SuPhp claiming about directory ownership of /var/www, /srv/www
To allow recent SuPhp versions keep on working, the directories above the DocumentRoot
(i.e. /var
, /var/www
, /var/www/htdocs
) must belong to either to the SuExec
user of the VirtualHost
or to root
. If they belong to i.e. the Apache user (www-data
on Debians), SuPhp claims about bad directory ownership.
VirtualHost matching
To check if Apache understands the VirtualHosts as expected:
No Format |
---|
apache2ctl -t -D DUMP_VHOSTS |
Using long non-standard DH groups
To help fix CVE-2015-4000 or at least reduce the risk:
No Format |
---|
openssl dhparam -out dhparams.pem 2048
# either ...
$EDITOR /etc/apache2/mods-available/ssl.conf
# Long non-trivial DH group against CVE-2015-4000"
SSLOpenSSLConfCmd DHParameters dhparams.pem
# ... or ...
cat dhparams.pem >>www.foobar.com.crt
apache2ctl configtest && apache2ctl graceful |
To test this, on a machine with OpenSSL 1.0.2 higher (from openssl.org blog logjam-freak-upcoming-changes):
No Format |
---|
# OpenSSL 1.0.2+
openssl s_client -connect www.clazzes.org:443 -cipher "EDH" | grep "Server Temp Key" |