Con Figura Ç Ão Apache

ubuntu@ec2-52-67-1-167.sa-east-1.compute.amazonaws.
com
ec2-52-67-1-167.sa-east-1.compute.amazonaws.com
52.67.1.167
https://freedns.afraid.org/news/
Permission
root 644 for certificate file
root 400 for private key file
~$ openssl version
OpenSSL 1.0.2g 1 Mar 2016
Run Apache from non-privileged account
By default Apache2 on Debian is running under non-privileged account (wwwdata).
To verify it run:
ps -ef | grep apache2
nano /etc/apache2/apache2.conf
chown -R www-data:www-data /etc/apache2
????????
nano /var/www/example.com/public_html/index.html (Primeira Pgina)

/var/www/test.com/public_html/index.html (Virtual host)
HTTP porta 80:
nano /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName ec2-52-67-1-167.sa-east-1.compute.amazonaws.com
ServerAlias www.ec2-52-67-1-167.sa-east-1.compute.amazonaws.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect "/" "https://ec2-52-67-1-167.sa-east-1.compute.amazonaws.com/"
</VirtualHost>
HTTPS porta 443:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key
-out /etc/ssl/certs/apache-selfsigned.crt
nano /etc/apache2/conf-available/ssl-params.conf
cd /etc/apache2/
-rw-r--r-- 1 root root 3846 Nov 30 00:27 apache2.conf
drwxr-xr-x 2 root root 4096 Nov 29 23:40 conf-available
drwxr-xr-x 2 root root 4096 Nov 29 23:53 conf-enabled
-rw-r--r-- 1 root root 1782 Mar 19 2016 envvars
-rw-r--r-- 1 root root 31063 Mar 19 2016 magic
drwxr-xr-x 2 root root 12288 Nov 29 22:51 mods-available
drwxr-xr-x 2 root root 4096 Nov 29 23:52 mods-enabled
-rw-r--r-- 1 root root 320 Mar 19 2016 ports.conf
drwxr-xr-x 2 root root 4096 Dec 4 11:59 sites-available
drwxr-xr-x 2 root root 4096 Nov 29 23:52 sites-enabled

nano /etc/apache2/conf-available/security.conf
# Headers HTTP de segurana
Header always set X-Content-Type-Options nosniff
Header always set X-Xss-Protection "1; mode=block"
Header edit SetCookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
Header set Content-Security-Policy "defaultsrc 'self';"
Modify the Default Apache SSL Virtual Host File:
cd /etc/apache2/sites-available/
-rw-r--r-- 1 root root 1332 Mar 19 2016 000-default.conf (80)
-rw-r--r-- 1 root root 1056 Nov 30 00:34 default-ssl.conf (enable *443)
-rw-r--r-- 1 root root 6338 Nov 29 23:38 default-ssl.conf.bak
-rw-r--r-- 1 root root 342 Nov 29 22:59 example.com.conf (enable *80)
-rw-r--r-- 1 root root 258 Nov 29 23:03 test.com.conf (80)
cd /etc/apache2/ssl (chown640*.pem)
openssl dhparam -out dhparam.pem 4096
nano /etc/apache2/sites-available/default-ssl.conf
echo .> default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin lucassamuel@localhost
ServerName ec2-52-67-1-167.sa-east-1.compute.amazonaws.com
ServerAlias www.ec2-52-67-1-167.sa-east-1.compute.amazonaws.com
DocumentRoot /var/www/example.com/public_html/index.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#H2Directon
Protocolsh2http/1.1
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
#SSLCertificateChainFile /path/to/chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
# modern configuration, tweak to your needs
SSLProtocol
-SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
# -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCMSHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCMSHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSAAES128-SHA256:ECDHE-RSA-AES128-SHA256
#ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCMSHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHERSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCMSHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128SHA:HIGH:!EDH-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!aNULL:!eNULL:!
EXPORT:!DES:!MD5:!PSK:!RC4
#HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 (Mandatory discards)
SSLOpenSSLConfCmd Options -SessionTicket
SSLOpenSSLConfCmd DHParameters "/etc/apache2/ssl/dhparam.pem"
#SSLOpenSSLConfCmd ECDHParameters secp384r1
#SSLOpenSSLConfCmd Curves
#secp521r1:secp384r1:secp256r1:secp256r1:prime256v1:prime192v1
#SSLFIPS on
SSLHonorCipherOrder on
SSLCompression
off
SSLSessionTickets
off
# Headers HTTP de segurana
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# OCSP Stapling, httpd >= 2.3.3
SSLUseStapling
on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache
shmcb:/var/run/ocsp(128000)
</IfModule>
apache2ctl configtest
systemctl restart apache2
service apache2 restart
apache2ctl configtest && sudo service apache2 restart
https://mozilla.github.io/server-side-tls/ssl-config-generator/ (Modern)
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile /path/to/signed_certificate_followed_by_intermediate_certs
SSLCertificateKeyFile /path/to/private/key
# Uncomment the following directive when using client certificate authentication
#SSLCACertificateFile /path/to/ca_certs_for_client_authentication
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
...
</VirtualHost>
# modern configuration, tweak to your needs
SSLProtocol
all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCMSHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCMSHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSAAES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression
off
SSLSessionTickets
off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling
on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache
shmcb:/var/run/ocsp(128000)
https://cipherli.st/
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
Habilitar virtual Host 80:

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu16-04
Habilitar 443:
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-forapache-in-ubuntu-16-04
gerar certificado:
https://github.com/asciimoo/searx/wiki/How-to-create-and-configure-SSL

Con Figura Ç Ão Apache

Uploaded by

Copyright:

Available Formats

You might also like

Con Figura Ç Ão Apache

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Con Figura Ç Ão Apache

Uploaded by

Copyright:

Available Formats

ubuntu@ec2-52-67-1-167.sa-east-1.compute.amazonaws.

nano /var/www/example.com/public_html/index.html (Primeira Pgina)

drwxr-xr-x 2 root root 4096 Nov 29 23:52 sites-enabled

Habilitar virtual Host 80:

You might also like