< Apache HTTP Server

Apache HTTP Server/mod_gnutls

From mod_gnutls wiki:

mod_gnutls is an extension for ​Apache's httpd uses the ​GnuTLS library to provide HTTPS.
It is similar to ​mod_ssl in purpose, but it supports some features and protocols that mod_ssl does not, and it does not use ​OpenSSL.

Installation

Install mod_gnutlsAUR, available in the Arch User Repository.

Configure Apache

Add these lines to /etc/httpd/conf/httpd.conf:

LoadModule gnutls_module modules/mod_gnutls.so
Include conf/extra/httpd-gnutls.conf

Make sure that the following line is commented in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-ssl.conf

Make sure no vhost definitions include mod_ssl.

Create the file /etc/httpd/conf/extra/httpd-gnutls.conf with the following content:

/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
GnuTLSCacheTimeout 600

<VirtualHost _default_:443>

DocumentRoot "/srv/http"
ServerName www.example.org
ServerAdmin youremail@example.org
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

GnuTLSEnable on
GnuTLSPriorities NORMAL

GNUTLSExportCertificates on

GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
GnuTLSKeyFile /path/to/certificate/domain.tld.key

</VirtualHost>

Restart httpd.service.

Check that Apache loaded correctly and answers on port 443.

Additional documentation of configuration directives is on the outoforder.cc mod_gnutls documentation page.

Testing

You can test or verify your https configuration via SSL Labs analyze tool.

gollark: Git is apparently not great at binary files.
gollark: On my server with heavpøøøøøøøt.
gollark: Yep!
gollark: Muahahaha. I have made an automatic roboport deployer.
gollark: There is more to readability than comments, also.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.