[AWD] cvičení {1..7} APACHE

Odpovědět
Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cvičení {1..7} APACHE

Příspěvek od Destroyer » ned 15. úno 2015 4:45:32

GLOBAL SETTINGS

Kód: Vybrat vše

# /etc/profile.d/99common.sh
# Common bash settings as proxy, aliases etc.

### Midnight commander
if [ -f /usr/share/mc/mc.gentoo ]; then
        . /usr/share/mc/mc.gentoo
fi

### Proxy
if ifconfig | fgrep -q 'dr:10.3.45.'
then
   #Bouraci ucebna!
   export http_proxy="http://proxy.ucebny:3128"
fi
export https_proxy="$http_proxy"
export no_proxy="localhost,127.0.0.1,biawd,it.fit.cvut.cz"

### XResources
export XAPPLRESDIR=/etc/X11/app-defaults

### editor
export EDITOR='vim'
export VISUAL='vim'

### Aliases
alias cp='cp -i'
alias ll='ls -lah'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
#alias xterm='xterm -bg black -fs 15'
#alias urxvt='urxvt -ls'
alias man='LC_ALL=C LANG=C man'

Kód: Vybrat vše

# Priprava image

LC_ALL=C
LANG=C

for i in /sys/class/net/e*; do
  grep -q '1' "$i"/carrier 2>/dev/null && {
                IFACE="${i##*/}";
                break;
        }
done

# vytvoreni interface aliasu kvuli vhostingu
IP1=`ifconfig $IFACE | awk '/inet addr/ {split ($2, parts, ".");  print parts[4]}'`
for SUB in {1..4}; do
        ifconfig $IFACE:$SUB 172.16.$IP1.$SUB netmask 255.255.0.0
done

UKOL 1
http://apache.miloslavbrada.cz/httpd/
http://apache.miloslavbrada.cz/httpd/ht ... .29.tar.gz
cat /etc/profile.d/99common.sh
cat /etc/local.d/10-net.start

Kód: Vybrat vše

# Priprava image


LC_ALL=C
LANG=C

for i in /sys/class/net/e*; do
grep -q '1' "$i"/carrier 2>/dev/null  && {
IFACE="${i##*/}";
break;
}
done
# vytvoreni interface aliasu kvuli vhostingu
IP1=`ifconfig $IFACE | awk '/inet addr/ {split ($2, parts, ".");  print parts[4]}'`
for SUB in {1..4}; do
        ifconfig $IFACE:$SUB 172.16.$IP1.$SUB netmask 255.255.0.0
done




------------------

Kód: Vybrat vše

wget http://apache.miloslavbrada.cz/httpd/httpd-2.2.29.tar.gz
tar xvzf httpd-2.2.29.tar.gz 
cd httpd-2.2.29/
./configure && make && sudo make install
sudo /usr/local/apache2/bin/apachectl start
pgrep -l httpd
netstat -tl
google-chrome-stable localhost
/usr/local/apache2/bin/apachectl -l
#wait
# second copy pasta
sudo leafpad /usr/local/apache2/conf/httpd.conf 
# third
sudo leafpad /usr/local/apache2/conf/extra/httpd-info.conf 
sudo /usr/local/apache2/bin/apachectl restart
google-chrome-stable http://localhost/server-status
#wait
/usr/local/apache2/bin/apachectl stop

# NOT REQUIRED - hide localhost warnings
# ServerName localhost   
# add into httpd.conf or apache2.conf in /etc/apache2 and restart apache

Kód: Vybrat vše

# Real-time info on requests and configuration
Include conf/extra/httpd-info.conf
---

Kód: Vybrat vše

#
# Get information about the requests being processed by the server
# and the configuration of the server.
#
# Required modules: mod_status (for the server-status handler),
#                   mod_info (for the server-info handler)

#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost
</Location>

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On

#
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from .example.com
</Location>
UKOL 2

Kód: Vybrat vše

sudo rm -rf /usr/local/apache2
make distclean

./configure --prefix=/opt/apache2 --with-mpm=worker --enable-info 
echo $?
make && make install

/opt/apache2/bin/apachectl -l
/opt/apache2/bin/apachectl -t -D DUMP_MODULES -D DUMP_VHOSTS

#copy pasta 5
sudo leafpad /opt/apache2/conf/httpd.conf

#copy pasta 6
 sudo leafpad /opt/apache2/conf/extra/httpd-info.conf

/opt/apache2/bin/apachectl start

google-chrome-stable http://localhost/ http://localhost/server-status http://localhost/server-info

Kód: Vybrat vše

# Real-time info on requests and configuration
Include conf/extra/httpd-info.conf

Kód: Vybrat vše

#
# Get information about the requests being processed by the server
# and the configuration of the server.
#
# Required modules: mod_status (for the server-status handler),
#                   mod_info (for the server-info handler)

#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost
</Location>

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On

#
# Allow remote server configuration reports, with the URL of
#  http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from localhost
</Location>

UKOL 3

Kód: Vybrat vše

sudo leafpad /etc/init.d/apache2
sudo chmod +x /etc/init.d/apache2
sudo /etc/init.d/apache2 start
grep DocumentRoot /opt/apache2/conf/httpd.conf
cd /opt/apache2/htdocs
sudo leafpad index.html 
google-chrome-stable http://localhost
sudo /etc/init.d/apache2 stop

Kód: Vybrat vše

#!/sbin/runscript
 
start() {
  ebegin "Startuji apache2"
  /opt/apache2/bin/apachectl start
  eend $?
}
 
stop() {
  ebegin "Zastavuji apache2"
  /opt/apache2/bin/apachectl stop
  eend $?
}
:idea: Gentoo: Přidání služby do runlevelu rc-update add apache2 default.
:?: Funkci (akci) restart není možné v Gentoo předefinovat (bude vždy: stop a start). Je ale možné nadefinovat jinou funkci (např. restartdelay) a tu povolit pomocí extra_commands=„restartdelay“.

