2,306
edits
Changes
Jump to navigation
Jump to search
mLine 2:
Line 2: − + + + + + Line 28:
Line 32: − + − <nowiki><VirtualHost *:80>+ − ServerName home.rra.lan+ − ServerAdmin webmaster@rra.lan+ − DocumentRoot /var/www/home.rra.lan+ − + − Redirect permanent / https://home.rra.lan+ − ErrorLog ${APACHE_LOG_DIR}/error.log+ − CustomLog ${APACHE_LOG_DIR}/access.log combined+ − </VirtualHost>+ − <VirtualHost *:443>+ − ServerName home.rra.lan+ − ServerAdmin webmaster@rra.lan+ − DocumentRoot /var/www/home.rra.lan+ − ErrorLog ${APACHE_LOG_DIR}/error.log+ − CustomLog ${APACHE_LOG_DIR}/access.log combined+ − + − SSLEngine on+ − SSLCertificateKeyFile /etc/ssl/private/home.rra.lan.key+ − SSLCertificateFile /etc/ssl/certs/home.rra.lan.crt+ − SSLCertificateChainFile /etc/ssl/certs/FreeIPA-CA.crt+ − </VirtualHost>+ − </nowiki> Line 59:
Line 62: − + − + + + + + − + Line 73:
Line 80: − AuthType Basic+ − AuthName "Restricted Files"+ − # (Following line optional)+ − AuthBasicProvider file+ − AuthUserFile "/usr/local/apache/passwd/passwords"+ − # Require user rbowen+ − Require valid-user+ − </Directory></nowiki>+
no edit summary
Paths:<br />
Paths:<br />
/etc/apache2/sites-available<br />
/etc/apache2/sites-available<br />
/etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br />
/etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br /><syntaxhighlight lang="bash">
sudo apache2ctl -t -D DUMP_VHOSTS
sudo apache2ctl configtest
sudo a2enmod ssl
</syntaxhighlight>
==Virtual Hosts==
==Virtual Hosts==
to the public ip of this server<br />
to the public ip of this server<br />
Basic SSL VirtualHost:
Basic SSL VirtualHost:<syntaxhighlight lang="apache">
<VirtualHost *:80>
ServerName home.rra.lan
ServerAdmin webmaster@rra.lan
DocumentRoot /var/www/home.rra.lan
Redirect permanent / https://home.rra.lan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName home.rra.lan
ServerAdmin webmaster@rra.lan
DocumentRoot /var/www/home.rra.lan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/home.rra.lan.key
SSLCertificateFile /etc/ssl/certs/home.rra.lan.crt
SSLCertificateChainFile /etc/ssl/certs/FreeIPA-CA.crt
</VirtualHost>
</syntaxhighlight>
==Redirect HTTP to HTTPS==
==Redirect HTTP to HTTPS==
<syntaxhighlight lang="apache">
<syntaxhighlight lang="apache">
<VirtualHost *:80>
<VirtualHost *:80>
RewriteEngine on
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</VirtualHost>
</syntaxhighlight>
</syntaxhighlight>
<code>sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS</code>
<code>sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS.conf</code>
==Authentication==
==Authentication==
Protect with the directory directive:
Protect with the directory directive:
<nowiki><Directory "/usr/local/apache/htdocs/secret">
<nowiki><Directory "/usr/local/apache/htdocs/secret">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/usr/local/apache/passwd/passwords"
# Require user rbowen
Require valid-user
</Directory></nowiki>
==Reverse Proxy==
==Reverse Proxy==