ASA Repository Dev zone

 

Reverse proxy (http and https)

  • Reverse proxy http

Public services, open from WAN 

apt-get install apache2 

a2dismod actions auth_basic authn_file authz_groupfile authz_user 
a2enmod cache proxy proxy_http proxy_ajp 

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.ORI 
nano -w /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName asarepo.to.cnr.it

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass /fedora/describe ajp://127.0.0.1:8009/fedora/describe
        ProxyPassReverse /fedora/describe ajp://127.0.0.1:8009/fedora/describe
        ProxyPass /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
        ProxyPassReverse /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
        ProxyPass /fedora/get ajp://127.0.0.1:8009/fedora/get
        ProxyPassReverse /fedora/get ajp://127.0.0.1:8009/fedora/get
        ProxyPass /fedora/services ajp://127.0.0.1:8009/fedora/services
        ProxyPassReverse /fedora/services ajp://127.0.0.1:8009/fedora/services
        ProxyPass /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
        ProxyPassReverse /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
</VirtualHost>
service apache2 restart



  • Reverse proxy https

SSL connection between back-end (repository) and front-end (drupal)

Certificate self-signed generation (1 year) 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
changemod 400 /etc/ssl/private/apache.key


Configure and enable SSL virtualhost 

cd /etc/apache2/
cp sites-available/default-ssl.conf sites-available/default-ssl.conf.ORI
nano -w sites-available/default-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName asarepo.to.cnr.it

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                ProxyRequests Off
                ProxyPreserveHost On
                <Proxy *>
                        Order Deny,Allow
                        Deny from all
# front-end IP
                        Allow from 150.145.48.53 2a00:1620::53
                </Proxy>
                ProxyPass /fedora http://asarepo.to.cnr.it:8080/fedora
                ProxyPassReverse /fedora http://asarepo.to.cnr.it:8080/fedora

                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/apache.crt
                SSLCertificateKeyFile /etc/ssl/private/apache.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

a2enmod ssl
a2ensite default-ssl
service apache2 restart
  
 
repo381/revp.txt ยท Last modified: 2016/09/29 09:37 by giancarlo
Developers: CNR IRCrES IT Office and Library
Giancarlo Birello (giancarlo.birello _@_ ircres.cnr.it) and Anna Perin (anna.perin _@_ ircres.cnr.it) 		ASA@TO.CNR is licensed under: Creative Commons License
Recent changes RSS feed Creative Commons License Valid XHTML 1.0 Valid CSS Driven by DokuWiki
Drupal Garland Theme for Dokuwiki