I followed [1] to do some checks against the version reported to be bad.
The easiest copy and paste setup would be: $ apt install apache2 $ IP=$(hostname -i | cut -d' ' -f 2) $ sed -i -e "/ServerAdmin/a ServerName $IP" -e 's/ssl-cert-snakeoil.pem/apache-selfsigned.crt/' -e 's/ssl-cert-snakeoil.key/apache-selfsigned.key/' /etc/apache2/sites-available/default-ssl.conf $ sed -i -e "/ServerAdmin/a Redirect \"/\" \"https://$IP/\"" /etc/apache2/sites-available/000-default.conf $ sudo cat << EOF > /etc/apache2/conf-available/ssl-params.conf SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)" SSLSessionTickets Off EOF $ (sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "$IP\n"; sleep 2s; printf "\n";) | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt $ sudo a2enmod ssl $ sudo a2enmod headers $ sudo a2ensite default-ssl $ sudo a2enconf ssl-params $ sudo apache2ctl configtest $ sudo systemctl restart apache2
The above works in a LXD container and would give a basic setup to test. Basic usage of this server was fine for me, doing some ssl checks now ...
[1]: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-18-04
I followed [1] to do some checks against the version reported to be bad.
The easiest copy and paste setup would be: cert-snakeoil. pem/apache- selfsigned. crt/' -e 's/ssl- cert-snakeoil. key/apache- selfsigned. key/' /etc/apache2/ sites-available /default- ssl.conf /$IP/\"" /etc/apache2/ sites-available /000-default. conf conf-available/ ssl-params. conf EDH+AESGCM: AES256+ EECDH:AES256+ EDH Type-Options nosniff logs/stapling- cache(150000) " private/ apache- selfsigned. key -out /etc/ssl/ certs/apache- selfsigned. crt
$ apt install apache2
$ IP=$(hostname -i | cut -d' ' -f 2)
$ sed -i -e "/ServerAdmin/a ServerName $IP" -e 's/ssl-
$ sed -i -e "/ServerAdmin/a Redirect \"/\" \"https:/
$ sudo cat << EOF > /etc/apache2/
SSLCipherSuite EECDH+AESGCM:
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set X-Frame-Options DENY
Header always set X-Content-
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:
SSLSessionTickets Off
EOF
$ (sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "\n"; sleep 2s; printf "$IP\n"; sleep 2s; printf "\n";) | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/
$ sudo a2enmod ssl
$ sudo a2enmod headers
$ sudo a2ensite default-ssl
$ sudo a2enconf ssl-params
$ sudo apache2ctl configtest
$ sudo systemctl restart apache2
The above works in a LXD container and would give a basic setup to test.
Basic usage of this server was fine for me, doing some ssl checks now ...
[1]: https:/ /www.digitaloce an.com/ community/ tutorials/ how-to- create- a-self- signed- ssl-certificate -for-apache- in-ubuntu- 18-04