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cvičení 2

Příspěvek od Destroyer » ned 15. úno 2015 5:29:53

Uzitecne odkazy
https://github.com/phanan/htaccess

Vim settings

Kód: Vybrat vše

-- cislovani radku
:set nu
:highlight LineNr ctermfg=white ctermbg=black   

Spuštění serveru (2b)

Kód: Vybrat vše

[ ! -f /etc/init.d/apache2 ] && echo "Soubor nenalezen!"
# kontrola jestli se nacita konfigurace z httpd-min.conf
cat /etc/init.d/apache2
cat /etc/conf.d/apache2
#promenna CONFIGFILE v init.d a config.d (resp jen v config.d)

Nastavení TCP spojení (1b)

Kód: Vybrat vše

Listen 127.0.0.1:80
Listen 127.0.0.1:8080
Listen IPzIFCONFIGU:80
Listen IPzIFCONFIGU:8080
Zdroje umístěné v DocumentRoot (1b)

Kód: Vybrat vše

#koren webu
DocumentRoot "/var/www/main"

# nastaveni utf8 v adresari
<Directory "/var/www/main">
DefaultType text/html
AddDefaultCharset utf-8
</Directory>

#zakaz pristupu do adresare
<Directory "/var/www/main/private">
Order allow,deny
deny from all
</Directory>



#V pripade chyby 404 Not Found zkontrolujte, zda neni potreba nacist nějaký rozsirujici modul.
#zkontrolovat zda se v httpd.conf nachazi LoadModule autoindex_module modules/mod_autoindex.so
<IfModule autoindex_module>
<Directory "/var/www/main/users">
Options +Indexes
</Directory>
<Directory "/var/www/main/users/*">
Options -Indexes
AllowOverride All #nejsem si jisty > povolte použítí .htaccess a přenastavení Options a Limit
</Directory>
</IfModule>

#Povolte výpis obsahu adresáře /var/www/main/users/franta/data pomocí souboru .htaccess.
# staci zalozit soubor .htaccess a vlozit 
<IfModule autoindex_module>
Options +Indexes
</IfModule>

#Zakažte zobrazení všech souborů s příponou bak nebo txt.
IndexIgnore *.bak *.txt

Zdroje umístěné mimo DocumentRoot (1b)

Kód: Vybrat vše

#Načtěte do serveru modul alias. - staci pridat do http_min.conf
LoadModule alias_module modules/mod_alias.so

#2,3,4 v jednom
<IfModule alias_module>
   Alias /vhosts /var/www/vhosts
   <Directory /var/www/vhosts>
      Order allow,deny
      Allow from all
   </Directory>
   <IfModule autoindex_module>
      <Directory "/var/www/vhosts">
         Options +Indexes
      </Directory>
   </IfModule>
</IfModule>
Generované zdroje

Kód: Vybrat vše

LoadModule info_module modules/mod_info.so
LoadModule status_module modules/mod_status.so

# info
<IfModule info_module>
   <Location /server-info>
      SetHandler server-info
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
   </Location>
</IfModule>

# status
<IfModule status_module>
   ExtendedStatus on
   <Location /server-status>
      SetHandler server-status
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
</Location>
</IfModule>
Logování (1b)

Kód: Vybrat vše

ErrorLog /var/log/apache2/error_log
LogLevel info

Cely config httpd_min.conf - vse v 1

Kód: Vybrat vše

# /etc/apache2/httpd_min.conf
#
# Y36AWS - Konfigurace
# Minimalni konfigurace Apache httpd
#
# Tomas Kadlec, 1.10.2008

# ServerRoot - korenovy adresar ve kterem je instalace, pozor nedavat nakonec lomitko!
# Core, kontext: hlavni server
ServerRoot "/usr/lib64/apache2"

# Modul, ktery umoznuje definovat vychozi stranku (pro kontexty hlavni server, vhost, directory)
LoadModule dir_module modules/mod_dir.so
# Modul pro autorizaci podle IP adresy / DNS jmena - direktiva Order, Allow a Deny
LoadModule authz_host_module modules/mod_authz_host.so
# Modul pro informace o serveru.
#index
LoadModule autoindex_module modules/mod_autoindex.so

LoadModule info_module modules/mod_info.so
#status
LoadModule status_module modules/mod_status.so
#alias
LoadModule alias_module modules/mod_alias.so

# User/Group - jmeno nebo UID/GID, je vhodne neprovozovat apache jako root 
# MPM, kontext: hlavni server
User apache
Group apache

# TCP port, na kterem se ma poslouchat
Listen 127.0.0.1:80
Listen 127.0.0.1:8080

Listen IPvirtualniSitovky01:80
Listen IPvirtualniSitovky01:8080

Listen IPvirtualniSitovky02:80
Listen IPvirtualniSitovky02:8080

Listen IPvirtualniSitovky03:80
Listen IPvirtualniSitovky03:8080


# Timeout - Doba vyckavani na urcite udalosti (TCP spojeni, doba prijimani pozadavku GET ...)
# Core, kontext: hlavni server, vhost
Timeout 300

# KeepAlive - perzistentni spojeni HTTP/1.1
# MaxKeepAliveRequests - maximalni pocet pozadavku na jedno perzistentni spojeni
# KeepAliveTimeout - doba cekani na pozadavek pred ukoncenim prezistentniho spojeni
# Core, kontext: hlavni server, vhost
#KeepAlive On
#MaxKeepAliveRequests 100
#KeepAliveTimeout 15

# UseCanonicalName - urcuje, jak server vytvari odkazy na sebe (on - ServerName/off - klient)
# Core, kontext: hlavni server, vhost, directory
#UseCanonicalName Off

# AccessFileName - run-time konfigurace
# Core, kontext: hlavni server, vhost
#AccessFileName .htaccess

# ServerTokens - obsah HTTP hlavicky Server (identifikace SW serveru) - Full | OS | Minor | Minimal | Major | Prod
# ServerSignature - navic pridava verzi serveru a nazev vhosta (autom. generovane vypisy) - Off | On | Email
ServerTokens Prod
ServerSignature On

# Core, kontext: hlavni server, vhost
# HostnameLookups - prekladat IP adresy na jmena (do logu) - typicky ne kvuli vykonu
HostnameLookups Off

# ErrorLog - zakladni log, bez nej se nelze obejit, loguji se zpravy hlavniho serveru a vhostu, kteri nemaji 
# vlastni ErrorLog
# LogLevel - "hlasitost" logovani: debug, info, notice, warn, error, crit, alert, emerg
# Core, kontext: hlavni server, vhost
ErrorLog /var/log/apache2/error_log
LogLevel info

# MIME typy
# Core, kontext: hlavni server, vhost, directory, .htaccess
DefaultType none

# Zakladni nastaveni pristupu na filesystem - ZAKAZUJEME pristup kamkoliv, kde ho dale explicitne nepovolime,
# vychozi nastaveni POVOLUJE pristup vsude, tak pozor!
# <Directory adresar> - sekce nastavujici moznosti adresare na filesystemu, cesta muze byt
#  * absolutni
#  * obsahovat shellove vzory (*, ?, [] atd.)
<Directory />
   # co je v adresari povoleno
   Options FollowSymLinks
   # smi se neco konfigurovat v .htaccess
   AllowOverride None
   # v jakem poradi se aplikuji pravidla pro povoleni/odepreni pristupu?
   Order deny,allow
   # zakaz pristup odevsad
   Deny from all
   # a nic nepovoluj
</Directory>

# DirectoryIndex - nazev souboru, ktery bude odeslan pri pozadavku na cely adresar
<IfModule dir_module>
   DirectoryIndex index.html
</IfModule>

# Zakazani odeslani souboru, jehoz nazev zacina na .ht
#<FilesMatch "^\.ht">
#   Order allow,deny
#   Deny from all
#</FilesMatch>


# ServerAdmin - nastaveni e-mailu administratora - ukazuje se v chybovych hlasenich
# Core, kontex: hlavni server, vhost
ServerAdmin root@localhost

# DocumentRoot - nastaveni korenoveho adresare webu
# Core, kontext: hlavni server, vhost
#DocumentRoot "/var/www/localhost/htdocs"
DocumentRoot "/var/www/main"

# nastaveni utf8 v adresari
<Directory "/var/www/main">
Order allow,deny
allow from all
# potvrzeno jako fungujici reseni viz AWD prednaska 02 (24.2.2015)
DefaultType text/html
AddDefaultCharset utf-8
</Directory>

#zakaz pristupu do adresare
<Directory "/var/www/main/private">
Order allow,deny
deny from all
</Directory>
 
 
 
<IfModule autoindex_module>
<Directory "/var/www/main/users">
Options +Indexes
</Directory>
<Directory "/var/www/main/users/*">
Options -Indexes
AllowOverride All
</Directory>
</IfModule>

<IfModule alias_module>
   Alias /vhosts /var/www/vhosts
   <Directory /var/www/vhosts>
      Order allow,deny
      Allow from all
   </Directory>
   <IfModule autoindex_module>
      <Directory "/var/www/vhosts">
         Options +Indexes
      </Directory>
   </IfModule>
</IfModule>


<IfModule info_module>
   <Location /server-info>
      SetHandler server-info
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
   </Location>
</IfModule>
 
# status
<IfModule status_module>
   ExtendedStatus on
   <Location /server-status>
      SetHandler server-status
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1
</Location>
</IfModule>





# Jelikoz jsme zakazali pristup vsude po filesystemu, musime ho ted explicitne povolit
#<Directory "/var/www/localhost/htdocs">
#   Options Indexes FollowSymLinks
#   Order allow,deny
#   Allow from all
#</Directory>

#<IfModule info_module>
#   <Location /server-info>
#      SetHandler server-info
#      Order allow,deny
#      Allow from all
#   </Location>
#</IfModule>
# vim: ts=3 filetype=apache



Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cvičení 3

Příspěvek od Destroyer » pon 02. bře 2015 5:45:39

Nastavení DNS

Zkontrolujte, zda soubor /etc/hosts obsahuje následujcící záznamy. Značka -X- v IP adrese musí odpovídat 3. oktetu IP adresy rozhraní eth0:n na konkrétním PC. Případné chyby opravte.
172.16.-X-.1 http://www.mycorp.aw
172.16.-X-.1 http://www.aliascorp.aw
172.16.-X-.2 http://www.othercorp1.aw
172.16.-X-.2 http://www.othercorp2.aw
172.16.-X-.2 http://www.othercorp3.aw
172.16.-X-.3 http://www.nocorp.aw

Kód: Vybrat vše

127.0.0.1   localhost biawd biawd.aw
172.16.15.1 www.mycorp.aw
172.16.15.1 www.aliascorp.aw
172.16.15.2 www.othercorp1.aw
172.16.15.2 www.othercorp2.aw
172.16.15.2 www.othercorp3.aw
172.16.15.3 www.nocorp.aw
10.0.15.4 www.safecorp.aw
10.0.15.9 www.testcorp.aw

Kód: Vybrat vše

# TCP port, na kterem se ma poslouchat
Listen 127.0.0.1:80
Listen 127.0.0.1:8080
Listen 172.16.15.1:80
Listen 172.16.15.1:8080
Listen 172.16.15.2:80
Listen 172.16.15.2:8080
Listen 172.16.15.3:80
Listen 172.16.15.3:8080
Listen 172.16.15.4:80
Listen 172.16.15.4:8080

# Pridani modulu
#NACITAT POUZE U IP BASED A MIXED
Include /etc/apache2/virtual_ip.conf
# NACITAT POUZE U NAME BASED
Include /etc/apache2/virtual_name.conf
# NACITAT POUZE U MIXED
Include /etc/apache2/virtual_name_mixed.conf

IP-based virual hosting (3b)
Očekávaný výsledek (přihlašte se po splnění všech úkolů v této části, navazují na sebe a nevylučují se):[/*][/list]

1 bod - fungují URL http://www.mycorp.aw a http://www.aliascorp.aw
1 bod - log pro virtuálního hostitele mycorp se ukládá do souboru /var/log/apache2/mycorp_error_log
1 bod - funkční výchozí IP-based virtuální hostitel (např. http://www.nocorp.aw)

