Changeset 25279 in main


Ignore:
Timestamp:
05/22/22 08:24:55 (5 weeks ago)
Author:
Paul Leo
Message:

Hawaii 3.x updating proxy config for production ssl

Location:
adopters/hi/trunk/src/main/apache_httpd_configs/proxy_external
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • adopters/hi/trunk/src/main/apache_httpd_configs/proxy_external/extra/httpd-vhosts.conf

    r25079 r25279  
    3434<VirtualHost 10.0.0.231:80>
    3535        ServerName hhdw.org
     36        ServerAlias www.hhdw.org
    3637        ####Protocols h2 http/1.1
    3738        Protocols http/1.1
    38          
    39          ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/hhdw_80_error.log 86400"
    40          CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/hhdw_80_access.log 86400" combined
     39###### Redirecting to https:
     40        Redirect / https://hhdw.org/
     41        RewriteCond %{SERVER_NAME} =hhdw.org
     42    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE]
     43       
     44        ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/hhdw_80_error.log 86400"
     45        CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/hhdw_80_access.log 86400" combined
    4146
    42         #### Reverse proxy for this virtual host ####
     47#####   #### Reverse proxy for this virtual host ####
     48#####           
     49#####   ProxyPreserveHost on
     50#####   ProxyRequests off
     51#####   
     52#####   ##### Password Protect hhdw.org (in this case staging.ibis.dataphilesconsulting.com)
     53#####   ##### Password is HHDWtest2022
     54#####   
     55#####   <Proxy *>
     56#####           Require all granted
     57#####           ####AuthType Basic
     58#####           ####AuthName "Test, enter username and password for access"
     59#####           ####AuthBasicProvider file
     60#####           ####AuthUserFile "C:\Apache-2.4.53\conf\testhhdw.txt"
     61#####           ####Require user hhdw
     62#####           #####Require not ip 20.122.59.58
     63#####   </Proxy>
     64#####   RequestHeader set X-Forwarded-Proto "https"
     65#####   RequestHeader set X-Forwarded-Port "443"               
     66#####   #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
     67#####   #### they are also restricted to certain hosts at bottom of http.conf file
     68#####   
     69#####   ProxyPass "/server-status" "!"
     70#####   ProxyPass "/md-status" "!"
     71#####   ProxyPass "/.svn" "!"
     72#####   ProxyPass "/nmibis-admin" "!"
     73#####   ProxyPass "/xmlrpc.php" "!"
     74#####   ProxyPass "/wp-cron.php" "!"
     75#####   ###ProxyPass "/wp-login.php" "!"
     76#####   
     77#####   ####
     78#####   ProxyPass /report/ http://10.0.1.108/report/
     79#####   ProxyPassReverse /report/ http://10.0.1.108/report/
     80#####   ProxyPassReverseCookieDomain 10.0.1.108/report/ /report/
     81#####   ProxyPassReverseCookiePath "/report/" "/report/"
     82#####   
     83#####   ProxyPass / http://10.0.1.108/
     84#####   ProxyPassReverse / http://10.0.1.108/
     85#####   ProxyPassReverseCookiePath "/" "/"
     86#####                   
     87</VirtualHost>
     88       
     89############### VirtualHost https://hhdw.org ###############
     90
     91######### UNCOMMENT for HTTPS ##########
     92        <VirtualHost 10.0.0.231:443>
     93                ServerName hhdw.org
     94                #### use http2, and permit acme to just use 443
     95                Protocols h2 http/1.1 acme-tls/1
    4396               
    44                         ProxyPreserveHost on
    45                         ProxyRequests off
     97                ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/hhdw_443_error.log 86400"
     98                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/hhdw_443_access.log 86400" combined
     99       
     100                SSLEngine on
     101               
     102                SSLProxyEngine on
     103                SSLProxyVerify none
     104                SSLProxyCheckPeerCN off
     105                SSLProxyCheckPeerExpire off
     106                SSLProxyCheckPeerName off
     107       
     108       
     109                #### Reverse proxy for this virtual host ####
    46110                       
    47                         ##### Password Protect hhdw.org (in this case staging.ibis.dataphilesconsulting.com)
    48                         ##### Password is HHDWtest2022
    49                        
    50                         <Proxy *>
    51                                 Require all granted
    52                                 ####AuthType Basic
    53                                 ####AuthName "Test, enter username and password for access"
    54                                 ####AuthBasicProvider file
    55                                 ####AuthUserFile "C:\Apache-2.4.53\conf\testhhdw.txt"
    56                                 ####Require user hhdw
    57                                 #####Require not ip 20.122.59.58
    58                         </Proxy>
    59                        
    60                 #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    61                 #### they are also restricted to certain hosts at bottom of http.conf file
     111                ProxyPreserveHost on
     112                ProxyRequests off
     113                               
     114                <Proxy *>
     115                        Require all granted
     116                </Proxy>
     117       
     118        ############## adding these from: https://wordpress.org/support/topic/wp-behind-reverse-proxy-all-content-insecure/
