Ubuntu/apache2
Line 30: | Line 30: | ||
http://httpd.apache.org/docs/current/rewrite/remapping.html<br> | http://httpd.apache.org/docs/current/rewrite/remapping.html<br> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
====enabling==== | ====enabling==== | ||
was not enabled by default for my ubuntu 14.04 vm. | was not enabled by default for my ubuntu 14.04 vm. | ||
Line 71: | Line 63: | ||
SSLProtocol All -SSLv2 -SSLv3 | SSLProtocol All -SSLv2 -SSLv3 | ||
+ | ==mod_authz_host== | ||
+ | Great tool for restricting access to a virtual site, easy to read and understand. Add options to the <Directory> settings in the site conf file. | ||
+ | <nowiki>ie. | ||
+ | <Directory /var/www/mysite.com/> | ||
+ | Order Deny,Allow | ||
+ | Deny from all | ||
+ | Allow from 10.1.1.50 | ||
+ | </Directory></nowiki> | ||
==listen on non-standard port== | ==listen on non-standard port== | ||
On ubuntu 14.04, it is done by adding this: | On ubuntu 14.04, it is done by adding this: |
Revision as of 22:26, 20 January 2016
Contents |
Basic Info
- apache2 is the most popular web hosting application on the market today
start|stop|restart apache2
sudo /etc/init.d/apache2 start|stop|restart
OR
sudo service apache2 start|stop|restart
apache2 enable site
a2ensite [site config file name] i.e. a2ensite default-ssl
apache2 disable site
a2dissite [site config file name] i.e. a2dissite default-ssl
apache2 enable module
a2enmod [module] i.e. a2enmod mod_ssl
apache2 disable module
a2dismod [module] i.e. a2dismod mod_ssl
disable indexing
~$ sudo a2dismod autoindex Module autoindex disabled. To activate the new configuration, you need to run: service apache2 restart
mod_rewrite
very power, very confusing tool.
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
http://httpd.apache.org/docs/current/rewrite/remapping.html
enabling
was not enabled by default for my ubuntu 14.04 vm.
sudo a2enmod rewrite
redirect
Request: redirect all traffic from a domain, including any subpage, to the landing/index page of another domain
Condition: mod_rewrite is enabled. virtual hosts are used
Resolution:
<VirtualHost *:80> RewriteEngine on RewriteCond %{REQUEST_URI} !^/index.html$ RewriteRule .* http://newdomain.com/? [R=302,L] ServerName olddomain1.com ServerAlias olddomain2.com Redirect permanent / http://newdomain.com/ </VirtualHost> <VirtualHost *:80> ServerName newdomain.com ServerAdmin [email protected] DocumentRoot /var/www/newdomain.com TransferLog /var/log/apache2/newdomain.com-access_log ErrorLog /var/log/apache2/newdomaincom-error_log </VirtualHost>
Disable SSLv2/3
Add the following to your apache config. I added mine right below the other SSL Entries specifying the engine, cert file and key file.
#Disable SSLv3 SSLProtocol All -SSLv2 -SSLv3
mod_authz_host
Great tool for restricting access to a virtual site, easy to read and understand. Add options to the <Directory> settings in the site conf file.
ie. <Directory /var/www/mysite.com/> Order Deny,Allow Deny from all Allow from 10.1.1.50 </Directory>
listen on non-standard port
On ubuntu 14.04, it is done by adding this:
~$ sudo vi /etc/apache2/ports.conf Listen 80 Listen 8080
Troubleshooting
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
- Ubuntu 14.04
~$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf ~$ sudo a2enconf fqdn
SSL Error: Invalid method in request \x16\x03\x01
I only started having SSL issues after moving to CloudFlare as a proxy so that they would provide me with a free SSL cert. I found that this issue appeared to be due to the fact my Virtual Host site conf was setup as such:
(snippet) <VirtualHost https://wiki.r00tedvw.com:443> Servername https://wiki.r00tedvw.com
I changed it to this:
<VirtualHost *:443> Servername https://wiki.r00tedvw.com
Apparently, it is redundant and will cause issues if you list the hostname in the VirtualHost. In this instance, I only have (1) site live on the server, so this may not be the correct solution for a multi-tenant setup.