Apache 与 HTTPS 配置问题, OpenSSL resuming normal operations

2017-09-01 13:24:02 +08:00
 7654

按照 https://mozilla.github.io/server-side-tls/ssl-config-generator 配置的 HTTPS ssllabs 评分 A,域名 DNS 服务商不支持 DNS CAA 但是 Apache 错误日志让我有点郁闷,是哪里配置错了吗,resuming normal operations

Apache 错误日志

[Fri Sep 01 13:01:28.716139 2017] [mpm_prefork:notice] [pid 1716] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Fri Sep 01 13:01:28.716158 2017] [core:notice] [pid 1716] AH00094: Command line: '/usr/sbin/apache2'

Apache apace2.conf 配置

PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
Include ports.conf
<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>
<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>
<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
	Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
ServerName 123456.com
SSLEngine on
SSLCertificateFile /home/apache/cert.pem
SSLCertificateKeyFile /home/apache/key.pem
SSLCACertificateFile /home/apache/fullchain.pem

ssl.conf

<IfModule mod_ssl.c>
	SSLRandomSeed startup builtin
	SSLRandomSeed startup file:/dev/urandom 512
	SSLRandomSeed connect builtin
	SSLRandomSeed connect file:/dev/urandom 512
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl
	SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
	SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
	SSLSessionCacheTimeout  300
	SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
	SSLUseStapling on
	SSLStaplingResponderTimeout 5
	SSLStaplingReturnResponderErrors off
	SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>
4793 次点击
所在节点    问与答
1 条回复
7654
2017-09-01 17:45:14 +08:00
求大佬解惑

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/387421

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX