Ubuntu/apache2

Revision as of 23:26, 20 January 2016

Basic Info

apache2 is the most popular web hosting application on the market today

start|stop|restart apache2

sudo /etc/init.d/apache2 start|stop|restart

OR

sudo service apache2 start|stop|restart

apache2 enable site

a2ensite [site config file name]
i.e. a2ensite default-ssl

apache2 disable site

a2dissite [site config file name]
i.e. a2dissite default-ssl

apache2 enable module

a2enmod [module]
i.e. a2enmod mod_ssl

apache2 disable module

a2dismod [module]
i.e. a2dismod mod_ssl

disable indexing

~$ sudo a2dismod autoindex
Module autoindex disabled.
To activate the new configuration, you need to run:
  service apache2 restart

mod_rewrite

very power, very confusing tool.
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
http://httpd.apache.org/docs/current/rewrite/remapping.html

enabling

was not enabled by default for my ubuntu 14.04 vm.

sudo a2enmod rewrite

redirect

Request: redirect all traffic from a domain, including any subpage, to the landing/index page of another domain
Condition: mod_rewrite is enabled. virtual hosts are used
Resolution:

 <VirtualHost *:80>
         RewriteEngine on
         RewriteCond %{REQUEST_URI} !^/index.html$
         RewriteRule .* http://newdomain.com/? [R=302,L]
         ServerName olddomain1.com
         ServerAlias olddomain2.com
         Redirect permanent / http://newdomain.com/
 </VirtualHost>
 
 <VirtualHost *:80>
         ServerName newdomain.com
         ServerAdmin admin@newdomain.com
         DocumentRoot /var/www/newdomain.com
         TransferLog /var/log/apache2/newdomain.com-access_log
         ErrorLog /var/log/apache2/newdomaincom-error_log
 </VirtualHost>
 

Disable SSLv2/3
Add the following to your apache config. I added mine right below the other SSL Entries specifying the engine, cert file and key file.

#Disable SSLv3
SSLProtocol All -SSLv2 -SSLv3

mod_authz_host

Great tool for restricting access to a virtual site, easy to read and understand. Add options to the <Directory> settings in the site conf file.

ie.
<Directory /var/www/mysite.com/>
          Order Deny,Allow
          Deny from all
          Allow from 10.1.1.50
</Directory>

listen on non-standard port

On ubuntu 14.04, it is done by adding this:

~$ sudo vi /etc/apache2/ports.conf

Listen 80
Listen 8080

Troubleshooting

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

Ubuntu 14.04

~$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf
~$ sudo a2enconf fqdn

SSL Error: Invalid method in request \x16\x03\x01

I only started having SSL issues after moving to CloudFlare as a proxy so that they would provide me with a free SSL cert. I found that this issue appeared to be due to the fact my Virtual Host site conf was setup as such:

(snippet)
   <VirtualHost https://wiki.r00tedvw.com:443>
        Servername https://wiki.r00tedvw.com

I changed it to this:

   <VirtualHost *:443>
        Servername https://wiki.r00tedvw.com

Apparently, it is redundant and will cause issues if you list the hostname in the VirtualHost. In this instance, I only have (1) site live on the server, so this may not be the correct solution for a multi-tenant setup.

Hardening