Show Advanced KnowledgeHide Advanced KnowledgeConfigure vhosts
General server settings to activate SSL
#Check, which sites are running under https: ls /etc/apache2/sites-enabled
#Disable all SSL-confs (recommended). Example: a2dissite 000-default.conf
#Check again if folder is empty. Otherwise delete the content: rm /etc/apache2/sites-enabled/*
#Now we create all vhost-files that we need. In this case:
cd /etc/apache2/sites-available
#For the whole site: touch 000-bbs-ilias.conf
#If you don`t use similar vhost files allready, you can choose my examples. Just edit some lines so it will fit to your installation:
nano 000-bbs-ilias.conf
#Copy the code below and change the lines accordingly to your needs: |
<VirtualHost bbs-ilias.de:80>
ServerAdmin admin@bbs-ilias.de
# Server Name und Alias
ServerName bbs-ilias.de
ServerAlias www.bbs-ilias.de
# Fehler- und Zugriffsprotokolle
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
# Dokumenten-Wurzelverzeichnis
DocumentRoot /var/www/html
# Immer auf HTTPS umleiten
RewriteEngine on
RewriteCond %{SERVER_NAME} =bbs-ilias.de [OR]
RewriteCond %{SERVER_NAME} =www.bbs-ilias.de
RewriteRule ^ https://bbs-ilias.de%{REQUEST_URI} [END,NE,R=permanent]
# HTTP/2-Unterstützung
Protocols h2 http/1.1
# KeepAlive für bessere Performance
KeepAlive on
MaxKeepAliveRequests 100
KeepAliveTimeout 5
# XSendFile-Konfiguration
XSendFilePath /var/www/html
XSendFilePath /opt
# Gzip-Kompression aktivieren
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
AddOutputFilterByType DEFLATE image/svg+xml
DeflateCompressionLevel 6
</IfModule>
# Verzeichniskonfiguration
<Directory /var/www/html/>
Options -Indexes +FollowSymlinks
DirectoryIndex index.php index.html index.htm
AllowOverride All
Require all granted
# Deaktivierung von HTTP-Methoden, die nicht benötigt werden
<LimitExcept GET POST>
deny from all
</LimitExcept>
</Directory>
# Cache-Control für statische Ressourcen
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 7 days"
ExpiresByType image/gif "access plus 7 days"
ExpiresByType image/jpg "access plus 7 days"
ExpiresByType image/jpeg "access plus 7 days"
ExpiresByType image/png "access plus 7 days"
ExpiresByType application/javascript "access plus 7 days"
</IfModule>
</VirtualHost> |
|
a2ensite 000-bbs-ilias.conf
systemctl restart apache2 |
Install the SSL-Certificate with Certbot
apt install certbot python3-certbot-apache
certbot |
- After the prompt "which names would you like to activate HTTPS for?" , choose the names, like 1 2 3 4, give your e-mail and so on ...
- Choose for the domain bbs-ilias.de also www.bbs-ilias.de
- Recommended: Choose 2: "Secure - Make all requests redirect to secure HTTPS access"
- After all, there should appear something like this:
- "Congratulations! You have successfully enabled https://bbs-ilias.de,https://chat.bbs-ilias.de, https://pad.bbs-ilias.de, and https://www.bbs-ilias.de"
- Check, if everything works like expected: https://bbs-ilias.de ("It works!" should appear))
If you get such error message, pause for some hours and try again. It means, that the DNS servers are not allready in sync:
"... To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal."
