Advanced Apache hints
- Christoph Lechleitner
Owned by Christoph Lechleitner
SuPhp claiming about directory ownership of /var/www, /srv/www
To allow recent SuPhp versions keep on working, the directories above the DocumentRoot (i.e. /var, /var/www, /var/www/htdocs) must belong to either to the SuExec user of the VirtualHost or to root. If they belong to i.e. the Apache user (www-data on Debians), SuPhp claims about bad directory ownership.
VirtualHost matching
To check if Apache understands the VirtualHosts as expected:
apache2ctl -t -D DUMP_VHOSTS
Using long non-standard DH groups
This needs Apache 2.4.8 and OpenSSL 1.0.2.
To help fix CVE-2015-4000 or at least reduce the risk:
openssl dhparam -out dhparams.pem 2048  # either ... $EDITOR /etc/apache2/mods-available/ssl.conf # Long non-trivial DH group against CVE-2015-4000" SSLOpenSSLConfCmd DHParameters dhparams.pem  # ... or ... cat dhparams.pem >>www.foobar.com.crt  apache2ctl configtest && apache2ctl graceful
To test this, from a client machin with OpenSSL 1.0.2 higher (from openssl.org blog logjam-freak-upcoming-changes):
# OpenSSL 1.0.2+ openssl s_client -connect www.clazzes.org:443 -cipher "EDH" | grep "Server Temp Key"