     119        RequestHeader set X-Forwarded-Proto "https"
     120        RequestHeader set X-Forwarded-Port "443"
    62121               
    63                         ProxyPass "/server-status" "!"
    64                         ProxyPass "/md-status" "!"
    65                         ProxyPass "/.svn" "!"
    66                         ProxyPass "/nmibis-admin" "!"
    67                         ProxyPass "/xmlrpc.php" "!"
    68                         ProxyPass "/wp-cron.php" "!"
    69                         ###ProxyPass "/wp-login.php" "!"
    70 
    71                 ####
    72                                 ProxyPass /report/ http://10.0.1.108/report/
    73                                 ProxyPassReverse /report/ http://10.0.1.108/report/
    74                                 ProxyPassReverseCookieDomain 10.0.1.108/report/ /report/
    75                                 ProxyPassReverseCookiePath "/report/" "/report/"
     122        #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
     123        #### they are also restricted to certain hosts at bottom of http.conf file
     124       
     125        ProxyPass "/server-status" "!"
     126        ProxyPass "/md-status" "!"
     127        ProxyPass "/.svn" "!"
     128        ProxyPass "/nmibis-admin" "!"
     129        ProxyPass "/xmlrpc.php" "!"
     130        ProxyPass "/wp-cron.php" "!"
     131        ###ProxyPass "/wp-login.php" "!"
     132       
     133        ####
     134                ProxyPass /report/ http://10.0.1.108/report/
     135                ProxyPassReverse /report/ http://10.0.1.108/report/
     136                ProxyPassReverseCookieDomain 10.0.1.108/report/ /report/
     137                ProxyPassReverseCookiePath "/report/" "/report/"
     138               
     139                ProxyPass / http://10.0.1.108/
     140                ProxyPassReverse / http://10.0.1.108/
     141                ProxyPassReverseCookiePath "/" "/"
    76142                               
    77                                
    78                                
    79                                 ProxyPass / http://10.0.1.108/
    80                                 ProxyPassReverse / http://10.0.1.108/
    81                                 ProxyPassReverseCookiePath "/" "/"
    82                                                
    83143        </VirtualHost>
    84144       
    85         ############### VirtualHost https://hhdw.org #####
    86 
    87 <VirtualHost 10.0.0.231:443>
    88         ServerName hhdw.org
    89          #### use http2, and permit acme to just use 443
    90         Protocols h2 http/1.1 acme-tls/1
    91          
    92         ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/hhdw_443_error.log 86400"
    93         CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/hhdw_443_access.log 86400" combined
    94 
    95         SSLEngine on
    96 
    97           ####SSLProxyEngine on
    98           ###SSLProxyVerify none
    99           ##SSLProxyCheckPeerCN off
    100           ##SSLProxyCheckPeerExpire off
    101           ##SSLProxyCheckPeerName off
    102 
    103 
    104         #### Reverse proxy for this virtual host ####
    105                
    106                         ProxyPreserveHost on
    107                         ProxyRequests off
    108                        
    109                         ##### Password Protect hhdw.org (in this case staging.ibis.dataphilesconsulting.com)
    110                         ##### Password is HHDWtest2022
    111                        
    112                         <Proxy *>
    113                                 Require all granted
    114                                 ###AuthType Basic
    115                                 ###AuthName "Test, enter username and password for access"
    116                                 ###AuthBasicProvider file
    117                                 ###AuthUserFile "C:\Apache-2.4.53\conf\testhhdw.txt"
    118                                 ###Require user hhdw
    119                         </Proxy>
    120                        
    121                 #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    122                 #### they are also restricted to certain hosts at bottom of http.conf file
    123                
    124                         ProxyPass "/server-status" "!"
    125                         ProxyPass "/md-status" "!"
    126                         ProxyPass "/.svn" "!"
    127                         ProxyPass "/nmibis-admin" "!"
    128                         ProxyPass "/xmlrpc.php" "!"
    129                         ProxyPass "/wp-cron.php" "!"
    130                         ###ProxyPass "/wp-login.php" "!"
    131 
    132                 ####
    133                                 ProxyPass /report/ http://10.0.1.108/report/
    134                                 ProxyPassReverse /report/ http://10.0.1.108/report/
    135                                 ProxyPassReverseCookieDomain 10.0.1.108/report/ /report/
    136                                 ProxyPassReverseCookiePath "/report/" "/report/"
    137                                        
    138                                
    139                                 ProxyPass / https://10.0.1.108/
    140                                 ProxyPassReverse / https://10.0.1.108/
    141                                 ProxyPassReverseCookiePath "/" "/"
    142                                                
    143         </VirtualHost>
    144        
  • adopters/hi/trunk/src/main/apache_httpd_configs/proxy_external/httpd.conf