Kód: Vybrat vše

<VirtualHost _default_>
DocumentRoot /var/www/vhosts/default
</VirtualHost>


<VirtualHost 172.16.15.1>
DocumentRoot /var/www/vhosts/mycorp
ServerName www.mycorp.aw
ServerAlias www.aliascorp.aw
ErrorLog /var/log/apache2/mycorp_error_log
</VirtualHost>

<Directory /var/www/vhosts>
Order Deny,Allow
</Directory>



Name-based virtual hosting (2b)
  • Pro tuto část se ujistěte, že nenačítáte konfiguraci pro IP-based virtual hosting (neměla by žádný vliv).
  • Pro konfiguraci name-based virtual hostingu si vytvořte samostatný soubor, pomocí direktivy Include ho načtěte do hlavního konfiguračního souboru.
  • Vyhraďte všechny IP adresy, na kterých server poslouchá, pro name-based virtual hosting.
  • Nastavte výchozího virtuálního hostitele:
  • Nastavte dalšího virtuálního hostitele na:
  • Vyzkoušejte požadavky na http://www.othercorp1.aw, http://www.othercorp2.aw, http://www.othercorp3.aw
Očekávaný výsledek (přihlašte se po splnění všech úkolů v této části, navazují na sebe a nevylučují se):

1 bod - fungují url http://www.othercorp1.aw - Othercorp 1, http://www.othercorp2.aw - Othercorp 2
1 bod - http://www.othercorp3.aw - vede na výchozího name-based vh, tedy Othercorp 1

Kód: Vybrat vše

NameVirtualHost *

<Directory /var/www/vhosts>
order deny,allow
</Directory>

<VirtualHost *>
ServerName www.othercorp1.aw
DocumentRoot /var/www/vhosts/othercorp1
</VirtualHost>

<VirtualHost *>
ServerName www.othercorp2.aw
DocumentRoot /var/www/vhosts/othercorp2
</VirtualHost>


Mixed virtual hosting (1b)
Očekávaný výsledek (přihlašte se po splnění všech úkolů v této části, navazují na sebe a nevylučují se):

1 bod - funguje najednou http://www.mycorp.aw a http://www.othercorp1.aw

Kód: Vybrat vše

NameVirtualHost 172.16.15.2


<VirtualHost 172.16.15.2>
ServerName www.othercorp1.aw
DocumentRoot /var/www/vhosts/othercorp1
</VirtualHost>

<VirtualHost 172.16.15.2>
ServerName www.othercorp2.aw
DocumentRoot /var/www/vhosts/othercorp2
</VirtualHost>

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cvičení 4

Příspěvek od Destroyer » ned 08. bře 2015 4:11:45

Logování
PRIPRAVA
1. nastavit proxy
2. nastavit soubor etc/hosts (viz vyse)
3. nastavit poslouchani serveru na dane IP
tahle image je totalne podelana, dobre rozumet ab bencharmku dopredu, zalohy urcitych slozek o prispevek nize
ErrorLog (1b)

Kód: Vybrat vše

ErrorLog /var/log/apache2/main_error_log
Pro virtuálního hostitele http://www.mycorp.aw směrujte ErrorLog do souboru /var/log/apache2/mycorp_error_log.
jiz hotovo avsak pro test je potreba priradit poslouchani ve /etc/apache2/vhosts.d/00-server.conf na 127.0.0.1:80 pokud chceme testovat localhost


CustomLog (2b)

Kód: Vybrat vše

# 1.   %h - vzdaleny uzivatel, %t cas prijeti, %r prvni radka pozadavku, %>s stav pozadavku po vsech presmerovanich, %B velikost odpovedi v B bez HTTP hlavicek
LogFormat "%h %t \"%r\" %>s %B" aw-common
LogFormat "\"%{Referer}i\"::%U" aw-referer
LogFormat "%h %t \"%r\" %>s %B \"%{Referer}i\"::%U" aw-combined

#2.  + potreba zmenit IPcka u kazdeho virtual hosta
   CustomLog /var/log/apache2/mycorp-access-log aw-common
   CustomLog /var/log/apache2/mycorp-refer-log aw-referer

   CustomLog /var/log/apache2/othercorp2-access-log aw-common
   CustomLog /var/log/apache2/othercorp2-refer-log aw-referer

   CustomLog /var/log/apache2/othercorp1-access-log aw-common
   CustomLog /var/log/apache2/othercorp1-refer-log aw-referer

#3. ????

#4. PROFIT
#ne ale vazne... ta trojka wtf 
Multi-Processing Modules (1b)

Kód: Vybrat vše

# 5,5,10,150,10000
# PRO FUNKCNOST MOD_STATUS POTREBA UPRAVIT TOTO V /etc/conf.d/apache2 
# APACHE2_OPTS="-D INFO -D LANGUAGE -D STATUS"
<IfModule mpm_prefork_module>
        StartServers            3
        MinSpareServers         5
        MaxSpareServers         10
        MaxClients              100
        MaxRequestsPerChild     100
</IfModule>
mod_mime (2b)
POTREBA PRESUNOUT SLOZKU /var/www/mime do /var/www/main/mime
#1.

Kód: Vybrat vše

#TypesConfig /etc/mime.types
TypesConfig /etc/apache2/mime.types
#2.

Kód: Vybrat vše

<Directory "/var/www/main/mime">
DefaultType text/plain
</Directory>
#3.

Kód: Vybrat vše

TypesConfig /etc/mime.types
#TypesConfig /etc/apache2/mime.types
#4.

Kód: Vybrat vše

AddType audio/mpeg .abc
AddType audio/mpeg .html
#5.

