Archives pour la catégorie ‘Apache’

Apache : proxy avec support SSL

<VirtualHost *:443>
   ServerName gitlab.my.domain

   SSLEngine On
   SSLCertificateFile /etc/ssl/certs/my.domain.crt
   SSLCertificateKeyFile /etc/ssl/private/my.domain.key
   SSLCertificateChainFile /etc/ssl/certs/my.domain.ca

   SSLProxyEngine on
   ProxyPass / https://gitlab.my.domain/
   ProxyPassReverse / https://gitlab.my.domain/
   ProxyPreserveHost On

   <Location />
      Order allow,deny
      Allow from all
   </Location>
</VirtualHost>

Debian : installation de PHP 5.3 sous Wheezy

root@amazon ~ # cat /etc/apt/sources.list
deb http://ftp.debian.org/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
root@amazon ~ # cat /etc/apt/preferences.d/preferences
Package: php5*
Pin: release a=oldstable
Pin-Priority: 700

Package: libapache2-mod-php5
Pin: release a=oldstable
Pin-Priority: 700

Package: php-pear
Pin: release a=oldstable
Pin-Priority: 700

Package: php-apc
Pin: release a=oldstable
Pin-Priority: 700

Package: *
Pin: release a=stable
Pin-Priority: 600
root@amazon ~ # apt-get update
root@amazon ~ # apt-get install libapache2-mod-php5 php5-cli php5-curl php5-dev php5-gd php5-mcrypt php5-mysql

Apache : désactiver l’authentification pour un sous-répertoire spécifique

<Directory /var/www/>
   AuthUserFile /etc/apache2/user-passwd
   AuthType Basic
   AuthName "Restricted access"
   Require valid-user
   Order allow,deny
   Allow from 192.168.0
   Satisfy any
</Directory>

<Directory /var/www/public>
   Order allow,deny
   Allow from all
   Satisfy any
</Directory>

Apache : loguer les IP client traversant un proxy frontal

Pour pouvoir enregistrer les IP sources des clients traversant un reverse-proxy (en s’assurant que celui-ci injecte les headers X-Forwarded-For pour le serveur en backend), il convient de déclarer un LogFormat spécifique :

LogFormat "\"%{X-Forwarded-for}i\" %D %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{forensic-id}n\"" proxy

Il convient ensuite de l’utiliser dans chaque virtual host :

Customlog /var/www/monsite.fr/logs/access_log proxy

Apache : protection X-Frame-Options

# fix for clickjacking
Header always append X-Frame-Options SAMEORIGIN

Plus d’informations ici.

Apache : autoriser le partage cross-domain des ressources

   <IfModule mod_headers.c>
      Header set Access-Control-Allow-Origin *
   </IfModule>

Source : http://enable-cors.org/

Apache : redirection HTTPS générique

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Haut de page