差異處

這裏顯示兩個版本的差異處。

--- tech:apache [2021/12/02 12:21] – jonathan
+++ tech:apache [2021/12/04 11:35] (目前版本) – jonathan
@@ 行 1: / 行 1: @@
 ====== Apache WebServer 設定技巧 ======
 ===== 設定啟用 HSTS =====
-  * 將 httpd.conf 內的 headers_module 關閉<file>
+  * [[https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security|點這裡了解 HSTS(HTTP Strict Transport Security)]]
+  * 將 httpd.conf 內的 headers_module 啟用<file>
 :
-#LoadModule headers_module modules/mod_headers.so
+LoadModule headers_module modules/mod_headers.so
 :</file>
   * VirtualHost 內增加 header 設定<file>
 :
 <VirtualHost www.example.com:80>
+Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+</VirtualHost>
+<VirtualHost www.example.com:443>
 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
 </VirtualHost>
 :
 </file>
+**如果是 Debian 環境**
+  * <cli>sudo a2enmod headers</cli>
+  * 編輯 virtual host exp. <cli>vi sites-enabled/wordpress.conf</cli><file>
+:
+<VirtualHost *:80>
+    UseCanonicalName Off
+    ServerAdmin  webmaster@localhost
+    DocumentRoot /var/www/wordpress
+    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+</VirtualHost>
+<VirtualHost *:443>
+    SSLEngine on
+    ServerAdmin  webmaster@localhost
+    DocumentRoot /var/www/wordpress
+    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+</VirtualHost>
+:
+</file>
+  * 重新啟動 apache <cli>sudo systemctl restart apache2</cli>
 ===== 改用 MPM worker 模組提升效能 =====
@@ 行 151: / 行 178: @@
   * http://httpd.apache.org/docs/2.2/mod/core.html#satisfy
   * https://docs.microfocus.com/SM/9.60/Hybrid/Content/security/concepts/support_of_http_strict_transport_security_protocol.htm
+  * https://www.simplified.guide/apache/enable-hsts
 {{tag>apache httpd 密技}}