< Apache HTTP Server
Apache HTTP Server/mod_gnutls
From mod_gnutls wiki:
- mod_gnutls is an extension for Apache's httpd uses the GnuTLS library to provide HTTPS.
- It is similar to mod_ssl in purpose, but it supports some features and protocols that mod_ssl does not, and it does not use OpenSSL.
Installation
Install mod_gnutlsAUR, available in the Arch User Repository.
Configure Apache
Add these lines to /etc/httpd/conf/httpd.conf:
LoadModule gnutls_module modules/mod_gnutls.so Include conf/extra/httpd-gnutls.conf
Make sure that the following line is commented in /etc/httpd/conf/httpd.conf:
Include conf/extra/httpd-ssl.conf
Make sure no vhost definitions include mod_ssl.
Create the file /etc/httpd/conf/extra/httpd-gnutls.conf with the following content:
/etc/httpd/conf/extra/httpd-gnutls.conf
Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl GnuTLSCache dbm "/var/run/httpd/gnutls_scache" GnuTLSCacheTimeout 600 <VirtualHost _default_:443> DocumentRoot "/srv/http" ServerName www.example.org ServerAdmin youremail@example.org ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" GnuTLSEnable on GnuTLSPriorities NORMAL GNUTLSExportCertificates on GnuTLSCertificateFile /path/to/certificate/domain.tld.crt GnuTLSKeyFile /path/to/certificate/domain.tld.key </VirtualHost>
Restart httpd.service.
Check that Apache loaded correctly and answers on port 443.
Additional documentation of configuration directives is on the outoforder.cc mod_gnutls documentation page.
Testing
You can test or verify your https configuration via SSL Labs analyze tool.
gollark: There you go.
gollark: message asdhakjfafasf.
gollark: Ah, interesting.
gollark: I can work it out eventually, I'm sure.
gollark: Impressive, my two nodes appear to be deadlocked even though one wants to write and the other wants to read, which is entirely consistent.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.