Kód: Vybrat vše

<Directory "/var/www/main/mime">
ForceType image/jpeg
</Directory>
Custom skript

Kód: Vybrat vše

#!/bin/bash
# dnem se zde ale myslelo datum! ... holt si clovek nema brat zadani doslovne...
echo "Zadejte den:"
read den
if ! [[ $den =~  ^[0-9]+$ ]] ; then echo "Musite zadat cislo" >&2 ; exit 1; fi
if [ $den -lt 1 ] || [ $den -gt 31 ]; then echo "Spatny den" >&2 ; exit 1; fi
awk -v den="$den" 'BEGIN{FS="[\\[\\/]"} $2 == den {print $1}' /var/log/apache2/access_log | cut -d" " -f1 | uniq -c
You're pro or you're a noob. That's life
Obrázek Obrázek

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cviceni 4 - zaloha

Příspěvek od Destroyer » pon 09. bře 2015 16:24:00

Kód: Vybrat vše

# /etc/conf.d/apache2: config file for /etc/init.d/apache2

# When you install a module it is easy to activate or deactivate the modules
# and other features of apache using the APACHE2_OPTS line. Every module should
# install a configuration in /etc/apache2/modules.d. In that file will have an
# <IfDefine NNN> directive where NNN is the option to enable that module.
#
# Here are the options available in the default configuration:
#
#  AUTH_DIGEST  Enables mod_auth_digest
#  AUTHNZ_LDAP  Enables authentication through mod_ldap (available if USE=ldap)
#  CACHE        Enables mod_cache
#  DAV          Enables mod_dav
#  ERRORDOCS    Enables default error documents for many languages.
#  INFO         Enables mod_info, a useful module for debugging
#  LANGUAGE     Enables content-negotiation based on language and charset.
#  LDAP         Enables mod_ldap (available if USE=ldap)
#  MANUAL       Enables /manual/ to be the apache manual (available if USE=docs)
#  MEM_CACHE    Enables default configuration mod_mem_cache
#  PROXY        Enables mod_proxy
#  SSL          Enables SSL (available if USE=ssl)
#  STATUS       Enabled mod_status, a useful module for statistics
#  SUEXEC       Enables running CGI scripts (in USERDIR) through suexec.
#  USERDIR      Enables /~username mapping to /home/username/public_html
#
#
# The following two options provide the default virtual host for the HTTP and
# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
# will not listen for incomming connections on the approriate port.
#
#  DEFAULT_VHOST      Enables name-based virtual hosts, with the default
#                     virtual host being in /var/www/localhost/htdocs
#  SSL_DEFAULT_VHOST  Enables default vhost for SSL (you should enable this
#                     when you enable SSL)
#
APACHE2_OPTS="-D INFO -D LANGUAGE -D STATUS"

# Extended options for advanced uses of Apache ONLY
# You don't need to edit these unless you are doing crazy Apache stuff
# As not having them set correctly, or feeding in an incorrect configuration
# via them will result in Apache failing to start
# YOU HAVE BEEN WARNED.

# PID file
#PIDFILE=/var/run/apache2.pid

# timeout for startup/shutdown checks
#TIMEOUT=10

# ServerRoot setting
#SERVERROOT=/usr/lib64/apache2

# Configuration file location
# - If this does NOT start with a '/', then it is treated relative to
# $SERVERROOT by Apache
CONFIGFILE=/etc/apache2/httpd.conf

# Location to log startup errors to
# They are normally dumped to your terminal.
#STARTUPERRORLOG="/var/log/apache2/startuperror.log"

# A command that outputs a formatted text version of the HTML at the URL
# of the command line. Designed for lynx, however other programs may work.
#LYNX="lynx -dump"

# The URL to your server's mod_status status page.
# Required for status and fullstatus
#STATUSURL="http://localhost/server-status"

# Method to use when reloading the server
# Valid options are 'restart' and 'graceful'
# See http://httpd.apache.org/docs/2.2/stopping.html for information on
# what they do and how they differ.
#RELOAD_TYPE="graceful"
Přílohy
main.tar
/var/www/main/mime
(10.1 MiB) Staženo 85 x
apache.tar
/etc/apache2
(90 KiB) Staženo 64 x
You're pro or you're a noob. That's life
Obrázek Obrázek

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

Re: cvičení 5

Příspěvek od Destroyer » pon 16. bře 2015 5:20:33

Kód: Vybrat vše

fixy:
potreba zmenit chmod slozce /var/www/filter (chmod +x)
potreba zmenit chmod vytvorenemu skriptu (chmod +x)
pouzit tento config, ne z archivu!

Kód: Vybrat vše

##
## Konfigurace hlavniho serveru

# DocumentRoot - nastaveni korenoveho adresare webu
# Core, kontext: hlavni server, vhost
ServerName localhost
DocumentRoot "/var/www/main"

# Jelikoz je zakazan pristup vsude po filesystemu, musime ho ted explicitne povolit
<Directory "/var/www/main">
   Options SymLinksIfOwnerMatch
   Order allow,deny
   Allow from all
</Directory>
# -----------------------
<Directory "/var/www/main/filter">
	Order allow,deny
	Allow from all
</Directory>

#SCRIPTALIAS -- u gci skriptu a skript aliasu chtel rozdeleni do dvou slozek aby pro jednu byl scriptalias a pro druhou cgi skript
ScriptAlias /cgi-bin "/var/www/cgi-bin"
<Directory "/var/www/cgi-bin">
#	Options +ExecCGI - netreba pri skriptaliasu
#	AddHandler cgi-script .cgi - netreba pri skriptaliasu
	Order deny,allow
allow from all
</Directory>

#CGI-SCRIPT
#Alias /cgi-bin /var/www/cgi-bin
#<Directory "/var/www/cgi-bin">
#	Options +ExecCGI
#	AddHandler cgi-script .cgi
#	Order deny,allow
#	allow from all
#</Directory>
<Directory "/var/www/main/texty">
Action text/plain "/cgi-bin/vypis.cgi" virtual
</Directory>

# ------------------------
# do private ma byt pristup zakazan
<Directory "/var/www/main/private">
   Order deny,allow
   Deny from all
</Directory>



NEDODELANO.... ma to bejt "user friendly" ale v zadani to neni :evil:

