Apache2

From DarkWiki
Revision as of 13:22, 3 June 2017 by Apowney (talk | contribs) (Full HTTPS redirect)
Jump to: navigation, search

Example configuration

Simple proxy

This example will receive HTTP requests headed towards HOSTNAME.darkmine.org, and will proxy them to the web server residing on 10.1.1.96 (port 3000). If URLs in the response have that internal IP (10.1.1.96:3000), they will be transformed to the "hostname.darkmine.org" version. 

<VirtualHost *:80>
        ServerName HOSTNAME.darkmine.org
        ServerAdmin webmaster@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPass "/" "http://10.1.1.96:3000/"
        ProxyPassReverse "/" "http://10.1.1.96:3000/"
</VirtualHost>

Nagios proxy

To proxy Nagios3, there are several parts that need to be proxied. 

<VirtualHost *:80>
        ServerName nagios.darkmine.org
        ServerAdmin webmaster@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPass /stylesheets/  http://10.1.1.97/nagios3/stylesheets/
        ProxyPassReverse /stylesheets/  http://10.1.1.97/nagios3/stylesheets/

        ProxyPass /images/  http://10.1.1.97/nagios3/images/
        ProxyPassReverse /images/  http://10.1.1.97/nagios3/images/

        ProxyPass /cgi-bin http://10.1.1.97/nagios3/cgi-bin
        ProxyPassReverse /cgi-bin http://10.1.1.97/nagios3/cgi-bin

        ProxyPass /js http://10.1.1.97/nagios3/js
        ProxyPassReverse /js http://10.1.1.97/nagios3/js

        ProxyPass /pnp4nagios3 http://10.1.1.97/pnp4nagios3
        ProxyPassReverse /pnp4nagios3 http://10.1.1.97/pnp4nagios3

        ProxyPass / http://10.1.1.97/nagios3/
        ProxyPassReverse / http://10.1.1.97/nagios3/

</VirtualHost>

Full HTTPS redirect

This configures a host to redirect all HTTP traffic to the HTTPS endpoint instead. 

<VirtualHost *:80>
        ServerName www.darkmine.org
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Location />
                RewriteEngine on
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
        </Location>
</VirtualHost>
<VirtualHost *:443>
        ServerName www.darkmine.org
        ServerAdmin webmaster@localhost
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.darkmine.org/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.darkmine.org/privkey.pem
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Go away! configuration

Bots and hackers will scan security holes at the IP level. As genuine people and tools don't use IP addresses, you can assume those that use them are not wanted. This script sends them away by redirecting any input to themselves. 

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        <Location />
                RewriteEngine on
                RewriteRule (.*) http://localhost%{REQUEST_URI} [R]
        </Location>
</VirtualHost>
Retrieved from ‘http://wiki.darkmine.org/index.php?title=Apache2&oldid=101