每月彙整: 2015 年 12 月

HTTP/2 On FreeBSD

    1. echo “WITH_OPENSSL_PORT=yes” >> /etc/make.conf
    2. cd /usr/ports/security/openssl ; make install clean
    3. cd /usr/ports/devel/apr1; make install clean
    4. cd /usr/ports/www/apache24; make install clean
    5. vim /usr/local/etc/apache24/httpd.conf
      #LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
      #LoadModule http2_module libexec/apache24/mod_http2.so
      #LoadModule ssl_module libexec/apache24/mod_ssl.so
      ↓
      LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
      LoadModule http2_module libexec/apache24/mod_http2.so
      LoadModule ssl_module libexec/apache24/mod_ssl.so
    6. vim /usr/local/etc/apache24/extra/httpd-ssl.conf
      SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
      ↓
      SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
      SSLProtocol all -SSLv3
      ↓
      SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
      <VirtualHost _default_:443>
      Protocols h2 http/1.1

Ref.
1. https://blog.apar.jp/linux/3484/
2. https://forums.freebsd.org/threads/apache-will-not-start-with-openssl-from-ports.38454/
3. https://icing.github.io/mod_h2/howto.html