Kód: Vybrat vše

#!/bin/bash
echo "Content-Type: text/html"
echo ""
 
if  [ `echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^lines=" | tail -1` == "lines=top" ] ; then
if [ `echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^count=" | wc -l` == "0" ] ; then
echo "<pre>"
head "${PATH_TRANSLATED}"
echo ""
echo "Debug: $QUERY_STRING"
echo "</pre>"
echo "<a href='${REDIRECT_URL}?lines=bottom'>zobrazit poslednich 10 radek</a><br>"
echo "<a href='${REDIRECT_URL}'>zobrazit vse</a>"
echo "<form action="${REDIRECT_URL}" method="GET"> "
echo "<textarea name="count"></textarea>"
echo "<input type="submit" name="lines" value="top" /> "
echo "</form> "
else
hodnota=`echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^count=" | tail -1 | cut -d"=" -f2`
echo "<pre>"
regx='^[0-9]+$'
if ! [[ $hodnota =~ $regx ]] ; then
   echo "Chybna hodnota v count"; exit 1
   fi
head -n+$hodnota "${PATH_TRANSLATED}"
echo ""
echo "Debug: $QUERY_STRING"
echo "</pre>"
echo "<a href='${REDIRECT_URL}?lines=bottom'>zobrazit poslednich 10 radek</a><br>"
echo "<a href='${REDIRECT_URL}'>zobrazit vse</a>"
echo "<form action="${REDIRECT_URL}" method="GET"> "
echo "<textarea name="count"></textarea>"
echo "<input type="submit" name="lines" value="top" /> "
echo "</form> "
fi
elif  [ `echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^lines=" | tail -1` == "lines=bottom" ] ; then
if [ `echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^count=" | wc -l` == "0" ] ; then
echo "<pre>"
tail "${PATH_TRANSLATED}"
echo ""
echo "Debug: $QUERY_STRING"
echo "</pre>"
echo "<a href='${REDIRECT_URL}?lines=top'>zobrazit prvnich 10 radek</a><br>"
echo "<a href='${REDIRECT_URL}'>zobrazit vse</a>"
else
hodnota=`echo "${QUERY_STRING}" | tr '&' '\n'| grep  "^count=" | tail -1 | cut -d"=" -f2`
echo "<pre>"
regx='^[0-9]+$'
if ! [[ $hodnota =~ $regx ]] ; then
   echo "Chybna hodnota v count"; exit 1
   fi
tail -n-$hodnota "${PATH_TRANSLATED}"
echo ""
echo "Debug: $QUERY_STRING"
echo "</pre>"
echo "<a href='${REDIRECT_URL}?lines=bottom'>zobrazit poslednich 10 radek</a><br>"
echo "<a href='${REDIRECT_URL}'>zobrazit vse</a>"
echo "<form action="${REDIRECT_URL}" method="GET"> "
echo "<textarea name="count"></textarea>"
echo "<input type="submit" name="lines" value="bottom" /> "
echo "</form> "
fi
else
echo '<pre>'
cat "${PATH_TRANSLATED}"
echo ""
echo "Debug: $QUERY_STRING"
echo '</pre>'
echo "<a href='${REDIRECT_URL}?lines=top'>zobrazit prvnich 10 radek</a><br>"
echo "<a href='${REDIRECT_URL}?lines=bottom'>zobrazit poslednich 10 radek</a>"
fi 
Přílohy
www.tar
(10.13 MiB) Staženo 79 x
apache2.tar
(90 KiB) Staženo 82 x
You're pro or you're a noob. That's life
Obrázek Obrázek

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cviceni 7

Příspěvek od Destroyer » sob 21. bře 2015 5:46:34

Priprava prostredi

Kód: Vybrat vše

#stahnout & rozbalit prilohy 
cd ~/Downloads
wget -O apache2.tar https://vcklan.cz/download/file.php?id=3046
wget -O www.tar https://vcklan.cz/download/file.php?id=3047
tar xvf www.tar 
tar xvf apache2.tar 
# zkopirovani slozky apache2 do /etc/
# zkopirovani slozky www do /var/
#uprava souboru pro danou konfiguraci
vim /etc/hosts
# prepsat IP u 10.0.15.8 www.corp.aw podle ifconfigu
vim vhosts.d/00-server.conf 
# dopsat Listen 10.0.15.8:80 resp na spravnou ip
vim vhosts.d/25-corp.conf
#prepsat IP u virtualhosta

#pouzit skript na odevzdani
odevzdej.sh
www.tar
(10.13 MiB) Staženo 76 x
apache2.tar
(90 KiB) Staženo 88 x
FIXES AFTER YOU REPLACE THE FILES:
#1 bin/whoami.cgi error 500

Kód: Vybrat vše

cd /var/www/vhosts/corp/bin
chown -R corp:corp .
#2 /var/www/users/franta/bin/whoami.cgi error 500

Kód: Vybrat vše

cd /var/www/users/franta
chown franta:users bin/whoami.cgi
chmod o-w bin/
chmod +x bin/whoami.cgi
#3 /var/www/users/franta/info.php error 500

Kód: Vybrat vše

cd /var/www/users/franta
chown -R franta:users .

----------------- !!!!!!!!!DO NOT USE, USE TAR ARCHIVES!!!!!!!!! -------------------------------

Kód: Vybrat vše

# fix ip plz
<VirtualHost 10.0.15.8>
        ServerName www.corp.aw
        DocumentRoot /var/www/vhosts/corp
        <Directory /var/www/vhosts/corp>
                Order allow,deny
                allow from all
        </Directory>
        DirectoryIndex index.php index.html
        <Directory /var/www/users/*>
        Options -Indexes
        Order allow,deny
        Allow from all
        </Directory>
</VirtualHost>
:sipka: todo presunout do vhosts 25-corp.conf

Kód: Vybrat vše

<IfDefine USERDIR_HOME>
        <IfModule !userdir_module>
                LoadModule userdir_module modules/mod_userdir.so
        </IfModule>
        Userdir /var/www/users
        <Directory /var/www/users/*>
                Options Indexes SymlinksIfOwnerMatch
                Order Deny,Allow
                AllowOverride AuthConfig Limit FileInfo Options=Indexes
        </Directory>

        <Directory /var/www/users/*/bin>
                Options +ExecCGI
                AddHandler cgi-script .cgi
        </Directory>
</IfDefine>

suEXEC

Kód: Vybrat vše

APACHE2_OPTS="-D INFO -D LANGUAGE -D USERDIR_HOME -D USERDIR_WWW -D SUEXEC -D FCGID -D PHP5"

