summaryrefslogtreecommitdiffstats
path: root/docs/simplesamlphp-maintenance.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/simplesamlphp-maintenance.md')
-rw-r--r--docs/simplesamlphp-maintenance.md11
1 files changed, 10 insertions, 1 deletions
diff --git a/docs/simplesamlphp-maintenance.md b/docs/simplesamlphp-maintenance.md
index 421377a..c533e2c 100644
--- a/docs/simplesamlphp-maintenance.md
+++ b/docs/simplesamlphp-maintenance.md
@@ -164,7 +164,16 @@ alternative, you may log to flat files.
## Apache configuration
-
+Basic Apache configruation is described in [SimpleSAMLphp Installation](simplesamlphp-install#section_6).
+However, your IdP or SP is most likely a valuable website that you want to configure securely. Here are some checks.
+
+* Make sure you use HTTPS with a proper certificate. The best way is to not
+ serve anything over plain HTTP, except for a possible redirect to https.
+* Configure your TLS/SSL to be secure. Mozilla has an easy way to generate
+ [Recommended Server Configurations](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations).
+ Verify your SSL settings, e.g. with the [SSLLabs SSLtest](https://www.ssllabs.com/ssltest/).
+* In your Apache configuration, add headers that further secure your site.
+ A good check with hints on what to add is [Mozilla Observatory](https://observatory.mozilla.org/).
## PHP configuration
generated by cgit v1.1 at 2025-05-10 22:52:40 +0000