以下是优化Apache SSL性能的关键配置步骤:
SSLUseStapling on
SSLStaplingCache "shmcb:/var/run/ocsp-stapling-cache(128000)"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLSessionCache "shmcb:/var/run/apache2/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:!aNULL:!MD5
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
/etc/security/limits.conf
,设置nofile
为较高值(如65536)。net.ipv4.tcp_tw_reuse=1
。完成配置后重启Apache生效:
sudo systemctl restart apache2