< Apache HTTP Server

Apache HTTP Server/mod_gnutls

From mod_gnutls wiki:

mod_gnutls is an extension for ​Apache's httpd uses the ​GnuTLS library to provide HTTPS.
It is similar to ​mod_ssl in purpose, but it supports some features and protocols that mod_ssl does not, and it does not use ​OpenSSL.

Installation

Install mod_gnutlsAUR, available in the Arch User Repository.

Configure Apache

Add these lines to /etc/httpd/conf/httpd.conf:

LoadModule gnutls_module modules/mod_gnutls.so
Include conf/extra/httpd-gnutls.conf

Make sure that the following line is commented in /etc/httpd/conf/httpd.conf:

Include conf/extra/httpd-ssl.conf

Make sure no vhost definitions include mod_ssl.

Create the file /etc/httpd/conf/extra/httpd-gnutls.conf with the following content:

/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

GnuTLSCache dbm "/var/run/httpd/gnutls_scache"
GnuTLSCacheTimeout 600

<VirtualHost _default_:443>

DocumentRoot "/srv/http"
ServerName www.example.org
ServerAdmin youremail@example.org
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"

GnuTLSEnable on
GnuTLSPriorities NORMAL

GNUTLSExportCertificates on

GnuTLSCertificateFile /path/to/certificate/domain.tld.crt
GnuTLSKeyFile /path/to/certificate/domain.tld.key

</VirtualHost>

Restart httpd.service.

Check that Apache loaded correctly and answers on port 443.

Additional documentation of configuration directives is on the outoforder.cc mod_gnutls documentation page.

Testing

You can test or verify your https configuration via SSL Labs analyze tool.

gollark: I don't think half of America actually has said as much.
gollark: I mean, sure, but to continue making somewhat unrelated meta-level claims, almost regardless of how much that's actually happening there'll still be a few people complaining about it.
gollark: The important thing is probably... quantitative data about the amounts and change of each?
gollark: Regardless of what's actually happening with news, you can probably dredge up a decent amount of examples of people complaining about being too censored *and* the other way round.
gollark: With the butterfly-weather-control example that's derived from, you can't actually track every butterfly and simulate the air movements resulting from this (yet, with current technology and algorithms), but you can just assume some amount of random noise (from that and other sources) which make predictions about the weather unreliable over large time intervals.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.