dimanche 4 octobre 2015

apache 2.2 ssh over ssl on debian 8 jessie

# install apache2 and modules
aptitude install libalgorithm-merge-perl libhtml-form-perl libhtml-format-perl libhttp-daemon-perl libssl-doc apache2 apache2-utils apache2.2-common libapache2-mod-proxy-html openssl libpcre3-dev libcrypt-ssleay-perl libcurl4-openssl-dev libwww-perl libalgorithm-diff-xs-perl

# enable modules
a2enmod proxy proxy_connect proxy_html proxy_http rewrite ssl xml2enc

# test config
apache2ctl configtest

# create self signed certificates if you need http://sadar-ssi.blogspot.fr/2014/11/openssl-certificates-self-signed.html

# disable default
a2dissite 000-default

#----------- create config
touch /etc/apache2/sites-available/my-site.conf
nano /etc/apache2/sites-available/my-site.conf

#-------------------------------------------------------------------------------- 
 <VirtualHost *:80>  
     ServerName my-server  
     ServerAdmin my-user@my-user.org  
     Redirect permanent / https://my-server  
     HostnameLookups On  
 </VirtualHost>  
   
 <VirtualHost *:443>  
     ServerName my-server  
     ServerAlias my-server.dtdns.net  
     ServerAdmin my-user@my-user.org  
     ServerSignature off 
 
     SSLEngine on
     SSLCompression Off
     SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv2 -SSLv3
     SSLOptions +StdEnvVars
     SSLproxyengine on
     SSLVerifyClient none
     SSLHonorCipherOrder on
     SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA2m56:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:!aNULL:!eNULL:!LOW:!3DES:
!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
   
       
     SSLProxyVerify none  
     SSLProxyCheckPeerCN off  
       
     SSLCACertificateFile     /etc/ssl/localcerts/my-ca.crt  
     SSLCertificateFile       /etc/ssl/localcerts/my-server.crt  
     SSLCertificateKeyFile   /etc/ssl/localcerts/my-server.nopassphrase.key  
       
     SSLCipherSuite HIGH:!aNULL:!MD5  
     SSLHonorCipherOrder on  
       
     LogLevel info  
   
     DocumentRoot /var/www/my-server  
     <Directory /var/www/my-server>      
       SSLVerifyDepth 1  
       SSLVerifyClient require    
       AuthType Basic  
       AuthName "my-server !!!! ---> @|@ <---"  
       require valid-user  
       AuthBasicProvider file        
       AuthUserFile /var/www/my-server/.htpasswd  
   
       Options Indexes FollowSymLinks MultiViews  
       AllowOverride None  
       Order allow,deny  
       allow from all  
     </Directory>  
   
     HostnameLookups On  
     Proxyrequests On  
     ProxyVia full  
   
     AllowCONNECT 22  
   
     <Proxy *>  
      Order deny,allow  
      Deny from all  
      Allow from all  
     </Proxy>  
   
     <ProxyMatch (my-server1|my-server2)>  
       Order deny,allow  
       Allow from all  
     </ProxyMatch>        
       
 </VirtualHost>
#--------------------------------------------------------------------------------

Create htpasswd from command line
htpasswd -cbm /var/www/my-server/.htpasswd my-user my-password

Update / add htpasswd from command line
htpasswd -bm /var/www/my-server/.htpasswd my-user my-password

#------------------------------
chown -R www-data:www-data /var/www/my-server

#------------------------------ enable site configuration
a2ensite my-server.conf

Publié par à Aucun commentaire:
Inscription à : Articles (Atom)