Apache/Restrict: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
(Created page with "== Restrict Directory Alias == <source lang="http"> # /etc/httpd/conf.d/vhostalias.conf Alias /docs "/var/www/docs/" <Directory "/var/www/docs"> Options Indexes MultiView...")
 
 
Line 100: Line 100:
  # grant network connection to apache  
  # grant network connection to apache  
  setsebool -P httpd_can_network_connect on
  setsebool -P httpd_can_network_connect on
== References ==
* [[DigitalOcean Reverse Proxy]]
* [[DigitalOcean Cloud Config]]
* [[Convention for Port]]

Latest revision as of 21:22, 29 January 2019

Restrict Directory Alias

# /etc/httpd/conf.d/vhostalias.conf

Alias /docs "/var/www/docs/"
<Directory "/var/www/docs">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Alias /soft "/var/www/soft/"
<Directory "/var/www/soft">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order Deny,Allow
    Deny from all
    Allow from ::1
    Allow from 100.43.0
    Allow from 127.0.0.1
    Allow from 192.168.0
</Directory>

Restrict Reverse Proxy

# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    AllowEncodedSlashes Off
    ServerName dev.chorke.org
    ServerAlias uat.chorke.org

    <Proxy *>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 192.168.0
    </Proxy>

    # proxy for ebis
    ProxyPass /ebis http://127.0.0.1:8302/ebis nocanon
    ProxyPassReverse /ebis http://127.0.0.1:8302/ebis

    # proxy for fhir
    ProxyPass /fhir http://127.0.0.1:8303/fhir nocanon
    ProxyPassReverse /fhir http://127.0.0.1:8303/fhir

    # proxy for init
    ProxyPass /init http://127.0.0.1:8304/init nocanon
    ProxyPassReverse /init http://127.0.0.1:8304/init
</VirtualHost>

Restrict Proxy Location

# /etc/httpd/conf.d/httpd-proxy.conf
# /etc/httpd/conf.modules.d/00-proxy.conf

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    AllowEncodedSlashes Off
    ServerName dev.chorke.org
    ServerAlias uat.chorke.org

    # proxy for amqp
    ProxyPass /amqp http://127.0.0.1:8300/amqp nocanon
    ProxyPassReverse /amqp http://127.0.0.1:8300/amqp

    # proxy for mqtt
    ProxyPass /mqtt http://127.0.0.1:8301/mqtt nocanon
    ProxyPassReverse /mqtt http://127.0.0.1:8301/mqtt

    # proxy for ebis
    <Location /ebis>
        Order Deny,Allow
        Deny from all
        Allow from ::1
        Allow from 100.43.0
        Allow from 127.0.0.1
        Allow from 192.168.0
        ProxyPass http://127.0.0.1:8302/ebis nocanon
        ProxyPassReverse http://127.0.0.1:8302/ebis
    </Location>
</VirtualHost>

Check and Restart

apachectl -t
# apachectl restart
systemctl restart httpd

# grant network connection to apache 
setsebool -P httpd_can_network_connect on

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Apache/Restrict&oldid=1163"