Changes

Jump to navigation Jump to search

Apache2 (view source)

Revision as of 09:53, 24 February 2020

3,237 bytes added ,  09:53, 24 February 2020
m
no edit summary
Line 2: Line 2:  
Paths:<br />
 
Paths:<br />
 
/etc/apache2/sites-available<br />
 
/etc/apache2/sites-available<br />
/etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br />
+
/etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br /><syntaxhighlight lang="bash">
 +
sudo apache2ctl -t -D DUMP_VHOSTS
 +
sudo apache2ctl configtest
 +
sudo a2enmod ssl
 +
</syntaxhighlight>
   −
== Virtual Hosts ==
+
==Virtual Hosts==
 
Apache allows to have multiple web sites on the same server. To do this go to sites-available and create a<br />
 
Apache allows to have multiple web sites on the same server. To do this go to sites-available and create a<br />
 
.conf file for each host you whant containing the following:
 
.conf file for each host you whant containing the following:
Line 26: Line 30:     
You should also enter in your domain administration panel and create the CNAMES to redirect trafic<br />
 
You should also enter in your domain administration panel and create the CNAMES to redirect trafic<br />
to the public ip of this server
+
to the public ip of this server<br />
   −
== Authentication ==
+
Basic SSL VirtualHost:<syntaxhighlight lang="apache">
 +
<VirtualHost *:80>
 +
    ServerName home.rra.lan
 +
    ServerAdmin webmaster@rra.lan
 +
    DocumentRoot /var/www/home.rra.lan
 +
    Redirect permanent / https://home.rra.lan
 +
    ErrorLog ${APACHE_LOG_DIR}/error.log
 +
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
</VirtualHost>
 +
<VirtualHost *:443>
 +
    ServerName home.rra.lan
 +
    ServerAdmin webmaster@rra.lan
 +
    DocumentRoot /var/www/home.rra.lan
 +
    ErrorLog ${APACHE_LOG_DIR}/error.log
 +
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
    SSLEngine on
 +
    SSLCertificateKeyFile /etc/ssl/private/home.rra.lan.key
 +
    SSLCertificateFile /etc/ssl/certs/home.rra.lan.crt
 +
    SSLCertificateChainFile /etc/ssl/certs/FreeIPA-CA.crt
 +
</VirtualHost>
 +
</syntaxhighlight>
 +
     
 +
 
 +
==Redirect HTTP to HTTPS==
 +
<code>sudo a2enmod rewrite</code>
 +
 
 +
<code>sudo nano /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf</code>
 +
 
 +
<syntaxhighlight lang="apache">
 +
<VirtualHost *:80>
 +
    RewriteEngine on
 +
    RewriteCond %{HTTPS} !=on
 +
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
 +
 
 +
    ErrorLog ${APACHE_LOG_DIR}/error.log                                                           
 +
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
</VirtualHost>
 +
</syntaxhighlight>
 +
 +
<code>sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS.conf</code>
 +
 
 +
==Authentication==
    
Create user account with:
 
Create user account with:
Line 35: Line 80:  
Protect with the directory directive:
 
Protect with the directory directive:
 
  <nowiki><Directory "/usr/local/apache/htdocs/secret">
 
  <nowiki><Directory "/usr/local/apache/htdocs/secret">
    AuthType Basic
+
            AuthType Basic
    AuthName "Restricted Files"
+
            AuthName "Restricted Files"
    # (Following line optional)
+
            # (Following line optional)
    AuthBasicProvider file
+
            AuthBasicProvider file
    AuthUserFile "/usr/local/apache/passwd/passwords"
+
            AuthUserFile "/usr/local/apache/passwd/passwords"
    # Require user rbowen
+
            # Require user rbowen
    Require valid-user
+
            Require valid-user
</Directory></nowiki>
+
        </Directory></nowiki>
See more options at: https://httpd.apache.org/docs/2.4/es/howto/auth.html
+
 
 +
==Reverse Proxy==
 +
<syntaxhighlight lang="bash">
 +
a2enmod proxy proxy_http  # HTTP
 +
a2enmod proxy proxy_ftp  # FTP
 +
a2enmod proxy proxy_html  # rewrite HTML links in proxy address space
 +
a2enmod proxy proxy_ajp  # Tomcat
 +
a2enmod proxy
 +
a2enmod rewrite
 +
a2enmod deflate
 +
a2enmod headers
 +
a2enmod proxy_balancer
 +
a2enmod proxy_connect
 +
</syntaxhighlight>
 +
 
 +
====VirtualHost ProxyPass====
 +
<syntaxhighlight lang="apacheconf">
 +
<IfModule mod_ssl.c>
 +
        <VirtualHost *:443>
 +
                ServerAdmin webmaster@rra.lan
 +
                ServerName splunk.rra.lan
 +
 
 +
                ErrorLog ${APACHE_LOG_DIR}/error.log
 +
                CustomLog ${APACHE_LOG_DIR}/access.log combined
 +
                ServerAlias splunk.rra.lan
 +
                SSLEngine on
 +
                SSLCertificateFile      /etc/ssl/certs/splunk.rra.lan.crt
 +
                SSLCertificateKeyFile /etc/ssl/private/splunk.rra.lan.key
 +
 
 +
                <Proxy *>
 +
                    AddDefaultCharset Off
 +
                    Order deny,allow
 +
                    Allow from all
 +
                </Proxy>
 +
 
 +
                ProxyRequests Off
 +
                ProxyPreserveHost On
 +
                # SSLProxyEngine on
 +
                ProxyPass / http://0.0.0.0:8000/
 +
                ProxyPassReverse / http://0.0.0.0:8000/
 +
 
 +
        </VirtualHost>
 +
</IfModule>
 +
</syntaxhighlight>
 +
 
 +
==apachectl==
 +
<syntaxhighlight lang="bash">
 +
sudo apachectl configtest
 +
</syntaxhighlight>
 +
https://httpd.apache.org/docs/2.4/programs/apachectl.html
 +
 
 +
 
 +
See more options at:
 +
 
 +
https://httpd.apache.org/docs/2.4/es/howto/auth.html
 +
 
 +
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
 +
<br />
Retrieved from "https://wiki.herrerosolis.com/index.php/Special:MobileDiff/1231...2121"

Navigation menu