我已经按照本教程使用了“使用Kerio Mailserver加密:https://irulan.net/using-lets-encrypt-with-kerio-connect
”这很好用,但我觉得使用Apache更舒服。我想知道以下的Apache对应物是什么:
location /.well-known {
alias /var/www/mail/.well-known;
}
这是(nginx):
location / {
proxy_pass https://localhost:8843;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
与此(apache)相同:
ProxyPreserveHost On
ProxyPass / https://localhost:8843
ProxyPassReverse / https://localhost:8843
???
答案 0 :(得分:0)
以下适用于我:
ServerName fqdn.ext
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
Alias "/.well-known" "/var/www/mail/.well-known"
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/fqdn.ext/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/fqdn.ext/privkey.pem
SSLCompression Off
SSLSessionTickets Off
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE$
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>