    r25079 r25279  
    140140#LoadModule lua_module modules/mod_lua.so
    141141#LoadModule macro_module modules/mod_macro.so
     142######### UNCOMMENT for HTTPS #########
    142143LoadModule md_module modules/mod_md.so
    143144LoadModule mime_module modules/mod_mime.so
     
    163164#LoadModule request_module modules/mod_request.so
    164165#LoadModule reqtimeout_module modules/mod_reqtimeout.so
    165 #LoadModule rewrite_module modules/mod_rewrite.so
     166LoadModule rewrite_module modules/mod_rewrite.so
    166167#LoadModule sed_module modules/mod_sed.so
    167168#LoadModule session_module modules/mod_session.so
     
    177178LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    178179#LoadModule speling_module modules/mod_speling.so
     180######### UNCOMMENT for HTTPS #########
    179181LoadModule ssl_module modules/mod_ssl.so
    180182LoadModule status_module modules/mod_status.so
     
    328330###### Turning LogLevel Up to debug MOD_MD ########
    329331######LogLevel info md:trace2 ssl:trace2 proxy:trace2
    330 ############LogLevel debug md:trace5 ssl:trace5 proxy:trace5
     332####LogLevel debug md:trace5 ssl:trace5 proxy:trace5
    331333####LogLevel warn proxy:trace5
    332334#####LogLevel warn proxy:debug
     
    474476        #### When I view results, w/o the Header linke, it is possible cookie parameter HttpOnly has already been set so instead of next line will just set Secure
    475477        ########### use one of the following lines to force secure when ready ##########
    476         #### Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
     478        Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
    477479        #################Header edit Set-Cookie ^(.*)$ $1;Secure
    478480</IfModule>
     
    604606##### Secure (SSL/TLS) connections
    605607##### Next line in file where all Cipher and other global SSL settings are configured #######
     608######### UNCOMMENT for HTTPS#########
    606609Include conf/extra/httpd-ssl.conf
    607610#
     
    665668#### MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
    666669
    667 ######
    668 ###### Let's Encrypt PRODUCTION URL ########
     670 ######
     671 ###### Let's Encrypt PRODUCTION URL ########
     672 ######### UNCOMMENT for HTTPS #########
    669673MDCertificateAuthority  https://acme-v02.api.letsencrypt.org/directory
    670 
    671 MDCertificateAgreement accepted
    672 
    673 ##### Used to inform you about renewals or changed terms of service #####
    674 ##### FOR PRODUCTION change to kbenson@hhdw.org
     674 ######### UNCOMMENT for HTTPS
     675 #########MDCertificateAgreement accepted
     676 
     677 ##### Used to inform you about renewals or changed terms of service #####
     678 ##### FOR PRODUCTION change to kbenson@hhdw.org
     679 ######### UNCOMMENT for HTTPS  #########
    675680MDContactEmail paul.leo@stgconsulting.com
    676 
    677 ####
    678 #### The following commands may also be in the specific MDomain element ####
    679 ####
    680 
    681 ######MDRequireHttps temporary
     681 
     682 ####
     683 #### The following commands may also be in the specific MDomain element ####
     684 ####
     685 
     686 ######### permanent will force https, and remained forced for at least six months
     687 ######### UNCOMMENT for HTTPS  #########
     688MDRequireHttps temporary
     689######### UNCOMMENT for HTTPS #########
    682690MDStapling on
    683691MDCAChallenges tls-alpn-01
Note: See TracChangeset for help on using the changeset viewer.