Difference between revisions of "Apache2 Notes"

From OpenEMR Project Wiki
 
(4 intermediate revisions by the same user not shown)
Line 136: Line 136:
</pre>
</pre>


*[http://www.madboa.com/geek/openssl/ OpenSSL Command Line HOW TO]
*[https://www.openssl.org OpenSSL.org]
*[http://hints.macworld.com/article.php?story=20041129143420344 MacWorld - How to create a secure (HTTPS) OS X webserver]
*[http://hints.macworld.com/article.php?story=20041129143420344 MacWorld - How to create a secure (HTTPS) OS X webserver]
*[http://www.clintharris.net/2009/self-signed-certificates/ Misconceptions about the security of Self-Signed Certificates]
*[http://httpd.apache.org/docs/2.2/misc/security_tips.html More Security Tips]
*[http://httpd.apache.org/docs/2.2/misc/security_tips.html More Security Tips]
<br>
<br>
Line 154: Line 157:


=====Proxy=====
=====Proxy=====
* Proxy SSL to another server in the network.
<pre  style="font-size: 130%">
<VirtualHost 192.168.1.1:443>
ServerName www.example.com
SSLEngine On
SSLCertificateFile conf/ssl/example.com.crt
SSLCertificateKeyFile conf/ssl/example.com.nopass.key
SSLProxyEngine On
ProxyPreserveHost On
ProxyRequests Off
        <Proxy *>
            Order deny,allow
            Allow from all
        </Proxy>
   
        ProxyErrorOverride On                     
        ProxyPass / https://192.168.1.2/
        ProxyPassReverse / https://192.168.1.2/
   
      <Location />
        Order allow,deny
            Allow from all
      </Location>
</VirtualHost>
</pre>
<br>
*[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain]
*[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain]


<br>
<br>

Latest revision as of 13:18, 6 June 2014

General


Files
/etc/apache2 Config File
/usr/share/doc/apache2-doc Apache2 Manual.
/var/www/html Default http home directory.


Commands
apache2 -v Display apache version.
sudo /etc/init.d/apache2 restart Restart apache. This needs to be done after configuration changes.
apache2ctl configtest Tests syntax of apache2 config files.
sudo a2enmod [MODULE NAME] Enable apache2 module. Modules must be in directory mods-available.
sudo a2dismod [MODULE NAME] Disable apache2 module.
sudo a2ensite [SITE NAME] Enable apache2 module.
sudo a2enconf [CONF NAME] Enable apache2 module.


Configuration File Settings
ServerSignature Off Suppress identification of the Apache version.
ServerTokens Prod Suppress identification of OS.
<Directory /var/www/html>
    Options -Indexes
</Directory>
Turn off directory listing.



Configuration File - Directory DIrectives
Options None
Order deny, allow Order of deny, allow directives.
Deny from all. Deny request from everybody.
Options -FollowSymLinks Disable following symbolic links.
Options +FollowSymLinks Enable following symbolic links.
AllowOverride All Allows override of directory directives with .htaccess files.
Options -Includes Turn off server side includes (mod_includes).
Options -ExecCGI Turn off CGI file executions.
LimitRequestBody 512000 Limits size of HTTP request. Any value from 0 to 2147483647 (2GB).
MaxClients 10 Limits simultaneous connections. Default is 256.


Sample Virtual Host
<VirtualHost *:80>
   DocumentRoot /var/www/html/example.com/
   ServerName www.example.com
   DirectoryIndex index.htm index.html index.php
   ServerAlias example.com
   ErrorDocument 404 /story.php
   ErrorLog /var/log/httpd/example.com_error_log
   CustomLog /var/log/httpd/example.com_access_log combined
</VirtualHost>


SSL Certificate

Create a self signed certificate:

openssl genrsa -des3 -out example.com.key 1024
openssl req -new -key example.com.key -out exmaple.csr
openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt
openssl rsa -in example.com.key -out example.com.nopass.key
sudo chmod 600 example.com.nopass.key


Sample Configuration:

<VirtualHost 170.16.25.100:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/example.com.crt
        SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key
        SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt
        ServerAdmin ravi.saive@example.com
        ServerName example.com
        DocumentRoot /var/www/html/example/
        ErrorLog /var/log/httpd/example.com-error_log
        CustomLog /var/log/httpd/example.com-access_log common
</VirtualHost>


Redirect Http (port 80) to Https (port 443)
<VirtualHost 192.168.1.1:80>
	DocumentRoot  /var/www/html/example/
	ServerName www.example.com
	ServerAlias example.com
	Redirect permanent / https://example.com/
</VirtualHost>


Proxy
  • Proxy SSL to another server in the network.
<VirtualHost 192.168.1.1:443>
	ServerName www.example.com
	
	SSLEngine On
	SSLCertificateFile conf/ssl/example.com.crt
	SSLCertificateKeyFile conf/ssl/example.com.nopass.key

	SSLProxyEngine On
	ProxyPreserveHost On
	ProxyRequests Off
	
        <Proxy *>
            Order deny,allow
            Allow from all
        </Proxy>
    
        ProxyErrorOverride On                       
        ProxyPass / https://192.168.1.2/
        ProxyPassReverse / https://192.168.1.2/
    
       <Location />
    	    Order allow,deny
            Allow from all
       </Location>
</VirtualHost>