質問編集履歴

ssl.conf追記

2019/02/24 14:54

投稿

ginuser

スコア13

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -40,258 +40,64 @@
 尚Responseの方はタイムアウト終了後空白でした。
 追追記)
-httpd.confの中身です。
 ```ここに言語を入力
-[ec2-user@myaws conf]$ cat httpd.conf
+[ec2-user@myaws conf.d]$ cat ssl.conf
-ServerRoot "/etc/httpd"
+Listen 443 https
-Listen 80
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
-Include conf.modules.d/*.conf
+SSLSessionCacheTimeout  300
-User apache
+SSLRandomSeed startup file:/dev/urandom  256
-Group apache
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
-ServerAdmin root@localhost
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
-ServerName myaws
-<Directory />
+<VirtualHost _default_:443>
-    AllowOverride All
-</Directory>
 DocumentRoot "/var/www/html"
-<Directory "/var/www">
-    AllowOverride All
-    # Allow open access:
-    Require all granted
+ServerName myaws:443
-</Directory>
-# Further relax access to the default document root:
-<Directory "/var/www/html">
-    #
-    # Possible values for the Options directive are "None", "All",
-    # or any combination of:
-    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-    #
-    # Note that "MultiViews" must be named *explicitly* --- "Options All"
-    # doesn't give it to you.
-    #
-    # The Options directive is both complicated and important.  Please see
-    # http://httpd.apache.org/docs/2.4/mod/core.html#options
-    # for more information.
-    #
-    Options Indexes FollowSymLinks
-    #
-    # AllowOverride controls what directives may be placed in .htaccess files.
-    # It can be "All", "None", or any combination of the keywords:
-    #   Options FileInfo AuthConfig Limit
-    #
-    AllowOverride All
-    #
-    # Controls who can get stuff from this server.
-    #
-    Require all granted
-</Directory>
-#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
-#
-<IfModule dir_module>
-    DirectoryIndex index.php index.html
-</IfModule>
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<Files ".ht*">
-    Require all denied
-</Files>
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here.  If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog "logs/error_log"
+ErrorLog logs/ssl_error_log
-#
-# LogLevel: Control the number of messages logged to the error_log.
+TransferLog logs/ssl_access_log
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
 LogLevel warn
-<IfModule log_config_module>
-    #
-    # The following directives define some format nicknames for use with
-    # a CustomLog directive (see below).
+SSLEngine on
-    #
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+SSLProtocol all -SSLv3
-    <IfModule logio_module>
+SSLProxyProtocol all -SSLv3
-      # You need to enable mod_logio.c to use %I and %O
-      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-    </IfModule>
-    #
-    # The location and format of the access logfile (Common Logfile Format).
-    # If you do not define any access logfiles within a <VirtualHost>
-    # container, they will be logged here.  Contrariwise, if you *do*
-    # define per-<VirtualHost> access logfiles, transactions will be
-    # logged therein and *not* in this file.
+SSLHonorCipherOrder on
-    #
-    #CustomLog "logs/access_log" common
-    #
-    # If you prefer a logfile with access, agent, and referer information
-    # (Combined Logfile Format) you can use the following directive.
+SSLCertificateFile /etc/letsencrypt/live/mysite.com/cert.pem
-    #
-    CustomLog "logs/access_log" combined
-</IfModule>
-<IfModule alias_module>
-    #
-    # Redirect: Allows you to tell clients about documents that used to
-    # exist in your server's namespace, but do not anymore. The client
-    # will make a new request for the document at its new location.
-    # Example:
-    # Redirect permanent /foo http://www.example.com/bar
+SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
-    #
-    # Alias: Maps web paths into filesystem paths and is used to
-    # access content that does not live under the DocumentRoot.
-    # Example:
-    # Alias /webpath /full/filesystem/path
+SSLCertificateChainFile /etc/letsencrypt/live/mysite.com/chain.pem
-    #
-    # If you include a trailing / on /webpath then the server will
-    # require it to be present in the URL.  You will also likely
-    # need to provide a <Directory> section to allow access to
-    # the filesystem path.
-    #
-    # ScriptAlias: This controls which directories contain server scripts.
-    # ScriptAliases are essentially the same as Aliases, except that
+<FilesMatch ".(cgi|shtml|phtml|php)$">
-    # documents in the target directory are treated as applications and
-    # run by the server when requested rather than as documents sent to the
-    # client.  The same rules about trailing "/" apply to ScriptAlias
-    # directives as to Alias.
+    SSLOptions +StdEnvVars
-    #
-    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-</IfModule>
+</FilesMatch>
-#
-# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
 <Directory "/var/www/cgi-bin">
-    AllowOverride All
-    Options None
+    SSLOptions +StdEnvVars
-    Require all granted
 </Directory>
-<IfModule mime_module>
-    #
-    # TypesConfig points to the file containing the list of mappings from
+BrowserMatch "MSIE [2-5]"nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
-    # filename extension to MIME-type.
-    #
-    TypesConfig /etc/mime.types
-    #
-    # AddType allows you to add to or override the MIME configuration
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-    # file specified in TypesConfig for specific file types.
-    #
-    #AddType application/x-gzip .tgz
-    #
-    # AddEncoding allows you to have certain browsers uncompress
-    # information on the fly. Note: Not all browsers support this.
-    #
-    #AddEncoding x-compress .Z
-    #AddEncoding x-gzip .gz .tgz
-    #
-    # If the AddEncoding directives above are commented-out, then you
-    # probably should define those extensions to indicate media types:
-    #
-    AddType application/x-compress .Z
-    AddType application/x-gzip .gz .tgz
-    #
-    # AddHandler allows you to map certain file extensions to "handlers":
-    # actions unrelated to filetype. These can be either built into the server
-    # or added with the Action directive (see below)
-    #
-    # To use CGI scripts outside of ScriptAliased directories:
-    # (You will also need to add "ExecCGI" to the "Options" directive.)
-    #
-    #AddHandler cgi-script .cgi
+ServerAlias mysite.com
+#SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
+#SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
+Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
-    # For type maps (negotiated resources):
-    #AddHandler type-map var
-    #
-    # Filters allow you to process content before it is sent to the client.
-    #
-    # To parse .shtml files for server-side includes (SSI):
-    # (You will also need to add "Includes" to the "Options" directive.)
-    #
-    AddType text/html .shtml
-    AddOutputFilter INCLUDES .shtml
-</IfModule>
-#
-# Specify a default charset for all content served; this enables
-# interpretation of all content as UTF-8 by default.  To use the
-# default browser choice (ISO-8859-1), or to allow the META tags
-# in HTML content to override this choice, comment out this
-# directive:
-#
-AddDefaultCharset UTF-8
-<IfModule mime_magic_module>
-    #
-    # The mod_mime_magic module allows the server to use various hints from the
-    # contents of the file itself to determine its type.  The MIMEMagicFile
-    # directive tells the module where the hint definitions are located.
-    #
-    MIMEMagicFile conf/magic
-</IfModule>
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-#
-# EnableMMAP and EnableSendfile: On systems that support it,
-# memory-mapping or the sendfile syscall may be used to deliver
-# files.  This usually improves server performance, but must
-# be turned off when serving from networked-mounted
-# filesystems or if support for these functions is otherwise
-# broken on your system.
-# Defaults if commented: EnableMMAP On, EnableSendfile Off
-#
-#EnableMMAP off
-EnableSendfile on
-# Supplemental configuration
-#
-# Load config files in the "/etc/httpd/conf.d" directory, if any.
-IncludeOptional conf.d/*.conf
 ```

