Install Apache 2 in prefork mode using Debian Package system
sudo apt-get install -y apache2 apache2-utils apache2-mpm-prefork
Enable rewrite and SSL modules
sudo a2enmod rewrite
sudo a2enmod ssl
Define ServerName directive and ports where Apache2 will listen
sudo nano /etc/apache2/ports.conf
1 ServerName proxy.example.com
2 Listen 80
3 <IfModule mod_ssl.c>
4 Listen 443
5 </IfModule>
Set several directives to secure Apache
sudo nano /etc/apache2/conf-enabled/security.conf
1 <Directory />
2 Options None
3 AllowOverride None
4 Order Deny,Allow
5 Deny from all
6 </Directory>
7 ServerTokens Prod
8 ServerSignature Off
9 TraceEnable Off
10 <DirectoryMatch "/(\.svn|\.git)">
11 Deny from all
12 Satisfy all
13 </DirectoryMatch>
Enable headers module
sudo a2enmod headers
Install Apache 2 ModSecurity Rules
sudo apt-get install -y libapache2-modsecurity modsecurity-crs
Include ModSecurity rules
sudo nano /etc/modsecurity/rules.conf
1 <IfModule security2_module>
2 Include "/usr/share/modsecurity-crs/*.conf"
3 Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
4 </IfModule>
Enable Secure Rules Engine
sudo nano /etc/modsecurity/modsecurity.conf-recommended
1 # SecRuleEngine DetectionOnly
2 SecRuleEngine On
Enable all base and optional rules
cd /usr/share/modsecurity-crs
for f in `ls --color=never base_rules/ | grep modsecurity`; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f activated_rules/$f; done
for f in `ls --color=never optional_rules/ | grep modsecurity`; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f activated_rules/$f; done
sudo mv /var/www/html/index.html /var/www/html/index-orig.html
sudo nano /var/www/html/index.html
1 <!DOCTYPE html>
2 <html lang="en">
3 <head>
4 <meta charset="utf-8">
5 <title>Default</title>
6 </head>
7 <body>
8 <p>Defaul page for server: proxy.example.com</p>
9 </body>
10 </html>
Download this file: index.html
sudo nano /etc/apache2/sittes-available/default.conf
1 <VirtualHost *:80>
2 ServerAdmin webmaster@example.com
3 ServerName odoo.example.com
4
5 DocumentRoot /var/www/html
6
7 <Directory /var/www/html>
8 Options None
9 AllowOverride None
10
11 # RedirectMatch temp ^/(.*)$ http://otherhost.otherdomain.com
12
13 # Access control by IP or IP range
14 # Order deny,allow
15 # Deny from all
16 # Allow from 10.xx.0.0/16 127.0.0.0/255.0.0.0 ::1/128
17
18 # Allow all
19 Order allow,deny
20 Allow from all
21 </Directory>
22
23 ErrorLog /var/log/apache2/default.error.log
24 LogLevel warn
25
26 CustomLog /var/log/apache2/default.access.log combined
27 </VirtualHost>
Download this file: default.conf
sudo nano /etc/apache2/sittes-available/default-ssl.conf
1 <VirtualHost *:443>
2 ServerAdmin webmaster@example.com
3 ServerName odoo.example.com
4
5 DocumentRoot /var/www/html
6
7 <Directory /var/www/html>
8 Options None
9 AllowOverride None
10
11 # RedirectMatch temp ^/(.*)$ http://otherhost.otherdomain.com
12
13 # Access control by IP or IP range
14 # Order deny,allow
15 # Deny from all
16 # Allow from 10.xx.0.0/16 127.0.0.0/255.0.0.0 ::1/128
17
18 # Allow all
19 Order allow,deny
20 Allow from all
21 </Directory>
22
23 ErrorLog /var/log/apache2/default-ssl.error.log
24 LogLevel warn
25
26 CustomLog /var/log/apache2/default-ssl.access.log combined
27 </VirtualHost>
Download this file: default-ssl.conf
Enable HTTP Proxy module
a2enmod proxy_http
Only Root (and Root group) can access configuration files
sudo chown -R root:root /etc/apache2
sudo chmod -R o-rwx /etc/apache2
Restart Apache 2 service
sudo service apache2 restart
/
#