Add default SSL for lighttpd
authorDavid Durvaux <info@autopsit.org>
Tue, 12 Nov 2013 16:52:36 +0000 (17:52 +0100)
committerDavid Durvaux <info@autopsit.org>
Tue, 12 Nov 2013 16:52:36 +0000 (17:52 +0100)
src/practical_settings.tex

index d3ad016..df37c5b 100644 (file)
@@ -187,6 +187,23 @@ You should redirect everything to httpS:// if possible. In Apache you can do thi
 
 \subsubsection{lighttpd}
 
+%% Note: need to be checked / reviewed
+
+%% Complete ssl.cipher-list with same algo than Apache
+%% Currently this is only the default proposed lighttpd config for SSL
+\begin{verbatim}
+  $SERVER["socket"] == "0.0.0.0:443" {
+    ssl.engine  = "enable"
+    ssl.pemfile = "/etc/lighttpd/server.pem"
+
+    ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:\
+                       AES256-SHA256:RC4:HIGH:\
+                       !MD5:!aNULL:!EDH:!AESGCM"
+    ssl.honor-cipher-order = "enable"
+  }
+\end{verbatim}
+
+%% ADD Rewrite rule from tcp/80 -> tcp/443
 
 
 \subsubsection{nginx}