robsnider
1/3/2017 - 3:54 PM

Apache Config

Apache Config

#Apache Config#

apachectl configtest

#Force to only use SSL# in /etc/apache2/apache.conf

<Directory /var/www/html>
    SSLRequireSSL
</Directory>

#Virtual Host# in /etc/apache2/apache.conf

<VirtualHost *:443>
    ServerAdmin yourname@gmail.com
    DocumentRoot "/var/www/html"
    ServerName server.com
    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"
    
    # Uncomment the following directive when using client certificate authentication
    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

#Enable Headers#

a2enmod

then

headers

#Restarting the Server#

service apache2 restart