@
hefish 分了两部分,80 端口和 443 端口的,80 的自动跳到 443,并且 www 的自动跳到主域名;再就是为了减少恶意爬虫骚扰,用了个
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker,以下是完整配置,去除了注释:```
# xxx.conf
<VirtualHost *:80>
Protocols h2 h2c http/1.1
ServerName
xxx.com ServerAlias
www.xxx.com ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/xxx/public
<Directory /var/www/html/xxx/public>
Header set Access-Control-Allow-Origin *
Options -Indexes +FollowSymLinks
Include /etc/apache2/custom.d/globalblacklist.conf
DirectoryIndex index.php
AllowOverride All
Require all denied
</Directory>
ErrorLog ${APACHE_LOG_DIR}/xxx_error.log
CustomLog ${APACHE_LOG_DIR}/xxx_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =
xxx.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =
www.xxx.com RewriteRule ^
https://xxx.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# xxx-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName
www.xxx.com RewriteEngine on
RewriteCond %{SERVER_NAME} =
www.xxx.com RewriteRule ^
https://xxx.com%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/
xxx.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/
xxx.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
Protocols h2 h2c http/1.1
ServerName
xxx.com ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/xxx/public
<Directory /var/www/html/xxx/public>
Header set Access-Control-Allow-Origin *
Options -Indexes +FollowSymLinks
Include /etc/apache2/custom.d/globalblacklist.conf
DirectoryIndex index.php
AllowOverride All
Require all denied
</Directory>
RewriteEngine on
RewriteRule .* - [E=REQ:%{THE_REQUEST}]
ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client %a] %M% ~ Referer: %-{Referer}i ~ Request: %{REQ}e ~ UserAgent: %{User-Agent}i"
ErrorLog ${APACHE_LOG_DIR}/xxx_error.log
CustomLog ${APACHE_LOG_DIR}/xxx_access.log combined
SSLCertificateFile /etc/letsencrypt/live/
xxx.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
xxx.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
```