Difference between revisions of "Apache2 Notes"
From OpenEMR Project Wiki
(→Proxy) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 136: | Line 136: | ||
</pre> | </pre> | ||
*[http://www.madboa.com/geek/openssl/ OpenSSL Command Line HOW TO] | |||
*[https://www.openssl.org OpenSSL.org] | |||
*[http://hints.macworld.com/article.php?story=20041129143420344 MacWorld - How to create a secure (HTTPS) OS X webserver] | *[http://hints.macworld.com/article.php?story=20041129143420344 MacWorld - How to create a secure (HTTPS) OS X webserver] | ||
*[http://www.clintharris.net/2009/self-signed-certificates/ Misconceptions about the security of Self-Signed Certificates] | *[http://www.clintharris.net/2009/self-signed-certificates/ Misconceptions about the security of Self-Signed Certificates] | ||
Line 155: | Line 157: | ||
=====Proxy===== | =====Proxy===== | ||
* Proxy SSL to another server in the network. | |||
<pre style="font-size: 130%"> | |||
<VirtualHost 192.168.1.1:443> | |||
ServerName www.example.com | |||
SSLEngine On | |||
SSLCertificateFile conf/ssl/example.com.crt | |||
SSLCertificateKeyFile conf/ssl/example.com.nopass.key | |||
SSLProxyEngine On | |||
ProxyPreserveHost On | |||
ProxyRequests Off | |||
<Proxy *> | |||
Order deny,allow | |||
Allow from all | |||
</Proxy> | |||
ProxyErrorOverride On | |||
ProxyPass / https://192.168.1.2/ | |||
ProxyPassReverse / https://192.168.1.2/ | |||
<Location /> | |||
Order allow,deny | |||
Allow from all | |||
</Location> | |||
</VirtualHost> | |||
</pre> | |||
<br> | |||
*[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain] | *[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain] | ||
<br> | <br> |
Latest revision as of 13:18, 6 June 2014
General
Files
/etc/apache2 | Config File |
/usr/share/doc/apache2-doc | Apache2 Manual. |
/var/www/html | Default http home directory. |
Commands
apache2 -v | Display apache version. |
sudo /etc/init.d/apache2 restart | Restart apache. This needs to be done after configuration changes. |
apache2ctl configtest | Tests syntax of apache2 config files. |
sudo a2enmod [MODULE NAME] | Enable apache2 module. Modules must be in directory mods-available. |
sudo a2dismod [MODULE NAME] | Disable apache2 module. |
sudo a2ensite [SITE NAME] | Enable apache2 module. |
sudo a2enconf [CONF NAME] | Enable apache2 module. |
Configuration File Settings
ServerSignature Off | Suppress identification of the Apache version. |
ServerTokens Prod | Suppress identification of OS. |
<Directory /var/www/html> Options -Indexes </Directory> |
Turn off directory listing. |
Configuration File - Directory DIrectives
Options None | |
Order deny, allow | Order of deny, allow directives. |
Deny from all. | Deny request from everybody. |
Options -FollowSymLinks | Disable following symbolic links. |
Options +FollowSymLinks | Enable following symbolic links. |
AllowOverride All | Allows override of directory directives with .htaccess files. |
Options -Includes | Turn off server side includes (mod_includes). |
Options -ExecCGI | Turn off CGI file executions. |
LimitRequestBody 512000 | Limits size of HTTP request. Any value from 0 to 2147483647 (2GB). |
MaxClients 10 | Limits simultaneous connections. Default is 256. |
Sample Virtual Host
<VirtualHost *:80> DocumentRoot /var/www/html/example.com/ ServerName www.example.com DirectoryIndex index.htm index.html index.php ServerAlias example.com ErrorDocument 404 /story.php ErrorLog /var/log/httpd/example.com_error_log CustomLog /var/log/httpd/example.com_access_log combined </VirtualHost>
SSL Certificate
Create a self signed certificate:
openssl genrsa -des3 -out example.com.key 1024 openssl req -new -key example.com.key -out exmaple.csr openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt openssl rsa -in example.com.key -out example.com.nopass.key sudo chmod 600 example.com.nopass.key
Sample Configuration:
<VirtualHost 170.16.25.100:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt ServerAdmin ravi.saive@example.com ServerName example.com DocumentRoot /var/www/html/example/ ErrorLog /var/log/httpd/example.com-error_log CustomLog /var/log/httpd/example.com-access_log common </VirtualHost>
- OpenSSL Command Line HOW TO
- OpenSSL.org
- MacWorld - How to create a secure (HTTPS) OS X webserver
- Misconceptions about the security of Self-Signed Certificates
- More Security Tips
Redirect Http (port 80) to Https (port 443)
<VirtualHost 192.168.1.1:80> DocumentRoot /var/www/html/example/ ServerName www.example.com ServerAlias example.com Redirect permanent / https://example.com/ </VirtualHost>
Proxy
- Proxy SSL to another server in the network.
<VirtualHost 192.168.1.1:443> ServerName www.example.com SSLEngine On SSLCertificateFile conf/ssl/example.com.crt SSLCertificateKeyFile conf/ssl/example.com.nopass.key SSLProxyEngine On ProxyPreserveHost On ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyErrorOverride On ProxyPass / https://192.168.1.2/ ProxyPassReverse / https://192.168.1.2/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost>