Apache

From John Freier
Revision as of 14:43, 20 March 2015 by Jfreier (Talk | contribs)

Jump to: navigation, search

Virtual Host This is how you setup apache for Virual Hosts. example if you have more domain names and only one server. The serverAlias is used in case people don't put in the "www" before the URL. 

<VirtualHost *:80>
        DocumentRoot /home/{user}/public_html
        ServerName www.{domainname}.com
        ServerAlias {domainname}.com
</VirtualHost>


Virtual Host ProxyPass This will pass any http request along. It helps when you want to pass a connection to another server, example apache -> tomcat:8080. 

<VirtualHost *:80>
        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ServerName www.{domainname}.com
        ServerAlias {domainname}.com
</VirtualHost>


SSL Setup

I'm playing around with SSL setup for Apache. My overall goal would be to set up an SSL web address that would be only accessed with a single private key that would have to be imported into a browser and not handed off from the server.

1. Install SSL module for Apache on Fedora 

 > yum install mod_ssl

2. I create a folder for housing any newly created certs to be used by Apache. 

 > mkdir /etc/httpd/ssl

3. I generated a cert. A *.pem file contains both public and private key. This will ask you a bunch of questions too. 

 > openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/httpd/ssl/httpd.pem -keyout /etc/httpd/ssl/httpd.key

Resources

http://cs.uccs.edu/~cs526/secureWebAccess/secureWebAccess.htm

http://www.apachelounge.com/viewtopic.php?t=3571

https://www.linode.com/docs/security/ssl/ssl-certificates-with-apache-2-on-fedora-14


SSL Setup 2

I'm trying again...The first attempt failed because I didn't generate a CA. 

 # openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
 
 Enter pass phrase for ca.key.pem: secretpassword
 Verifying - Enter pass phrase for ca.key.pem: secretpassword
 
 # chmod 400 /etc/pki/CA/private/ca.key.pem

Open your OpenSSL configuration file (/etc/pki/tls/openssl.cnf) and look for the [ usr_cert ] and [ v3_ca ] sections. Make sure they contain the following options: 

 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 basicConstraints=CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 nsComment = "OpenSSL Generated Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 
 [ v3_ca ]
 # Extensions for a typical CA
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = CA:true
 keyUsage = cRLSign, keyCertSign
Retrieved from "http://wiki.johnfreier.com/index.php?title=Apache&oldid=660"