SuPhp claiming about directory ownership of /var/www, /srv/www
To allow recent SuPhp versions keep on working, the directories above the DocumentRoot (i.e. /var, /var/www, /var/www/htdocs) must belong to either to the SuExec user of the VirtualHost or to root. If they belong to i.e. the Apache user (www-data on Debians), SuPhp claims about bad directory ownership.
VirtualHost matching
To check if Apache understands the VirtualHosts as expected:
| No Format |
|---|
apache2ctl -t -D DUMP_VHOSTS |
Using long non-standard DH groups
To help fix CVE-2015-4000 or at least reduce the risk:
| No Format |
|---|
openssl dhparam -out dhparams.pem 2048
# either ...
$EDITOR /etc/apache2/mods-available/ssl.conf
# Long non-trivial DH group against CVE-2015-4000"
SSLOpenSSLConfCmd DHParameters dhparams.pem
# ... or ...
cat dhparams.pem >>www.foobar.com.crt
apache2ctl configtest && apache2ctl graceful |
To test this, on a machine with OpenSSL 1.0.2 higher (from openssl.org blog logjam-freak-upcoming-changes):
| No Format |
|---|
# OpenSSL 1.0.2+
openssl s_client -connect www.clazzes.org:443 -cipher "EDH" | grep "Server Temp Key" |