Oracle Linux/HTTP Reverse Proxy

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
Line 82: Line 82:
 
Comment out all lines:
 
Comment out all lines:
 
  <nowiki>~$ sudo vim /etc/httpd/conf.d/welcome.conf</nowiki>
 
  <nowiki>~$ sudo vim /etc/httpd/conf.d/welcome.conf</nowiki>
 +
 +
=Configure Let's Encrypt=

Revision as of 23:10, 4 February 2018

Contents

Overview

This was done on a CentOS 6.9 x64 system.

Install Packages

~$ sudo yum update -y
 ~$ sudo yum install httpd openssh-server -y

Configure SSH

Configure iptables

With CentOS this is very simple:

~$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
~$ sudo iptables -A INPUT -i lo -j ACCEPT
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal"
~$ sudo iptables -A INPUT -p tcp -s 10.0.0.0/8 --dport 22 -j ACCEPT -m comment --comment "SSH - Internal"
~$ sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT -m comment --comment "SSH ALT 2222 - Public"
~$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "HTTP - Public"
~$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "HTTPS - Public"

Configure HTTPD

Modules

Start by checking what modules are installed.

~$ sudo httpd -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)....

Make sure that you see the following:

rewrite_module (shared)
proxy_module (shared)
proxy_http_module (shared)

If they are not listed, you can enable them by uncommenting or adding them to the httpd.conf file.

~$sudo vim /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Restart httpd for any changes to be implemented

~$ sudo service httpd restart

Conf

Next is to configure the Conf file for the reverse proxy. This will include a rewrite rule for all HTTP traffic to be redirected to HTTPS.

$~ sudo vim /etc/httpd/conf.d/website.conf
# HTTP
<VirtualHost *:80>
        ServerName website.com

        #Logging
        LogLevel warn
        ErrorLog /var/log/httpd/website.com-error_log
        CustomLog /var/log/httpd/website.com-access_log combined

        #Redirect any HTTP request to HTTPS
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

# HTTPS
<VirtualHost *:443>
        ServerName website.com

        #Logging
        ErrorLog /var/log/httpd/website.com-error_log
        CustomLog /var/log/httpd/website.com-access_log combined

        #Reverse Proxy Configuration
        ProxyPreserveHost On

        ProxyPass / https://redirected.site.com:8081/
        ProxyPassReverse / https://redirected.site.com:8081/

        #SSL
        #SSLEngine On
        #SSLCertificateFile
        #SSLCertificateKeyFile
        #SSLCertificateChainFile

</VirtualHost>

Disable welcome page

Comment out all lines:

~$ sudo vim /etc/httpd/conf.d/welcome.conf

Configure Let's Encrypt

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox