Toxic a dit:i'll give you an example if thats ok...
so in /share/CACHEDEV1_DATA/.qpkg/Qapache/etc you have the main apache configuration file:
httpd.conf
most settings are based on there. Stephanes setup is based on http on port 88 and https on 448 setup your firewall to accept port 80 and forward it to NAS IP:88, and if your using https, open ports 443 and forward to NAS IP:448
I have two domains on my nas setup so we need to setup Virtual Hosts. this file along with the rest of the configuration files are in
httpd.conf and we need to add httpd-vhosts.conf file to the config. in httpd.conf there is a line
# Virtual hosts
# Include etc/extra/httpd-vhosts.conf
just uncomment the Include line like so:
# Virtual hosts
Include etc/extra/httpd-vhosts.conf
Each Virtual host can have its own settings based on what you want. httpd.conf is the default setting, but these can be overwritten by entries in httpd-vhosts.conf
Code:# Virtual Hosts # # Required modules: mod_log_config # If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs/2.4/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost *:88> ServerAdmin site1@email.com DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress" ServerName site1.org.uk ServerAlias www.site1.org.uk ErrorLog "/opt/Qapache/var/logs/site1-error_log" CustomLog "/opt/Qapache/var/logs/site1-access_log" combined env=!dontlog </VirtualHost> <VirtualHost *:88> ServerAdmin site2@email.com DocumentRoot "/share/CACHEDEV1_DATA/htdocs/weather" ServerName site2.org ServerAlias www.site2.org ErrorLog "var/logs/site2-error_log" CustomLog "var/logs/site2-access_log" combined env=!dontlog </VirtualHost> <VirtualHost *:88> ServerAdmin site3@email.com DocumentRoot "/share/CACHEDEV1_DATA/htdocs/zenphoto" ServerName zenphoto.site1.org.uk ServerAlias zenphoto.site1.org.uk ErrorLog "/opt/Qapache/var/logs/zenphoto-error_log" CustomLog "/opt/Qapache/var/logs/zenphoto-access_log" combined env=!dontlog </VirtualHost> # # SSL Confirguration and stuff # Listen 448 <VirtualHost *:448> ServerAdmin site1@gmail.com DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress" ServerName site1.org.uk ServerAlias www.site1.org.uk SSLEngine on SSLCertificateFile /etc/ssl/certs/site1/certificate.crt SSLCertificateKeyFile /etc/ssl/private/privatedm.key SSLCertificateChainFile /etc/ssl/certs/site1/ca_bundle.crt SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on ErrorLog "/opt/Qapache/var/logs/site1-error_443_log" CustomLog "/opt/Qapache/var/logs/site1-access_443_log" combined env=!dontlog </VirtualHost> <VirtualHost *:448> ServerAdmin site2@email.com DocumentRoot "/share/CACHEDEV1_DATA/htdocs/site2" ServerName site2.org ServerAlias www.site2.org SSLEngine on SSLCertificateFile /etc/ssl/certs/site2/certificate.crt SSLCertificateKeyFile /etc/ssl/private/privatesite2.key SSLCertificateChainFile /etc/ssl/certs/site2/ca_bundle.crt SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on ErrorLog "var/logs/site2-error_443_log" CustomLog "var/logs/site2-access_443_log" combined env=!dontlog </VirtualHost>
My SSLCipherSuite is a taken from a recommended Cipher to disable anything other than TLS 1.2 (recommended)
SSL v1, v2,v3 and TLS 1.0 are vulnerable. TLS 1.1 has not yet proven insecure (I dont think)
once you are up and running check your website:
https://www.ssllabs.com/ssltest/
Also for speed and optimisation use:
https://gtmetrix.com/
Hope that's ok. I tried the lets encrypt import on QTS 4.3.2 but it just never works. so I went to https://www.sslforfree.com/ and used their manual certs, which uses Lets Encrypt and allows you to download the certs etc. this is a manual process which you have to renew the Cert every 90 days. they will email you a week before it is due to run out, but i am sure you can set a calendar event to remind you too.
give me a shout it you need anything else explained, but the info above should help loads.
was the qnap lets encrypt meant to automate the renewal ? cause i don't really like having to do that manually on schedule :?