windows下Apache比iis配置简单的多,性能也不差。配置了网站的https测试分数也达到了A+,为了安全只能不兼容IE6,这里做一下记录。
vhosts.conf:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<VirtualHost *:80> DocumentRoot "D:\htdocs" ServerName htdocs ServerAlias www.domain.com domain.com ErrorLog "logs/error/domain.com-error.log" #CustomLog "logs/error/domain.com-access.log" common Header always append X-Frame-Options SAMEORIGIN RedirectMatch permanent ^/(.*)$ https://domain.com/$1 <Directory "D:\htdocs"> Options FollowSymLinks ExecCGI INCLUDES AllowOverride All Order allow,deny Allow from all Require all granted </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "D:\htdocs" ServerName htdocs ServerAlias www.domain.com domain.com ErrorLog "logs/error/s-domain.com-error.log" #CustomLog "logs/error/s-domain.com-access.log" common Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" Header always append X-Frame-Options SAMEORIGIN <Directory "D:\htdocs"> Options FollowSymLinks ExecCGI INCLUDES AllowOverride All Order allow,deny Allow from all Require all granted </Directory> SSLEngine on SSLCertificateFile "D:\Apache\conf\ssl\domain.com\2_domain.com.crt" SSLCertificateKeyFile "D:\Apache\conf\ssl\domain.com\3_domain.com.key" SSLCertificateChainFile "D:\Apache\conf\ssl\domain.com\1_root_bundle.crt" </VirtualHost> |
httpd-ssl.conf:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Listen 443 SSLPassPhraseDialog builtin SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off #SSLSessionCache "dbm:/Apache/logs/ssl_scache" SSLSessionCache "shmcb:d:/Apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:d:/Apache/logs/ocsp(128000) |