Kód: Vybrat vše

        
        <Directory /var/www/vhosts/corp/bin>
                SuexecUserGroup corp corp
                Options +ExecCGI
                AddHandler cgi-script .cgi
        </Directory>

#fixes issue with: malformed header from script. Bad header=uid=1002(corp) gid=1002(corp) : whoami.cgi

Kód: Vybrat vše

#!/bin/bash
cat << --HTTP--
Content-type: text/plain
Connection: close

`id`
--HTTP--
You're pro or you're a noob. That's life
Obrázek Obrázek

Uživatelský avatar
Destroyer
VCKLAN TEAM
Příspěvky: 805
Registrován: čtv 13. srp 2009 13:50:15
Bydliště: Praha 12
Kontaktovat uživatele:

cvičení 6

Příspěvek od Destroyer » ned 22. bře 2015 1:14:15

Kód: Vybrat vše

Ověření funkčnosti:

1)
funguje (odkazy na whoami cgi, php ... cgi by mělo jít, php ne):
http://www.safecorp.aw/~franta
http://www.safecorp.aw/~pepa

2)
http://www.safecorp.aw/~franta/private   -- forbidden
http://www.safecorp.aw/~pepa/private     -- možnost lognout (user:pepa, pass:pepa // user:franta, pass:franta // user:karel,pass:karel by jít nemělo) a funguje po lognutí (měl by být vidět test.html, test.txt ne)

3)
funguje i:
https://www.safecorp.aw/~franta
https://www.safecorp.aw/~pepa


-----------------------------------------------------------------------------------------------------------------------------------


Check IP (případně přepsat na správnou):
/etc/hosts
/etc/apache2/vhosts.d/00-server.conf
/etc/apache2/vhosts.d/25-safecorp.conf


Important files:
/etc/apache2/vhosts.d/25-safecorp.conf
/home/pepa/www/private/.htaccess
/home/pepa/www/private/.htgroup
/home/pepa/www/private/.htpasswd

Kód: Vybrat vše

#priprava
cd Downloads/
tar xvf apache2.tar 
tar xvf home.tar 
tar xvf ssl.tar 

useradd -u 1000 -m -d /home/franta -s /bin/bash -g users franta
useradd -u 1001 -m -d /home/pepa -s /bin/bash -g users pepa

#prejmenovat soubor /etc/apache2/modules/00_mod_userdir.conf na 00_mod_userdir.conf.bckp

# zmenit radku v souboru etc/conf.d/apache2
APACHE2_OPTS="-D INFO -D LANGUAGE -D USERDIR -D SSL"
# vygenerovat certifikat pres 
openssl req -new -x509 -nodes -out server.crt -keyout server.key -days 365 
# nebo pouzit ssl.tar a zkopirovat do /etc/ssl/apache2/
# mozna bude treba pridat certifikat take do FF (prefs-advanced-encryption-view cert-import a pak edit trust a trust the auth. of this cert.
#pri dekodovani hesla je lepsi pouzit a nesrat se s uudecode
echo heslo | base64 --decode
#fix errory 403
cd /home/franta/www
chmod 755 .
cd /home/pepa/www
chmod 755 .
chmod 755 private/
#chmod +x whoami.cgi # neni treba
# doporuceno pouzit config z IfYouWantToGoCrazy(viz nize) / config z eduxu az bude aktualizovan
ssl.tar
(20 KiB) Staženo 86 x
home.tar
(20 KiB) Staženo 77 x
apache2.tar
(90 KiB) Staženo 86 x

----------------- !!!!!!!!!DO NOT USE, USE TAR ARCHIVES!!!!!!!!! -------------------------------

Kód: Vybrat vše

<VirtualHost 10.0.15.4:80>
   ServerName www.safecorp.aw
   ErrorLog /var/log/apache2/safecorp_error_log
#DocumentRoot /var/www/vhostsvi/mycorp
<FilesMatch "^\.ht">
   Order allow,deny
   Deny from all
</FilesMatch>
<IfDefine USERDIR>
    <IfModule !userdir_module>
    	LoadModule userdir_module modules/mod_userdir.so
    </IfModule>
    Userdir www
    Userdir disabled
    Userdir enabled franta pepa
	<Directory /home/*/www>
	Options Indexes 
	#SymlinksIfOwnerMatch
	Order allow,deny
	allow from all	
	AllowOverride AuthConfig Limit FileInfo Options=Indexes
    </Directory>
				     
    <Directory /home/*/www/bin>
 	Options +ExecCGI
	AddHandler cgi-script .cgi
    </Directory>
</IfDefine>
</VirtualHost>

<VirtualHost 10.0.15.4:443>
   ServerName www.safecorp.aw
   ErrorLog /var/log/apache2/safecorp_error_log
           # SSL povoleno
           SSLEngine on
           # SSL Cipher Suite:
           SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
           # Server Certificate (RSA):
           SSLCertificateFile /etc/ssl/apache2/server.crt
           # Server Private Key (RSA):
           SSLCertificateKeyFile /etc/ssl/apache2/server.key
           # Nektere aplikace mohou vyzadovat nastaveni promennych prostredi
           <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
           </FilesMatch>
           <Directory "/var/www/localhost/cgi-bin">
                SSLOptions +StdEnvVars
           </Directory>
           # SSL Protocol Adjustments:
           <IfModule setenvif_module>
                BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
           </IfModule>
           # Per-Server Logging:
           <IfModule log_config_module>
                CustomLog /var/log/apache2/ssl_1_1_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
           </IfModule>

<IfDefine USERDIR>
    <IfModule !userdir_module>
    	LoadModule userdir_module modules/mod_userdir.so
    </IfModule>
    Userdir disabled
    Userdir enabled franta pepa
	<Directory /home/*/www>
	Options Indexes 
	#SymlinksIfOwnerMatch
	Order allow,deny
	allow from all	
	AllowOverride AuthConfig Limit FileInfo Options=Indexes
    </Directory>
				     
    <Directory /home/*/www/bin>
 	Options +ExecCGI
	AddHandler cgi-script .cgi
    </Directory>
</IfDefine>

</VirtualHost>

Kód: Vybrat vše

AuthUserFile /home/pepa/www/private/.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user 
order deny,allow

