什么时候该用这个 default-ssl.conf?
用来恢复缺失的默认文件、确认发行版本带了什么,或拿你的 Apache HTTP Server config 做 diff。
适用于
当前查看:
Ubuntu 24.04 LTS (Noble Numbat)
相同于:
Debian 13 (Trixie)
其他版本:
详情
- 大小
- 101 行
- MD5
- 58d23841f0ea37f6c3c1f1c7bda9c6d7
- SHA256
- fd13b196af307df3f168df574a1ba1bb100510de2628b04437bce426a6106b25
/etc/apache2/sites-available/default-ssl.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
复制粘贴
curl:
curl https://exampleconfig.com/api/v1/config/original/58d23841f0ea37f6c3c1f1c7bda9c6d7?hint=default-ssl.conf
wget:
wget -O default-ssl.conf https://exampleconfig.com/api/v1/config/original/58d23841f0ea37f6c3c1f1c7bda9c6d7?hint=default-ssl.conf
给 AI Agent 用
<prompt><role>DevOps agent</role><source url='https://exampleconfig.com/api/v1/config/original/58d23841f0ea37f6c3c1f1c7bda9c6d7?hint=default-ssl.conf' /><config><app>Apache HTTP Server</app><os>Ubuntu 24.04 LTS (Noble Numbat)</os><location>/etc/apache2/sites-available/default-ssl.conf</location><lines>101</lines><md5>58d23841f0ea37f6c3c1f1c7bda9c6d7</md5><sha256>fd13b196af307df3f168df574a1ba1bb100510de2628b04437bce426a6106b25</sha256></config></prompt>
粘贴到 Claude、ChatGPT 或任何 AI 助手里。
安装 Apache HTTP Server
Alpine Linux
sudo apk add apache2
Debian
sudo apt update && sudo apt install apache2
Red Hat Enterprise Linux
sudo yum install httpd
Ubuntu
sudo apt update && sudo apt install apache2
文件位置
FAQ
怎么恢复 Apache HTTP Server 的默认配置?
下载文件,把 /etc/apache2/sites-available/default-ssl.conf 里的当前配置备份好,替换掉,然后 reload 或 restart Apache HTTP Server。
default-ssl.conf 适合直接上生产吗?
这是 Ubuntu 24.04 LTS (Noble Numbat) 的厂商默认配置,只能当基线。上生产前请检查安全和性能设置。
和其他 OS 版本有什么不同?
默认值会随发行版和版本变化,这份对应 Ubuntu 24.04 LTS (Noble Numbat)。
我可以用它来排查 Apache HTTP Server 吗?
可以。和你的配置做 diff 找出漂移,然后只恢复需要的段落。
