Difference between revisions of "Apache2"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) m Tag: visualeditor |
Rafahsolis (talk | contribs) m Tag: visualeditor |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Paths:<br /> | Paths:<br /> | ||
/etc/apache2/sites-available<br /> | /etc/apache2/sites-available<br /> | ||
| − | /etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br /> | + | /etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)<br /><syntaxhighlight lang="bash"> |
| + | sudo apache2ctl -t -D DUMP_VHOSTS | ||
| + | sudo apache2ctl configtest | ||
| + | sudo a2enmod ssl | ||
| + | </syntaxhighlight> | ||
==Virtual Hosts== | ==Virtual Hosts== | ||
| Line 28: | Line 32: | ||
to the public ip of this server<br /> | to the public ip of this server<br /> | ||
| − | Basic SSL VirtualHost: | + | Basic SSL VirtualHost:<syntaxhighlight lang="apache"> |
| − | + | <VirtualHost *:80> | |
| − | + | ServerName home.rra.lan | |
| − | + | ServerAdmin webmaster@rra.lan | |
| − | + | DocumentRoot /var/www/home.rra.lan | |
| − | + | Redirect permanent / https://home.rra.lan | |
| − | + | ErrorLog ${APACHE_LOG_DIR}/error.log | |
| − | + | CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| − | + | </VirtualHost> | |
| − | + | <VirtualHost *:443> | |
| − | + | ServerName home.rra.lan | |
| − | + | ServerAdmin webmaster@rra.lan | |
| − | + | DocumentRoot /var/www/home.rra.lan | |
| − | + | ErrorLog ${APACHE_LOG_DIR}/error.log | |
| − | + | CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| − | + | SSLEngine on | |
| − | + | SSLCertificateKeyFile /etc/ssl/private/home.rra.lan.key | |
| − | + | SSLCertificateFile /etc/ssl/certs/home.rra.lan.crt | |
| − | + | SSLCertificateChainFile /etc/ssl/certs/FreeIPA-CA.crt | |
| − | + | </VirtualHost> | |
| − | + | </syntaxhighlight> | |
| − | + | ||
| − | |||
==Redirect HTTP to HTTPS== | ==Redirect HTTP to HTTPS== | ||
| − | sudo nano /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf | + | <code>sudo a2enmod rewrite</code> |
| − | + | ||
| − | + | <code>sudo nano /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf</code> | |
| − | + | ||
| − | + | <syntaxhighlight lang="apache"> | |
| − | sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS | + | <VirtualHost *:80> |
| + | RewriteEngine on | ||
| + | RewriteCond %{HTTPS} !=on | ||
| + | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] | ||
| + | |||
| + | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
| + | CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
| + | </VirtualHost> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | <code>sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS.conf</code> | ||
| + | |||
==Authentication== | ==Authentication== | ||
| Line 66: | Line 80: | ||
Protect with the directory directive: | Protect with the directory directive: | ||
<nowiki><Directory "/usr/local/apache/htdocs/secret"> | <nowiki><Directory "/usr/local/apache/htdocs/secret"> | ||
| − | + | AuthType Basic | |
| − | + | AuthName "Restricted Files" | |
| − | + | # (Following line optional) | |
| − | + | AuthBasicProvider file | |
| − | + | AuthUserFile "/usr/local/apache/passwd/passwords" | |
| − | + | # Require user rbowen | |
| − | + | Require valid-user | |
| − | + | </Directory></nowiki> | |
| − | == Reverse Proxy == | + | ==Reverse Proxy== |
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
a2enmod proxy proxy_http # HTTP | a2enmod proxy proxy_http # HTTP | ||
| Line 89: | Line 103: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | ==== VirtualHost ProxyPass ==== | + | ====VirtualHost ProxyPass==== |
| − | <syntaxhighlight lang=" | + | <syntaxhighlight lang="apacheconf"> |
| − | <VirtualHost *:*> | + | <IfModule mod_ssl.c> |
| − | + | <VirtualHost *:443> | |
| + | ServerAdmin webmaster@rra.lan | ||
| + | ServerName splunk.rra.lan | ||
| + | |||
| + | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
| + | CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
| + | ServerAlias splunk.rra.lan | ||
| + | SSLEngine on | ||
| + | SSLCertificateFile /etc/ssl/certs/splunk.rra.lan.crt | ||
| + | SSLCertificateKeyFile /etc/ssl/private/splunk.rra.lan.key | ||
| + | |||
| + | <Proxy *> | ||
| + | AddDefaultCharset Off | ||
| + | Order deny,allow | ||
| + | Allow from all | ||
| + | </Proxy> | ||
| + | |||
| + | ProxyRequests Off | ||
| + | ProxyPreserveHost On | ||
| + | # SSLProxyEngine on | ||
| + | ProxyPass / http://0.0.0.0:8000/ | ||
| + | ProxyPassReverse / http://0.0.0.0:8000/ | ||
| − | + | </VirtualHost> | |
| − | + | </IfModule> | |
| − | + | </syntaxhighlight> | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | ==apachectl== | |
| − | < | + | <syntaxhighlight lang="bash"> |
| + | sudo apachectl configtest | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | https://httpd.apache.org/docs/2.4/programs/apachectl.html | ||
Latest revision as of 09:53, 24 February 2020
Web Server for linux.
