Vhffs_Https

[ Serveurs - Vhffs - Https - Apache - Configuration ]

Configurer le SSL pour les sous domaines sensibles

Comme par exemple panel.votredomaine.com ou phpmyadmin.votredomaine.com

Configuration

Editez le fichier default-ssl dans /etc/apache2/sites-available

Le fichier devrait ressembler à ça : (vous devrez avoir préalablement créé un certificat)

<IfModule mod_ssl.c>                                                                                                                                                            
<VirtualHost _default_:443>

        # Activé uniquement pour les sites hors hébergés
        HashEnable Off

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/ssl_access.log combined

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
       SSLCertificateFile    /etc/ssl/certs/ssl-cert-mysite.pem
       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-mysite.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

Vérifiez la présence de ces lignes dans le fichier de configuration d'apache (en particulier ports.conf sous Debian)

<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    Listen 443
    NameVirtualHost *:443
</IfModule>

Éditez ensuite la configuration de chaque VirtualHost pour rajouter le VirtualHost qui écoute sur 443 :

<VirtualHost *:443>

        HashEnable Off              

        ServerAdmin webmaster@localhost
        ServerName panel.monsite.com
        DocumentRoot /usr/share/vhffs/panel/
        DirectoryIndex auth.pl index.pl

        <Directory /usr/share/vhffs/panel/>
                AllowOverride None
                Options ExecCGI FollowSymLinks
                Order allow,deny
                Allow from all
                AddHandler cgi-script .pl 
        </Directory>

        ErrorLog /var/log/apache2/panel-error.log

        # Possible values include: 
        #   debug, info, notice, warn, error, crit, alert, emerg
        LogLevel warn

        CustomLog /var/log/apache2/panel-access.log combined

        Include /etc/apache2/ssl-panel.conf

</VirtualHost>

Activation

Activez ensuite le site

a2ensit default-ssl
/etc/init.d/apache2 restart
Creative Commons License