Apache
Salta a la navegació
Salta a la cerca
Configuració del Apache amb Virtual Hosts
Virtual Hosts permet tenir en un mateix servidor varies webs indepentents. Es basa en que el HTTP 1.1 envia en cada solicitud la URL.
Cal tenir un fitxer per defecte on hi ha especificat un certificat per defecte.
Per cada Virtual Host cal tenir un fitxer amb la següent configuració. Aquest és un exemple on també es configura el port 444 per un certificat en concret
Listen 444
NameVirtualHost *:444
############################
############################
<IfDefine SSL>
#<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
<VirtualHost *:444>
# ServerName localhost <--Si no es posa cap ServerName, un cop enviat
# els certificats buscara la config del seguent <VirtualHost *:80 *:443
# *:444>
DocumentRoot "/var/www/localhost/htdocs"
<Location "/">
Order allow,deny
Allow from all
</Location>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/servidor.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/servidor.com.key
SSLCertificateChainFile /etc/apache2/ssl/servidor.com.positivessl.ca.crt
<IfModule setenvif_module>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
## OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when
# SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
#Variables d'estat SSL:
<Location "/cgi-bin">
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
</IfModule>
#</IfDefine>
</IfDefine>
############################
############################
<VirtualHost *:80 *:443 *:444>
ServerName de.espai.de
ServerAlias www.de.espai.de segondomini.espai.de
DocumentRoot /var/www/de.espai.de/htdocs/
ErrorLog /var/www/de.espai.de/log/error_log.txt
#LogLevel warn
<Directory "/var/www/de.espai.de/htdocs/">
Allow from all
#Permet que l' usuari utilitzi fitxers .htaccess -Mes info: http://httpd.apache.org/docs/2.0/mod/core.html #allowoverride :
AllowOverride All
</Directory>
##############
#cgi-bin:
Alias /cgi-bin/ "/var/www/de.espai.de/cgi-bin/"
<Directory "/var/www/de.espai.de/cgi-bin/">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
##############
#Log:
<IfModule log_config_module>
CustomLog /var/www/de.espai.de/log/access_log.txt combineddeflatemarti
#per estadistiques del /cgi-bin/awstats.pl
#combineddeflatemarti esta definit dins de /etc/apache2/modules.d/00_mod_log_config.conf i equival a:
# "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" (%{ratio}n) %{SSL_PROTOCOL}x %{SSL_CIPHE R}x"
#awstats LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"
#apache combined == "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
</IfModule>
##############
#WebDAV:
<Directory /var/www/de.espai.de/htdocs/dav>
Dav On
Options None
#Options Indexes FollowSymLinks
AllowOverride None
#Si la carpeta arrel usa RewriteEngine (per exemple per una Wiki) cal desactivar-lo:
RewriteEngine Off
Order allow,deny
Allow from all
#DavMinTimeout 600
BrowserMatch "Dreamweaver-WebDAV*" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS" redirect-carefully
BrowserMatch "Microsoft-WebDAV-MiniRedir/5.1.2600" redirect-carefully
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
AuthType Basic
AuthName "Restricted Repository"
AuthUserFile /var/www/de.espai.de/.davpasswd
<Limit GET HEAD OPTIONS PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require valid-user
#Require user m
</Limit>
<Limit GET HEAD OPTIONS PROPFIND>
Require user guest
</Limit>
</Directory>
##############
# SVN - Subversion Repository:
<Location /svn>
RewriteEngine Off
BrowserMatch "SVN" redirect-carefully
DAV svn
# SVNPath /var/svn/repos <-- per un sol repositori
SVNParentPath /var/www/de.espai.de/svn
SVNAutoVersioning On
SVNListParentPath On
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /var/www/de.espai.de/.davpasswd
#<LimitExcept GET PROPFIND OPTIONS REPORT> <-- per restringir nomes l'escriptura (sense usar SVNIndexXSLT)
Require valid-user
#</LimitExcept>
Satisfy Any
SVNPathAuthz on
AuthzSVNAccessFile /var/www/de.espai.de/.svn_access_control.txt
# Format del .svn_access_control.txt
# [/]
# marti=rw
# [project1:/]
# *=r
# marti=rw
</Location>
##############
# Server Side Includes (.shtml):
<Location />
Options +ExecCGI +Includes
</Location>
##############
#Awstats:
<Location "/awstats/index*">
AuthType Basic
#AuthName "AWStats authenticated zone"
AuthName "Zona de Estadistiques restringida"
AuthUserFile /var/www/de.espai.de/.awstatspasswd
Require valid-user
</Location>
##############
#PERSONALITZACIO DE ERRORS:
Alias /error/ "/var/www/de.espai.de/error/"
<Directory "/var/www/de.espai.de/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
##############
# Alias /doc/ "/usr/share/doc/"
# <Directory "/usr/share/doc/">
# Options Indexes MultiViews FollowSymLinks
# AllowOverride None
# Order deny,allow
# Deny from all
# Allow from 127.0.0.0/255.0.0.0 ::1/128
# </Directory>
</VirtualHost>
########################################################
########################################################
Afegir un certificat
En un servidor, per cada IP i per cada port (normalment el 443) només hi pot haver un Certificat, i així una sola web segura, encara que s'utilitzin els Virtual Hosts de l'Apache ja que el certificat s'envia abans de que el client indiqui quina web vol (HTTP 1.1)
Si s'usen altres ports no estandads caldrà que l'usuari obri la web https://servidor.com:444 pel port 444 ja que https://servidor.com obriria el 443
1. Crear un una solicitud de certificat (.csr)
A la carpeta:
/etc/apache2/ssl
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
Més info: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,1,33
2. Guardar el certificat (.cst)
Enviar el contingut de .csr i un cop validat ens retornaran un certificat .crt
3. Descarregar el Intermediate Certificate (ca.crt)
Cal descarregar el certificat de l'empresa que ens ha validad el nostre certificat.
Més info: https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=881&nav=0,1,84
4. Configurar el Apache
Mireu la primara part de l'apartat més amunt on hi ha la configuració del Apache