(v1) Apache
Installation
Apache
yum install httpd
Mod SSL, http2, headers
yum install mod_ssl mod_headers mod_http2
MINIMAL (REQUIRED) APACHE MODULES
alias_module (shared) - ''Alias'' and ''ScriptAlias'' directives authz_host_module (shared) - ''Allow'' and ''Deny'' directives autoindex_module (shared) - Generates directory indexes, automatically core_module (static) - The core Apache module dir_module (shared) - ''DirectoryIndex'' directive env_module (shared) - Modifies the environment http_module (static) - Handles HTTP protocol log_config_module (shared) - Enables logging configuration logio_module (shared) - Enables log writing/reading mime_module (shared) - Enables MIME (file type) alteration and interpretation mpm_prefork_module (static) - Implements a non-threaded, pre-forking (multiprocess) web server negotiation_module (shared) - Provides for content negotiation (parsing of Headers) php5_module (shared) - Enables PHP5 interpreter rewrite_module (shared) - Rule-based (regex) url rewriting engine setenvif_module (shared) - Enables ''BrowserMatch'' and ''SetEnvIf'' directives so_module (static) - Enables modules status_module (shared) - Provides information on server activity and performance version_module (shared) - Allows Version dependent configuration vhost_alias_module (shared) - Enable virtual hosts.
Configuration
Apache configuration for PCR-360 is typically done with a Virtual Host and is stored in /etc/httpd/conf.d/pcr360.conf
Create the new apache configuration file.
cd /etc/httpd/conf.d vi pcr360.conf
This example shows standard configuration for http port 80
ServerName pcr360.customeraddress.com Protocols h2 h2c http/1.1 ## PROTECT FILES ## <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </FilesMatch> ## HEADERS FOR MS EDGE ## <IfModule headers_module> Header Set X-UA-Compatible: IE=Edge </IfModule> ## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ## LimitRequestBody 10240000 #bytes, 0-2147483647(2GB) RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # this is production <VirtualHost *:80> ServerName pcr360.pcr.com DocumentRoot /var/www/pcr360/prod/public RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] SetEnv APPLICATION_ENV "prod" SetEnv APPLICATION_INI "/var/www/pcr360/configs/pcr360.ini" SetEnv APPLICATION_ENVDEBUG 0 SetEnv APPLICATION_ENVPCR 0 <Directory /var/www/pcr360/prod/public> Options -Indexes DirectoryIndex index.php AllowOverride None Include /var/www/pcr360/prod/public/.htaccess Order allow,deny Allow from all </Directory> </VirtualHost>
This example shows standard configuration for https port 443
ServerName pcr360.customeraddress.com Protocols h2 h2c http/1.1 Header always set Strict-Transport-Security max-age=31536000 ## PROTECT FILES ## <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </FilesMatch> ## HEADERS FOR MS EDGE ## <IfModule headers_module> Header Set X-UA-Compatible: IE=Edge </IfModule> ## LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK ## LimitRequestBody 10240000 #bytes, 0-2147483647(2GB) RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] <VirtualHost *:80> ServerName pcr360.pcr.com DocumentRoot /var/www/pcr360/prod/public RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost *:443> ServerName pcr360.pcr.com DocumentRoot /var/www/pcr360/prod/public ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on # TLS 1.2 is currently considered the only secure transport type at this time SSLProtocol -all +TLSv1.2 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLCertificateFile /etc/pki/tls/certs/pcr360.pcr.com.cert SSLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key SetEnv APPLICATION_ENV "prod" SetEnv APPLICATION_INI "/var/www/pcr360/configs/pcr360.ini" SetEnv APPLICATION_ENVDEBUG 0 SetEnv APPLICATION_ENVPCR 0 <Directory /var/www/pcr360/prod/public> Options -Indexes DirectoryIndex index.php AllowOverride None Include /var/www/pcr360/prod/public/.htaccess Order allow,deny Allow from all </Directory> <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> </VirtualHost>
Set Apache to Start on Boot
1. Add it to chkconfig
sudo /sbin/chkconfig --add httpd
2. Make sure it is in the chkconfig.
sudo /sbin/chkconfig --list httpd
3. Set it to autostart
sudo /sbin/chkconfig httpd on
Help Desk Portal - Email: help@pcr.com - Phone: 616.259.9242