====== Reverse proxy (http and https) ======

  * **Reverse proxy http**

__Public services, open from WAN__
<WRAP prewrap center>
<code>
apt-get install apache2 

a2dismod actions auth_basic authn_file authz_groupfile authz_user 
a2enmod cache proxy proxy_http proxy_ajp 

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.ORI 
nano -w /etc/apache2/sites-available/000-default.conf
</code>
</WRAP>
<WRAP prewrap center>
<code>
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName asarepo.to.cnr.it

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass /fedora/describe ajp://127.0.0.1:8009/fedora/describe
        ProxyPassReverse /fedora/describe ajp://127.0.0.1:8009/fedora/describe
        ProxyPass /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
        ProxyPassReverse /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
        ProxyPass /fedora/get ajp://127.0.0.1:8009/fedora/get
        ProxyPassReverse /fedora/get ajp://127.0.0.1:8009/fedora/get
        ProxyPass /fedora/services ajp://127.0.0.1:8009/fedora/services
        ProxyPassReverse /fedora/services ajp://127.0.0.1:8009/fedora/services
        ProxyPass /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
        ProxyPassReverse /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
</VirtualHost>
</code>
</WRAP>
<WRAP prewrap center>
<code bash>
service apache2 restart
</code>
</WRAP>
\\
\\
  * **Reverse proxy https**

__SSL connection between back-end (repository) and front-end (drupal)__
\\
\\
Certificate self-signed generation (1 year)
<WRAP prewrap center>
<code>
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
changemod 400 /etc/ssl/private/apache.key
</code>
</WRAP>
\\
Configure and enable SSL virtualhost
<WRAP prewrap center>
<code>
cd /etc/apache2/
cp sites-available/default-ssl.conf sites-available/default-ssl.conf.ORI
nano -w sites-available/default-ssl.conf
</code>
</WRAP>
<WRAP prewrap center>
<code>
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName asarepo.to.cnr.it

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                ProxyRequests Off
                ProxyPreserveHost On
                <Proxy *>
                        Order Deny,Allow
                        Deny from all
# front-end IP
                        Allow from 150.145.48.53 2a00:1620::53
                </Proxy>
                ProxyPass /fedora http://asarepo.to.cnr.it:8080/fedora
                ProxyPassReverse /fedora http://asarepo.to.cnr.it:8080/fedora

                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/apache.crt
                SSLCertificateKeyFile /etc/ssl/private/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

</code>
</WRAP>
<WRAP prewrap center>
<code>
a2enmod ssl
a2ensite default-ssl
service apache2 restart
</code>
</WRAP>