apache on IT Quicktasks

apache on IT Quicktaskshttps://quicktasks.ismael.casimpan.com/tags/apache/Recent content in apache on IT QuicktasksHugo -- gohugo.ioCopyright © 2018–2022, Ismael Casimpan Jr.; All Rights ReservedFri, 10 Jul 2020 00:20:25 +0800Apache 2.4: IP Whitelistinghttps://quicktasks.ismael.casimpan.com/post/ip-whitelisting-apache2.4/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/ip-whitelisting-apache2.4/ 1... 2... 3AuthType Basic 4AuthName "Development Area" 5AuthUserFile /var/www/sites/.htpasswd 6<RequireAny> 7Require ip 19.233.95.152 8Require ip 31.169.217.174 9Require ip 33.202.255.41 10Require ip 31.175.111.184 11Require ip 51.209.11.159 12Require ip 129.162.144.55 13Require valid-user 14</RequireAny> 15... 16... See https://stackoverflow.com/questions/10419592/htaccess-htpasswd-bypass-if-at-a-certain-ip-addressApache Basic Authhttps://quicktasks.ismael.casimpan.com/post/apache-basic-auth/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/apache-basic-auth/ 1AuthType Basic 2AuthName "Development" 3AuthUserFile /var/www/sites/.htpasswd 4Require valid-userApache Basic Authentication in ProxyPasshttps://quicktasks.ismael.casimpan.com/post/apache-basic-authentication-proxypass/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/apache-basic-authentication-proxypass/ 1<VirtualHost *:443> 2ServerName example.com 34SSLEngine on 5SSLCertificateFile /etc/httpd/conf.d/ssl/2017-example.com.crt 6SSLCertificateKeyFile /etc/httpd/conf.d/ssl/2017-example.com.key 7SSLCertificateChainFile /etc/httpd/conf.d/ssl/2017-example.com.bundle.crt 8910ProxyPreserveHost On 1112ProxyPass / http://127.0.0.1:8025/ 13ProxyPassReverse / http://127.0.0.1:8025/ 1415<Location /> 16Options -Indexes 17AllowOverride All 1819AuthType Basic 20AuthName "Development Area" 21AuthUserFile /var/www/sites/.htpasswd 22Require valid-user 23</Location> 24</VirtualHost>Apache HSTShttps://quicktasks.ismael.casimpan.com/post/apache-hsts/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/apache-hsts/ When a user visits your website, the above header will load first and the expiration time is 2 years (63072000 in seconds). 1# Optionally load the headers module: 2LoadModule headers_module modules/mod_headers.so 3<VirtualHost 67.89.123.45:443> 4Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains;” 5</VirtualHost> 6... 7... 8... 9<VirtualHost *:80> 10[…] 11ServerName example.com 12Redirect permanent / https://example.com/ 13</VirtualHost> More details in https://medium.com/@sslsecurity/how-to-enable-hsts-on-apache-nginx-and-lighttpd-8b0c64155911Apache Redirect for http to https via .htaccesshttps://quicktasks.ismael.casimpan.com/post/redirect-http-to-https-in-htaccess/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/redirect-http-to-https-in-htaccess/ Generic way to do it but would result into duplicate URLs, e.g. https://example.com & https://www.example.com 1RewriteCond %{HTTPS} off 2RewriteCond %{HTTP:X-Forwarded-Proto} !https 3RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] To avoid the duplicate URLs, do the following: 1## 1. Redirect all non-https except www to https://www 2RewriteCond %{HTTP_HOST} !foo\.example\.com [NC] # exclude foo.example.com domain 3RewriteCond %{HTTP_HOST} !bar\.example\.net [NC] # exclude foo.example.net domain 4RewriteCond %{HTTP_HOST} . 5RewriteCond %{HTTP_HOST} !^www\. [NC] 6RewriteCond %{HTTP:X-Forwarded-Proto} !https 7RewriteRule ^ https://www.Dump All Apache Modules Installedhttps://quicktasks.ismael.casimpan.com/post/dump-all-apache-modules-installed/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/dump-all-apache-modules-installed/ 1httpd -t -D DUMP_MODULESLogging Cloudflare Country Code in Apache Backendhttps://quicktasks.ismael.casimpan.com/post/logging-cloudflare-countrycode-apache-backend/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/logging-cloudflare-countrycode-apache-backend/ 1... 2... 3LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{cf-ipcountry}i" cloudflare_custom 4CustomLog /var/log/httpd/site.example.com-cloudflare_custom.log cloudflare_custom 5... 6... See details in https://support.cloudflare.com/hc/en-us/articles/200168236-What-does-Cloudflare-IP-Geolocation-do-SSLPassPhraseDialog and How to Use Ithttps://quicktasks.ismael.casimpan.com/post/sslpassphrasedialog-how-to-use/Fri, 10 Jul 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/sslpassphrasedialog-how-to-use/ See https://griffith.wordpress.com/tag/sslpassphrasedialog/Formerly using nginx, Moving to Apache won't Renew Certhttps://quicktasks.ismael.casimpan.com/post/renew-from-nginx-to-apache/Sun, 07 Jun 2020 00:20:25 +0800https://quicktasks.ismael.casimpan.com/post/renew-from-nginx-to-apache/ It's quite expected that certificate won't renew as the automation has been broken. What you can do is install the apache version of certbot 1yum install python-certbot-apache and re-issue the certificate 1sudo certbot --apache -d www.example.org