samedi 22 novembre 2014

apache 2.2.22 patch proxy ssh over https (ssh & reverse proxy) debian 7

# install apache
aptitude install apache2 apache2-utils apache2.2-common libapache2-mod-proxy-html openssl build-essential libpcre3-dev libcrypt-ssleay-perl libcurl4-openssl-dev libwww-perl

#--------------------------- patch apache 2.2.22 (bug https + reverse proxy + ssh -------------------------

mkdir -p /opt/apache2
cd /opt/apache2

apt-get source apache2
lwp-request https://issues.apache.org/bugzilla/attachment.cgi?id=22248 > /tmp/httpd-2.2.9-proxytunnel.patch

cd apache2-2.2.22/
cat /tmp/httpd-2.2.9-proxytunnel.patch | patch -p1

./configure --enable-modules=all --enable-mods-shared=all --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-ssl

make all
find -name "*proxy*.so" | xargs cp -vt /usr/lib/apache2/modules

#--------------------------- end patch apache 2.2.22


#----------- activate mod
a2enmod proxy proxy_connect proxy_html proxy_http rewrite ssl

apache2ctl configtest
apache2ctl restart

# create self signed certificates if you need http://sadar-ssi.blogspot.fr/2014/11/openssl-certificates-self-signed.html


# disable default
a2dissite 000-default

#----------- create config
touch /etc/apache2/sites-available/my-site.conf
nano /etc/apache2/sites-available/my-site.conf

#--------------------------------------------------------------------------------
 <VirtualHost *:80>  
     ServerName my-server  
     ServerAdmin my-user@my-user.org  
     Redirect permanent / https://my-server  
     HostnameLookups On  
 </VirtualHost>  
   
 <VirtualHost *:443>  
     ServerName my-server  
     ServerAlias my-server.dtdns.net  
     ServerAdmin my-user@my-user.org  
     ServerSignature off  
   
     SSLEngine on  
     SSLOptions +StdEnvVars  
     SSLproxyengine on  
     SSLVerifyClient none  
       
     SSLProxyVerify none  
     SSLProxyCheckPeerCN off  
       
     SSLCACertificateFile     /etc/ssl/localcerts/my-ca.crt  
     SSLCertificateFile       /etc/ssl/localcerts/my-server.crt  
     SSLCertificateKeyFile   /etc/ssl/localcerts/my-server.nopassphrase.key  
       
     SSLCipherSuite HIGH:!aNULL:!MD5  
     SSLHonorCipherOrder on  
       
     LogLevel info  
   
     DocumentRoot /var/www/my-server  
     <Directory /var/www/my-server>      
       SSLVerifyDepth 1  
       SSLVerifyClient require    
       AuthType Basic  
       AuthName "my-server !!!! ---> @|@ <---"  
       require valid-user  
       AuthBasicProvider file        
       AuthUserFile /var/www/my-server/.htpasswd  
   
       Options Indexes FollowSymLinks MultiViews  
       AllowOverride None  
       Order allow,deny  
       allow from all  
     </Directory>  
   
     HostnameLookups On  
     Proxyrequests On  
     ProxyVia full  
   
     AllowCONNECT 22  
   
     <Proxy *>  
      Order deny,allow  
      Deny from all  
      Allow from all  
     </Proxy>  
   
     <ProxyMatch (my-server1|my-server2)>  
       Order deny,allow  
       Allow from all  
     </ProxyMatch>        
       
 </VirtualHost>  
   
#--------------------------------------------------------------------------------

Create htpasswd from command line
htpasswd -cbm /var/www/my-server/.htpasswd my-user my-password

Update / add htpasswd from command line
htpasswd -bm /var/www/my-server/.htpasswd my-user my-password

#------------------------------
chown -R www-data:www-data /var/www/my-server

#------------------------------ enable site configuration
a2ensite my-server.conf

Aucun commentaire:

Enregistrer un commentaire