH+AESGCM+AES128 \
EDH+AES256+SHA256 EDH+AES128+SHA256 \
EDH+AES256+SHA1 EDH+AES128+SHA1 \
!CAMELLIA !SEED !IDEA !RC2 !RC4 !3DES !DES !kRSA !kSRP !kPSK !kGOST !kECDHr !kECDHe !kDHr !kDHd !aDSS !aNULL !eNULL !MEDIUM !LOW !EXPORT"
SSLOCSPEnable On
SSLStaplingFakeTryLater Off
SSLStaplingResponderTimeout 2
SSLStaplingReturnResponderErrors Off
SSLStaplingStandardCacheTimeout 86400
<IfModule socache_shmcb_module>
SSLUseStapling On
SSLStaplingCache "shmcb:/var/run/stapling_cache(128000000)"
</IfModule>
<IfModule !socache_shmcb_module>
<IfModule socache_dbm_module>
SSLUseStapling On
SSLStaplingCache "dbm:/var/run/stapling_cache"
</IfModule>
<IfModule !socache_dbm_module>
SSLUseStapling Off
</IfModule>
</IfModule>
Include "etc/apache24/vhosts-ssl.conf"
</IfModule>
"EOF"
vhosts.conf
einrichten.
cat > /usr/local/etc/apache24/vhosts.conf << "EOF"
<VirtualHost *:80>
ServerName devnull.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/_default_/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/_default_/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/_default_/data"
<Directory "/data/www/vhosts/_default_/data">
Options None +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
</IfModule>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
</VirtualHost>
<VirtualHost *:80>
ServerName pki.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/pki.example.com/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/pki.example.com/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/pki.example.com/data"
<Directory "/data/www/vhosts/pki.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
</IfModule>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
</VirtualHost>
<VirtualHost *:80>
ServerName mail.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/mail.example.com/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/mail.example.com/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/mail.example.com/data"
<Directory "/data/www/vhosts/mail.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
</IfModule>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/www.example.com/logs/apache_access_log" combined
ErrorLog "/data/www/vhosts/www.example.com/logs/apache_error_log"
DocumentRoot "/data/www/vhosts/www.example.com/data"
<Directory "/data/www/vhosts/www.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond "%{HTTP_HOST}" "!^www\.example\.com$" [NC]
RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
RewriteRule "^/?(.*)" "http://www.example.com/$1" [L,QSA,R=308]
RewriteCond "%{REQUEST_FILENAME}" "!^/?\.well-known" [NC]
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,QSA,R=308]
</IfModule>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
</VirtualHost>
"EOF"
vhosts-ssl.conf
einrichten.
cat > /usr/local/etc/apache24/vhosts-ssl.conf << "EOF"
<VirtualHost *:443>
ServerName devnull.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/_default_/logs/apache_ssl_access_log" combinedssl
ErrorLog "/data/www/vhosts/_default_/logs/apache_ssl_error_log"
DocumentRoot "/data/www/vhosts/_default_/data"
<Directory "/data/www/vhosts/_default_/data">
Options None +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
SSLEngine on
SSLCertificateFile "/data/pki/certs/devnull.example.com.crt"
SSLCertificateKeyFile "/data/pki/private/devnull.example.com.key"
</VirtualHost>
<VirtualHost *:443>
ServerName pki.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/pki.example.com/logs/apache_ssl_access_log" combinedssl
ErrorLog "/data/www/vhosts/pki.example.com/logs/apache_ssl_error_log"
DocumentRoot "/data/www/vhosts/pki.example.com/data"
<Directory "/data/www/vhosts/pki.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
SSLEngine on
SSLCertificateFile "/data/pki/certs/pki.example.com.crt"
SSLCertificateKeyFile "/data/pki/private/pki.example.com.key"
</VirtualHost>
<VirtualHost *:443>
ServerName mail.example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/mail.example.com/logs/apache_ssl_access_log" combinedssl
ErrorLog "/data/www/vhosts/mail.example.com/logs/apache_ssl_error_log"
DocumentRoot "/data/www/vhosts/mail.example.com/data"
<Directory "/data/www/vhosts/mail.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
SSLEngine on
SSLCertificateFile "/data/pki/certs/mail.example.com.crt"
SSLCertificateKeyFile "/data/pki/private/mail.example.com.key"
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster@example.com
CustomLog "/data/www/vhosts/www.example.com/logs/apache_ssl_access_log" combinedssl
ErrorLog "/data/www/vhosts/www.example.com/logs/apache_ssl_error_log"
DocumentRoot "/data/www/vhosts/www.example.com/data"
<Directory "/data/www/vhosts/www.example.com/data">
Options None +FollowSymLinks
AllowOverride Options FileInfo AuthConfig Limit
Require all granted
</Directory>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond "%{HTTP_HOST}" "!^www\.example\.com$" [NC]
RewriteRule "^/?(.*)" "https://www.example.com/$1" [L,QSA,R=301]
</IfModule>
<FilesMatch "(.+\.phps?)(/.*)?$">
ProxyFCGIBackendType GENERIC
SetHandler "proxy:unix:/var/run/fpm_www.sock|fcgi://localhost"
</FilesMatch>
<Proxy "fcgi://localhost" enablereuse=on max=10>
</Proxy>
SSLEngine on
SSLCertificateFile "/data/pki/certs/www.example.com.crt"
SSLCertificateKeyFile "/data/pki/private/www.example.com.key"
</VirtualHost>
"EOF"
Abschluss
Apache kann nun gestartet werden.
service apache24 start