V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
7654
V2EX  ›  问与答

Apache 与 HTTPS 配置问题, OpenSSL resuming normal operations

  •  
  •   7654 · 2017-09-01 13:24:02 +08:00 · 4828 次点击
    这是一个创建于 2632 天前的主题,其中的信息可能已经有所发展或是发生改变。

    按照 https://mozilla.github.io/server-side-tls/ssl-config-generator 配置的 HTTPS ssllabs 评分 A,域名 DNS 服务商不支持 DNS CAA 但是 Apache 错误日志让我有点郁闷,是哪里配置错了吗,resuming normal operations

    Apache 错误日志

    [Fri Sep 01 13:01:28.716139 2017] [mpm_prefork:notice] [pid 1716] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
    [Fri Sep 01 13:01:28.716158 2017] [core:notice] [pid 1716] AH00094: Command line: '/usr/sbin/apache2'
    

    Apache apace2.conf 配置

    PidFile ${APACHE_PID_FILE}
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 100
    KeepAliveTimeout 5
    User ${APACHE_RUN_USER}
    Group ${APACHE_RUN_GROUP}
    HostnameLookups Off
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    Include ports.conf
    <Directory />
    	Options FollowSymLinks
    	AllowOverride None
    	Require all denied
    </Directory>
    <Directory /usr/share>
    	AllowOverride None
    	Require all granted
    </Directory>
    <Directory /var/www/>
    	Options Indexes FollowSymLinks
    	AllowOverride None
    	Require all granted
    </Directory>
    AccessFileName .htaccess
    <FilesMatch "^\.ht">
    	Require all denied
    </FilesMatch>
    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %O" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    IncludeOptional conf-enabled/*.conf
    IncludeOptional sites-enabled/*.conf
    ServerName 123456.com
    SSLEngine on
    SSLCertificateFile /home/apache/cert.pem
    SSLCertificateKeyFile /home/apache/key.pem
    SSLCACertificateFile /home/apache/fullchain.pem
    

    ssl.conf

    <IfModule mod_ssl.c>
    	SSLRandomSeed startup builtin
    	SSLRandomSeed startup file:/dev/urandom 512
    	SSLRandomSeed connect builtin
    	SSLRandomSeed connect file:/dev/urandom 512
    	AddType application/x-x509-ca-cert .crt
    	AddType application/x-pkcs7-crl .crl
    	SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
    	SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
    	SSLSessionCacheTimeout  300
    	SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    	SSLHonorCipherOrder on
    	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    	SSLUseStapling on
    	SSLStaplingResponderTimeout 5
    	SSLStaplingReturnResponderErrors off
    	SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>
    
    1 条回复    2017-09-01 17:45:14 +08:00
    7654
        1
    7654  
    OP
       2017-09-01 17:45:14 +08:00
    求大佬解惑
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2746 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 14:51 · PVG 22:51 · LAX 06:51 · JFK 09:51
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.