Paths:
/etc/apache2/sites-available
/etc/apache2/sites-enabled (symbolic links to sites-available/*.conf files)
sudo apache2ctl -t -D DUMP_VHOSTS
sudo apache2ctl configtest
sudo a2enmod ssl
Virtual Hosts
Apache allows to have multiple web sites on the same server. To do this go to sites-available and create a
.conf file for each host you whant containing the following:
<VirtualHost *:80>
ServerAdmin rafael@herrerosolis.com
DocumentRoot /var/www/webfolder
ServerName www.yourwebpagename.com
ServerAlias www.yourwebpagename.com
ErrorLog /var/www/yourwebfolder/logs/error.log
# Posible values include: debug, info, notice, warn, error, crit.
# alert, emerg.
CustomLog /var/www/yourwebfolder/logs/access.log combined
</VirtualHost>
You should also enter in your domain administration panel and create the CNAMES to redirect trafic
to the public ip of this server
Basic SSL VirtualHost:
<VirtualHost *:80>
ServerName home.rra.lan
ServerAdmin webmaster@rra.lan
DocumentRoot /var/www/home.rra.lan
Redirect permanent / https://home.rra.lan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName home.rra.lan
ServerAdmin webmaster@rra.lan
DocumentRoot /var/www/home.rra.lan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/home.rra.lan.key
SSLCertificateFile /etc/ssl/certs/home.rra.lan.crt
SSLCertificateChainFile /etc/ssl/certs/FreeIPA-CA.crt
</VirtualHost>
Redirect HTTP to HTTPS
sudo a2enmod rewrite
sudo nano /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo ln -s /etc/apache2/sites-available/redirect_HTTP_to_HTTPS.conf /etc/apache2/sites-enable/redirect_HTTP_to_HTTPS.conf
Authentication
Create user account with:
htpasswd -c /usr/local/apache/passwd/passwords rbowen
Protect with the directory directive:
<Directory "/usr/local/apache/htdocs/secret">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/usr/local/apache/passwd/passwords"
# Require user rbowen
Require valid-user
</Directory>
Reverse Proxy
a2enmod proxy proxy_http # HTTP
a2enmod proxy proxy_ftp # FTP
a2enmod proxy proxy_html # rewrite HTML links in proxy address space
a2enmod proxy proxy_ajp # Tomcat
a2enmod proxy
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod proxy_balancer
a2enmod proxy_connect
VirtualHost ProxyPass
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@rra.lan
ServerName splunk.rra.lan
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAlias splunk.rra.lan
SSLEngine on
SSLCertificateFile /etc/ssl/certs/splunk.rra.lan.crt
SSLCertificateKeyFile /etc/ssl/private/splunk.rra.lan.key
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
# SSLProxyEngine on
ProxyPass / http://0.0.0.0:8000/
ProxyPassReverse / http://0.0.0.0:8000/
</VirtualHost>
</IfModule>
apachectl
sudo apachectl configtest
https://httpd.apache.org/docs/2.4/programs/apachectl.html
See more options at: