Last active
September 26, 2019 20:38
-
-
Save fumiyas/3399743e4b36e92d4ad5fb8495f1c2c4 to your computer and use it in GitHub Desktop.
Apache HTTPD: Serve ACME challenge and block ambiguous server names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Apache virtual servers definition to block ambiguous server names | |
## Put the snippet below to your Apache config file as the first <VirtualHost> | |
Alias /.well-known/acme-challenge/ /var/www/acme/.well-known/acme-challenge/ | |
<Directory /var/www/acme/.well-known/acme-challenge> | |
Require all granted | |
</Directory> | |
<VirtualHost *:80> | |
RedirectMatch 503 "^/(?!\.well-known/|server-status$|server-info$)" | |
ErrorDocument 503 "<html><head><title>503 Service Unavailable</title></head><body><h1>Service Unavailable</h1><p>The requested server name is unknown on this host (rjsy02.nn.kawai-juku.ac.jp, protocol http, port *:80). Please confirm the server name in the URL.</p></body></html>" | |
DocumentRoot /var/www/empty | |
<IfModule status_module> | |
<Location /server-status> | |
Require ip 127.0.0.1 ::1 | |
SetHandler server-status | |
</Location> | |
</IfModule> | |
<IfModule info_module> | |
<Location /server-info> | |
Require ip 127.0.0.1 ::1 | |
SetHandler server-info | |
</Location> | |
</IfModule> | |
</VirtualHost> | |
<VirtualHost *:443> | |
SSLEngine On | |
SSLCertificateFile /etc/httpd/certs/unknown.crt | |
SSLCertificateKeyFile /etc/httpd/private/unknown.key | |
Redirect 503 / | |
ErrorDocument 503 "<html><head><title>503 Service Unavailable</title></head><body><h1>Service Unavailable</h1><p>The requested server name is unknown on this host (hostname.example.jp, protocol https, port *:443). Please confirm the server name in the URL.</p></body></html>" | |
DocumentRoot /var/www/empty | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment