HTTPS Config for symfony2

Question

I have followed this tutorial for setting up https on an ubuntu server:

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

I have ended up merging that configuration with the current usual non-https symfony2 config:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName mysite.com
        ServerAlias www.mysite.com
        DocumentRoot /srv/www/mysite.com/symfony/web/
        ErrorLog /srv/www/mysite.com/logs/error.log
        CustomLog /srv/www/mysite.com/logs/access.log combined

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>

        <Directory /srv/www/mysite.com/symfony/web>
                Options Indexes FollowSymLinks
                AllowOverride all
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Although I'm not quite sure whether:

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>

and

        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

Are required (or even what they are really doing).

Also is having 2 <Directory> sections a really bad idea or is this quite normal? (I'm not using cgi-bin so I'm guessing I might be able to just remove that <Directory> section anyway).

Thanks!

Hello Tim. Welcome to [sf]!. For your first question, read the [relevant](http://httpd.apache.org/docs/2.4/mod/core.html#filesmatch) [docs](http://httpd.apache.org/docs/2.4/mod/mod_setenvif.html#browsermatch); for the second question, read the [relevant](http://httpd.apache.org/docs/2.4/mod/core.html#directory) [docs](http://httpd.apache.org/docs/2.4/mod/core.html#directorymatch). It is very unlikely that anybody bothers answering a question when if displays a poor research effort. [The on-line documentation for the Apache web server is very, very detailed](http://boourns.dynu.net/RTFM.jpg). — dawud, Apr 03 '15 at 17:16
thanks, I was looking here, but that contains much more info. https://help.ubuntu.com/14.04/serverguide/certificates-and-security.html — timhc22, Apr 03 '15 at 17:49

HTTPS Config for symfony2

0 Answers0