Hi, TLS should work.
what you need is a tls/ssl config, see below example. Include what you need in virtualhost :*443 Of course: you need a private key/tls (ssl) certificate/chain. If possible, I can recommend letsencrypt. Simply configure TLS, and update with your settings after this works correctly. # generated 2021-09-07, Mozilla Guideline v5.6, Apache 2.4.48, OpenSSL 1.1.1d, intermediate configuration # https://ssl-config.mozilla.org/#server=apache&version=2.4.48&config=intermediate&openssl=1.1.1d&guideline=5.6 # this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers <VirtualHost *:80> RewriteEngine On RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] </VirtualHost> <VirtualHost *:443> SSLEngine on # curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateFile /path/to/signed_cert_and_intermediate_certs_and_dhparams SSLCertificateKeyFile /path/to/private_key # enable HTTP/2, if available Protocols h2 http/1.1 # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) Header always set Strict-Transport-Security "max-age=63072000" </VirtualHost> # intermediate configuration SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" Regards, Harrie On Tue, 7 Sep 2021, 23:18 Dave Wreski, <dwre...@guardiandigital.com.invalid> wrote: > Hi, > > I have an apache-2.4.48 server on fedora34 and would like to enable > mod_status to be able to obtain server status information. However, the > docs appear to say the only way to access it is over port 80, not SSL. Is > that correct? > > Chrome is also expecting the site to be over SSL, of course. > > https://httpd.apache.org/docs/2.4/mod/mod_status.html > > Here is my virtual host entry on port 80: > > <VirtualHost 209.216.111.156:80> > ServerName darwin-perf.example.com > ServerAdmin ad...@example.com > > ErrorLog /var/www/otherdomains-443/logs/error_log > CustomLog /var/www/otherdomains-443/logs/access_log timing > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" > %T/%D %I/%O/%B H:%H U:%U dp80 s:%s V:%V v:%v" timing > > <Location /server-status> > SetHandler server-status > Order deny,allow > Deny from all > Allow from 127.0.0.1 localhost 192.168.1.0/24 > </Location> > > <Location /server-info> > SetHandler server-info > Order Deny,Allow > Allow from ip 127.0.0.1 localhost 192.168.1.0/24 > </Location> > > <Location /perl-status> > SetHandler perl-script > PerlResponseHandler Apache2::Status > Order deny,allow > Deny from all > Allow from ip 127.0.0.1 localhost 192.168.1.0/24 > </Location> > > <FilesMatch > "^ping|status-fpm$"> > RewriteEngine Off > SetHandler > "proxy:unix:/run/php-fpm/linuxsecurity.sock|fcgi://localhost" > </FilesMatch> > > </VirtualHost> > > > >