httpd,conf追記

2019/02/24 14:54

投稿

ginuser

スコア13

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -37,4 +37,261 @@
 追記)
 アクセス時のHTTPヘッダの中身です。
 ![イメージ説明](dc04b79c091b2a032b55e3edb0482ef3.png)
-尚Responseの方はタイムアウト終了後空白でした。
+尚Responseの方はタイムアウト終了後空白でした。
+追追記)
+httpd.confの中身です。
+```ここに言語を入力
+[ec2-user@myaws conf]$ cat httpd.conf
+ServerRoot "/etc/httpd"
+Listen 80
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+ServerName myaws
+<Directory />
+    AllowOverride All
+</Directory>
+DocumentRoot "/var/www/html"
+<Directory "/var/www">
+    AllowOverride All
+    # Allow open access:
+    Require all granted
+</Directory>
+# Further relax access to the default document root:
+<Directory "/var/www/html">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   Options FileInfo AuthConfig Limit
+    #
+    AllowOverride All
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
+</Directory>
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+    DirectoryIndex index.php index.html
+</IfModule>
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<Files ".ht*">
+    Require all denied
+</Files>
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "logs/error_log"
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+<IfModule log_config_module>
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    #CustomLog "logs/access_log" common
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    CustomLog "logs/access_log" combined
+</IfModule>
+<IfModule alias_module>
+    #
+    # Redirect: Allows you to tell clients about documents that used to
+    # exist in your server's namespace, but do not anymore. The client
+    # will make a new request for the document at its new location.
+    # Example:
+    # Redirect permanent /foo http://www.example.com/bar
+    #
+    # Alias: Maps web paths into filesystem paths and is used to
+    # access content that does not live under the DocumentRoot.
+    # Example:
+    # Alias /webpath /full/filesystem/path
+    #
+    # If you include a trailing / on /webpath then the server will
+    # require it to be present in the URL.  You will also likely
+    # need to provide a <Directory> section to allow access to
+    # the filesystem path.
+    #
+    # ScriptAlias: This controls which directories contain server scripts.
+    # ScriptAliases are essentially the same as Aliases, except that
+    # documents in the target directory are treated as applications and
+    # run by the server when requested rather than as documents sent to the
+    # client.  The same rules about trailing "/" apply to ScriptAlias
+    # directives as to Alias.
+    #
+    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+</IfModule>
+#
+# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/var/www/cgi-bin">
+    AllowOverride All
+    Options None
+    Require all granted
+</Directory>
+<IfModule mime_module>
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig /etc/mime.types
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    AddType text/html .shtml
+    AddOutputFilter INCLUDES .shtml
+</IfModule>
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default.  To use the
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+<IfModule mime_magic_module>
+    #
+    # The mod_mime_magic module allows the server to use various hints from the
+    # contents of the file itself to determine its type.  The MIMEMagicFile
+    # directive tells the module where the hint definitions are located.
+    #
+    MIMEMagicFile conf/magic
+</IfModule>
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+#
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall may be used to deliver
+# files.  This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+EnableSendfile on
+# Supplemental configuration
+#
+# Load config files in the "/etc/httpd/conf.d" directory, if any.
+IncludeOptional conf.d/*.conf
+```

画像を追加しました

2019/02/24 14:00

投稿

ginuser

スコア13

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -32,4 +32,9 @@
 現状、http://ドメイン名では通常通りアクセスができる状態です。
 どなたか上記のような現象に心当たりがございましたらお教えいただければと思います。
-よろしくお願いいたします。
+よろしくお願いいたします。
+追記)
+アクセス時のHTTPヘッダの中身です。
+![イメージ説明](dc04b79c091b2a032b55e3edb0482ef3.png)
+尚Responseの方はタイムアウト終了後空白でした。