Oracle Linux/HTTP Reverse Proxy

From r00tedvw.com wiki
Revision as of 00:08, 5 February 2018 by R00t (Talk | contribs)

Jump to: navigation, search

Contents

 [hide

Overview

This was done on a CentOS 6.9 x64 system.

Install Packages

~$ sudo yum update -y
 ~$ sudo yum install httpd openssh-server -y

Configure SSH

Configure iptables

With CentOS this is very simple: 

~$ sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
~$ sudo iptables -A INPUT -i lo -j ACCEPT
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p icmp --icmp-type echo-request -j ACCEPT -m comment --comment "ICMP ECHO - Internal"
~$ sudo iptables -A INPUT -p tcp -s 10.0.0.0/8 --dport 22 -j ACCEPT -m comment --comment "SSH - Internal"
~$ sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT -m comment --comment "SSH ALT 2222 - Public"
~$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "HTTP - Public"
~$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "HTTPS - Public"

Configure HTTPD

Modules

Start by checking what modules are installed. 

~$ sudo httpd -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)....

Make sure that you see the following: 

rewrite_module (shared)
proxy_module (shared)
proxy_http_module (shared)

If they are not listed, you can enable them by uncommenting or adding them to the httpd.conf file. 

~$sudo vim /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

Restart httpd for any changes to be implemented 

~$ sudo service httpd restart

Conf

Next is to configure the Conf file for the reverse proxy. This will include a rewrite rule for all HTTP traffic to be redirected to HTTPS. 

$~ sudo vim /etc/httpd/conf.d/website.conf
# HTTP
<VirtualHost *:80>
        ServerName website.com

        #Logging
        LogLevel warn
        ErrorLog /var/log/httpd/website.com-error_log
        CustomLog /var/log/httpd/website.com-access_log combined

        #Redirect any HTTP request to HTTPS
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

# HTTPS
<VirtualHost *:443>
        ServerName website.com

        #Logging
        ErrorLog /var/log/httpd/website.com-error_log
        CustomLog /var/log/httpd/website.com-access_log combined

        #Reverse Proxy Configuration
        ProxyPreserveHost On

        ProxyPass / https://redirected.site.com:8081/
        ProxyPassReverse / https://redirected.site.com:8081/

        #SSL
        #SSLEngine On
        #SSLCertificateFile
        #SSLCertificateKeyFile
        #SSLCertificateChainFile

</VirtualHost>

Disable welcome page

Comment out all lines: 

~$ sudo vim /etc/httpd/conf.d/welcome.conf
Retrieved from "https://wiki.r00tedvw.com/index.php?title=Oracle_Linux/HTTP_Reverse_Proxy&oldid=1770"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki