FreeBSD apache24 with letsencrypt

安裝

pkg install py37-certbot

----------

先測試是否可正常下載憑證

certbot certonly --standalone -d example.tw --dry-run

成功的話再下

certbot certonly --standalone -d example.tw

檔案會放在

/usr/local/etc/letsencrypt/live/example.tw/

----------

編輯httpd.conf

Listen 443

LoadModule ssl_module libexec/apache24/mod_ssl.so

<VirtualHost *:443>

    ServerName example.tw

    DocumentRoot /home/example/www

    SSLEngine on

    SSLCertificateFile "/usr/local/etc/letsencrypt/live/example.tw/cert.pem"

    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/example.tw/privkey.pem"

    SSLCertificateChainFile /usr/local/etc/letsencrypt/live/example.tw/chain.pem

</VirtualHost>

FreeBSD apache24 with mod_security

 安裝

pkg install ap24-mod_security

----------

apache24啟用mod_security

*把註解拿掉

ee /usr/local/etc/apache24/modules.d/280_mod_security.conf

LoadModule unique_id_module libexec/apache24/mod_unique_id.so

LoadModule security2_module libexec/apache24/mod_security2.so

Include /usr/local/etc/modsecurity/*.conf

Include /usr/local/etc/modsecurity/activated_rules/*.conf

----------

抓取core rule set檔案

fetch https://github.com/coreruleset/coreruleset/archive/v3.3.0.tar.gz

tar zxvf v3.3.0.tar.gz

cd coreruleset-3.3.0

cp crs-setup.conf.example /usr/local/etc/modsecurity/

cd rules

cp * /usr/local/etc/modsecurity/

----------

重新啟動apache

service apache24 restart

----------

測試

開啟一個不存在的網頁

http://example.com/aaaa.php

or

curl -Ik https://example.tw/?abc=../../

可以在/var/log/modsec_audit.log看到紀錄

windows 安裝 apache

下載連結
https://www.apachelounge.com/download/

• vc_redist_x64.exe
• httpd-2.4.29-Win64-VC15.zip

1. 安裝vc_redist_x64.exe
2. 將httpd-2.4.29-Win64-VC15.zip解壓縮到 c:/Apache24 資料夾
3. c:/Apache24/bin/httpd -k install