< Apache HTTP Server
Apache HTTP Server/mod_gnutls
From mod_gnutls wiki:
- mod_gnutls is an extension for Apache's httpd uses the GnuTLS library to provide HTTPS.
- It is similar to mod_ssl in purpose, but it supports some features and protocols that mod_ssl does not, and it does not use OpenSSL.
Installation
Install mod_gnutlsAUR, available in the Arch User Repository.
Configure Apache
Add these lines to /etc/httpd/conf/httpd.conf
:
LoadModule gnutls_module modules/mod_gnutls.so Include conf/extra/httpd-gnutls.conf
Make sure that the following line is commented in /etc/httpd/conf/httpd.conf
:
Include conf/extra/httpd-ssl.conf
Make sure no vhost definitions include mod_ssl.
Create the file /etc/httpd/conf/extra/httpd-gnutls.conf
with the following content:
/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl GnuTLSCache dbm "/var/run/httpd/gnutls_scache" GnuTLSCacheTimeout 600 <VirtualHost _default_:443> DocumentRoot "/srv/http" ServerName www.example.org ServerAdmin youremail@example.org ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" GnuTLSEnable on GnuTLSPriorities NORMAL GNUTLSExportCertificates on GnuTLSCertificateFile /path/to/certificate/domain.tld.crt GnuTLSKeyFile /path/to/certificate/domain.tld.key </VirtualHost>
Restart httpd.service
.
Check that Apache loaded correctly and answers on port 443.
Additional documentation of configuration directives is on the outoforder.cc mod_gnutls documentation page.
Testing
You can test or verify your https configuration via SSL Labs analyze tool.
gollark: Git is apparently not great at binary files.
gollark: On my server with heavpøøøøøøøt.
gollark: Yep!
gollark: Muahahaha. I have made an automatic roboport deployer.
gollark: There is more to readability than comments, also.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.