Difference between revisions of "Apache2 Notes"
From OpenEMR Project Wiki
| Line 116: | Line 116: | ||
openssl req -new -key example.com.key -out exmaple.csr | openssl req -new -key example.com.key -out exmaple.csr | ||
openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt | openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt | ||
openssl rsa -in example.com.key -out example.com.nopass.key | |||
</pre> | </pre> | ||
| Line 135: | Line 136: | ||
*[http://httpd.apache.org/docs/2.2/misc/security_tips.html More Security Tips] | *[http://httpd.apache.org/docs/2.2/misc/security_tips.html More Security Tips] | ||
<br> | <br> | ||
=====Proxy===== | =====Proxy===== | ||
*[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain] | *[http://serverfault.com/questions/273679/redirecting-to-other-internal-servers-based-on-sub-domain Redirecting To Other Internal Servers Based on Subdomain] | ||
<br> | <br> | ||
Revision as of 15:56, 3 June 2014
General
Files
| /etc/apache2 | Config File |
| /usr/share/doc/apache2-doc | Apache2 Manual. |
| /var/www/html | Default http home directory. |
Commands
| apache2 -v | Display apache version. |
| sudo /etc/init.d/apache2 restart | Restart apache. This needs to be done after configuration changes. |
| apache2ctl configtest | Tests syntax of apache2 config files. |
| sudo a2enmod [MODULE NAME] | Enable apache2 module. Modules must be in directory mods-available. |
| sudo a2dismod [MODULE NAME] | Disable apache2 module. |
| sudo a2ensite [SITE NAME] | Enable apache2 module. |
| sudo a2enconf [CONF NAME] | Enable apache2 module. |
Configuration File Settings
| ServerSignature Off | Suppress identification of the Apache version. |
| ServerTokens Prod | Suppress identification of OS. |
| <Directory /var/www/html> Options -Indexes </Directory> |
Turn off directory listing. |
Configuration File - Directory DIrectives
| Options None | |
| Order deny, allow | Order of deny, allow directives. |
| Deny from all. | Deny request from everybody. |
| Options -FollowSymLinks | Disable following symbolic links. |
| Options +FollowSymLinks | Enable following symbolic links. |
| AllowOverride All | Allows override of directory directives with .htaccess files. |
| Options -Includes | Turn off server side includes (mod_includes). |
| Options -ExecCGI | Turn off CGI file executions. |
| LimitRequestBody 512000 | Limits size of HTTP request. Any value from 0 to 2147483647 (2GB). |
| MaxClients 10 | Limits simultaneous connections. Default is 256. |
Sample Virtual Host
<VirtualHost *:80> DocumentRoot /var/www/html/example.com/ ServerName www.example.com DirectoryIndex index.htm index.html index.php ServerAlias example.com ErrorDocument 404 /story.php ErrorLog /var/log/httpd/example.com_error_log CustomLog /var/log/httpd/example.com_access_log combined </VirtualHost>
SSL Certificate
Create a self signed certificate:
openssl genrsa -des3 -out example.com.key 1024 openssl req -new -key example.com.key -out exmaple.csr openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt openssl rsa -in example.com.key -out example.com.nopass.key
Sample Configuration:
<VirtualHost 172.16.25.125:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt
ServerAdmin ravi.saive@example.com
ServerName example.com
DocumentRoot /var/www/html/example/
ErrorLog /var/log/httpd/example.com-error_log
CustomLog /var/log/httpd/example.com-access_log common
</VirtualHost>
Proxy
