Configure Apache

by Bryan Hinton — last modified Apr 20, 2009 05:35 PM

Configure Apache 2.2 VirtualHosts for HTTP/HTTPS, Generate SSL key

Copy Default Apache 2.2 Configuration Files

# cd /usr/local/etc/apache22
# cp extra/httpd-ssl.conf Includes/
# cp extra/httpd-vhosts.conf Includes/
# cp extra/httpd-default.conf Includes/
# cp extra/httpd-mpm.conf Includes/

Create OpenSSL Key

# openssl req -new -x509 -nodes -out mydomain.com.crt -keyout mydomain.com.key
# mkdir ssl.crt
# mkdir ssl.key
# mv mydomain.com.crt ssl.crt
# mv mydomain.com.key ssl.key
# chmod -R 400 ssl.key
# chmod -R 400 ssl.crt
# chown -R www:www ssl.key
# chown -R www:www ssl.crt

The relevant sections that I have added to each of the Apache configuration files are as follows:

/usr/local/etc/apache22/httpd.conf

Line:33  Listen a.b.c.e:80   # default
Line:34  Listen a.b.c.e:443  # default

Line:36  Listen a.b.c.d:80   # virtual host (will connect to squid)
Line:37  Listen a.b.c.d:443  # virtual host (will connect to squid)

Line:77  LoadModule cache_module libexec/apache22/mod_cache.so
Line:78  LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so

Line:83  LoadModule deflate_module libexec/apache22/mod_deflate.so
Line:84  LoadModule log_config_module libexec/apache22/mod_log_config.so
Line:88  LoadModule expires_module libexec/apache22/mod_expires.so
Line:89  LoadModule headers_module libexec/apache22/mod_headers.so
Line:95  LoadModule ssl_module libexec/apache22/mod_ssl.so
Line:96  LoadModule mime_module libexec/apache22/mod_mime.so
Line:112 LoadModule rewrite_module libexec/apache22/mod_rewrite.so
Line:119 LoadModule proxy_module libexec/apache22/mod_proxy.so
Line:120 LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so
Line:121 LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so
Line:122 LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so

Line:178 User www
Line:179 Group www
Line:210 ServerName internalhostname.mydomain.com # default
Line:217 DocumentRoot "/usr/local/www/apache22/data"


Line:500 #Include etc/apache22/extra/httpd-mpm.conf
Line:518 #Include etc/apache22/extra/httpd-vhosts.conf
Line:530 #Include etc/apache22/extra/httpd-ssl.conf


Line:541 Include etc/apache22/Includes/*.conf

/usr/local/etc/apache22/Includes/httpd-vhosts.conf

NameVirtualHost a.b.c.d:80


<VirtualHost a.b.c.d:80>

   ServerName mydomain.com
   ServerAdmin user@mydomain.com
   ServerSignature On

   ErrorLog "/var/log/mydomain-error_log"
   CustomLog "/var/log/mydomain-access_log" common
   LogLevel warn

   <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteLogLevel 2
      RewriteRule ^/(.*) \
         http://127.0.0.1:8902/VirtualHostBase/http/%{SERVER_NAME}:80/Plone/VirtualHostRoot/$1 [P]
      <IfModule mod_proxy.c>
         ProxyVia On
         <ProxyMatch http://127.0.0.1:*/.* >
            Order deny,allow
            Deny from all
            Allow from mydomain.com
            Allow from internalhostname.mydomain.com
            Allow from 127.0.0.1
         </ProxyMatch>
      <Directory proxy:*>
          Order deny,allow
          Deny from all
          Allow from mydomain.com
          Allow from internalhostname.mydomain.com
          Allow from 127.0.0.1      
      </Directory>
      <LocationMatch "^[^/]">
         Deny from all
      </LocationMatch>
    </IfModule>
  </IfModule>
</VirtualHost>

/usr/local/etc/apache22/Includes/httpd-ssl.conf

NameVirtualHost a.b.c.d:443

<VirtualHost a.b.c.d:443>

DocumentRoot "/usr/local/www/apache22/data"
ServerName mydomain.com
ServerAdmin user@mydomain.com
ErrorLog "/var/log/mydomain-ssl-error_log"
TransferLog "/var/log/mydomain-ssl_access.log"

   ServerSignature On
   SSLEngine on

   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+EXP:+eNULL
   SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/mydomain.com.crt"
   SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/mydomain.com.key"

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
   </FilesMatch>
   <Directory "/usr/local/www/apache22/cgi-bin">
      SSLOptions +StdEnvVars
   </Directory>
   BrowserMatch ".*MSIE.*" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.0

   CustomLog "/var/log/mydomain-ssl_request.log" \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteLogLevel 2
      RewriteRule ^/(.*) \
      http://127.0.0.1:8902/VirtualHostBase/https/%{SERVER_NAME}:443/Plone/VirtualHostRoot/$1 [P]

    </IfModule>
    <IfModule mod_proxy.c>
       ProxyVia On
       <ProxyMatch http://127.0.0.1:*/.* >
          Order deny,allow
          Deny from all
          Allow from mydomain.com
          Allow from internalhostname.mydomain.com
          Allow from localhost
          Allow from 127.0.0.1
       </ProxyMatch>
       <Directory proxy:*>
          Order deny,allow
          Deny from all
          Allow from mydomain.com
          Allow from internalhostname.mydomain.com
          Allow from localhost
          Allow from 127.0.0.1
       </Directory>
       <LocationMatch "^[^/]">
          Deny from all
       </LocationMatch>
    </IfModule>
</VirtualHost>

Fix permissions on Apache directories

# chown -R www:www /usr/local/www