Apache HTTP Server 2.4.17 加入了HTTP/2模块mod_http2,看到Debian sid源已经更新了,就在VPS上也升级了一下。
修改源
nano /etc/apt/sources.list
加入一行
deb http://ftp.debian.org/debian/ testing main contrib non-free
升级Apache2
apt-get update apt-get install apache2
启用mod_http2
a2enmod http2
/etc/apache2/sites-available/cnlic80.conf内容如下:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Protocols h2c http/1.1
ProtocolsHonorOrder On
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
</VirtualHost>
/etc/apache2/sites-available/cnlic443.conf内容如下:
<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/ocsp(128000)
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set Public-Key-Pins "pin-sha256=\"MijrRMqLamJ5JIdQY2z07/U4iRdUqTxu5ei8+FfSKnE=\"; pin-sha256=\"b5EjL7NMkpmKiO8Q5gXMahNdgjbPIxA1u7fYkhMAWLk=\"; max-age=86400; includeSubDomains"
Protocols h2 http/1.1
ProtocolsHonorOrder On
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/apache2/ssl/cnlic_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/cnlic_com.key
SSLHonorCipherOrder On
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DES-CBC3-SHA"
SSLUseStapling On
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors Off
</VirtualHost>
</IfModule>
重启apache2
service apache2 restart