Kód: Vybrat vše

#NENI TREBA PRI KOPIROVANI VECI Z TARU
htpasswd -c  /home/pepa/www/private/.htpasswd pepa
htpasswd /home/pepa/www/private/.htpasswd franta
htpasswd /home/pepa/www/private/.htpasswd karel
more secured version, based on webdev config -- 25-safecorp.conf

Kód: Vybrat vše

<VirtualHost 10.0.15.4:80>
   ServerName www.safecorp.aw
   ErrorLog /var/log/apache2/safecorp_error_log
#DocumentRoot /var/www/vhostsvi/mycorp
<FilesMatch "^\.ht">
   Order allow,deny
   Deny from all
</FilesMatch>
<IfDefine USERDIR>
    <IfModule !userdir_module>
    	LoadModule userdir_module modules/mod_userdir.so
    </IfModule>
    Userdir www
    Userdir disabled
    Userdir enabled franta pepa
	<Directory /home/*/www>
	Options Indexes 
	#SymlinksIfOwnerMatch
	Order allow,deny
	allow from all	
	AllowOverride AuthConfig Limit FileInfo Indexes Options=Indexes
    </Directory>
	
    <Directory /home/pepa/www/private>
	AllowOverride AuthConfig Limit FileInfo Options=Indexes
	Options Indexes SymLinksIfOwnerMatch
    </Directory>		     
    <Directory /home/*/www/bin>
 	Options +ExecCGI
	AddHandler cgi-script .cgi
    </Directory>
</IfDefine>
</VirtualHost>

# SSL

        <IfDefine SSL>
        <IfModule ssl_module>
         
        <VirtualHost 10.0.15.4:443>
           ServerName www.safecorp.aw
                ErrorLog /var/log/apache2/ssl_error_log
         
                <IfModule log_config_module>
                        TransferLog /var/log/apache2/ssl_access_log
                </IfModule>
         
                ## SSL Engine Switch:
                # Enable/Disable SSL for this virtual host.
                SSLEngine on
         
                ## SSLProtocol:
                # Don't use SSLv2 anymore as it's considered to be broken security-wise.
                # Also disable SSLv3 as most modern browsers are capable of TLS.
                SSLProtocol ALL -SSLv2 -SSLv3
         
                ## SSL Cipher Suite:
                # List the ciphers that the client is permitted to negotiate.
                # See the mod_ssl documentation for a complete list.
                # This list of ciphers is taken from https://weakdh.org/sysadmin.html
                SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
                ## SSLHonorCipherOrder:
                # Prefer the server's cipher preference order as the client may have a
                # weak default order.
                SSLHonorCipherOrder On
         
                ## Server Certificate:
                # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
                # is encrypted, then you will be prompted for a pass phrase. Note that a
                # kill -HUP will prompt again. Keep in mind that if you have both an RSA
                # and a DSA certificate you can configure both in parallel (to also allow
                # the use of DSA ciphers, etc.)
                SSLCertificateFile /etc/ssl/apache2/server.crt
         
                ## Server Private Key:
                # If the key is not combined with the certificate, use this directive to
                # point at the key file. Keep in mind that if you've both a RSA and a DSA
                # private key you can configure both in parallel (to also allow the use of
                # DSA ciphers, etc.)
                SSLCertificateKeyFile /etc/ssl/apache2/server.key
         
                ## OptRenegotiate:
                # This enables optimized SSL connection renegotiation handling when SSL
                # directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
                </FilesMatch>
         
                <Directory "/var/www/localhost/cgi-bin">
                        SSLOptions +StdEnvVars
                </Directory>
         
                ## SSL Protocol Adjustments:
                # The safe and default but still SSL/TLS standard compliant shutdown
                # approach is that mod_ssl sends the close notify alert but doesn't wait
                # for the close notify alert from client. When you need a different
                # shutdown approach you can use one of the following variables:
         
                ## ssl-unclean-shutdown:
                # This forces an unclean shutdown when the connection is closed, i.e. no
                # SSL close notify alert is send or allowed to received.  This violates the
                # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
                # you receive I/O errors because of the standard approach where mod_ssl
                # sends the close notify alert.
         
                ## ssl-accurate-shutdown:
                # This forces an accurate shutdown when the connection is closed, i.e. a
                # SSL close notify alert is send and mod_ssl waits for the close notify
                # alert of the client. This is 100% SSL/TLS standard compliant, but in
                # practice often causes hanging connections with brain-dead browsers. Use
                # this only for browsers where you know that their SSL implementation works
                # correctly.
                # Notice: Most problems of broken clients are also related to the HTTP
                # keep-alive facility, so you usually additionally want to disable
                # keep-alive for those clients, too. Use variable "nokeepalive" for this.
                # Similarly, one has to force some clients to use HTTP/1.0 to workaround
                # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                # "force-response-1.0" for this.
                <IfModule setenvif_module>
                        BrowserMatch ".*MSIE.*" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                </IfModule>
         
                ## Per-Server Logging:
                # The home of a custom SSL log file. Use this when you want a compact
                # non-error SSL logfile on a virtual host basis.
                <IfModule log_config_module>
                        CustomLog /var/log/apache2/ssl_request_log \
                                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                </IfModule>

<IfDefine USERDIR>
    <IfModule !userdir_module>
    	LoadModule userdir_module modules/mod_userdir.so
    </IfModule>
    Userdir www
    Userdir disabled
    Userdir enabled franta pepa
	<Directory /home/*/www>
	Options Indexes 
	#SymlinksIfOwnerMatch
	Order allow,deny
	allow from all	
	AllowOverride AuthConfig Limit FileInfo Options=Indexes
    </Directory>
				     
    <Directory /home/*/www/bin>
 	Options +ExecCGI
	AddHandler cgi-script .cgi
    </Directory>
</IfDefine>

        </VirtualHost>
        </IfModule>
        </IfDefine>
         
        # vim: ts=4 filetype=apache
      
Přílohy
index.tar
(2.5 KiB) Staženo 77 x
You're pro or you're a noob. That's life
Obrázek Obrázek

Odpovědět