Apache: Difference between revisions

Line 1:

Apache (the webserver) is a [https://www.apache.org/free/ freely licensed] project of the Apache Software Foundation.

== Docs ==

==Docs==

In addition to the extensive [http://httpd.apache.org online documentation of the Apache project], you should consult the local documentation on your system under /usr/share/doc/apache2.2-common or similar

The [https://help.ubuntu.com/lts/serverguide/httpd.html Ubuntu Server Guide] is also a helpful documentation source.

== Canonical Domain ==

==Canonical Domain==

Here is how we use Apache to answer requests to our multiple registered TLDs, but direct everything to our canonical "bare" domain.

Line 42:

RewriteRule ^/?(.*) https://equality-tech.com/$1 [L,R=301,NE]

</source>

* Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>

* Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref>

== Rewrites ==

*Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>

*Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref>

==Rewrites==

Use .htaccess ONLY for testing rules on-the-fly during development

so that you don't have to constantly reload Apache.

Line 69:

Line 70:

you can place the rules in a <directory> stanza)

== Secure Server ==

==Secure Server==

These notes illustrate what I did for my Ubuntu system and are based on an instructional video from Linux Journal for RedHat systems see http://www.linuxjournal.com/video/set-secure-virtual-host-apache

Line 158:

Line 159:

</source>

== SSL Providers ==

==SSL Providers==

Check your domain registrar for their services or products around SSL certificates. There are a lot of Certificate Authorities to choose from. Plus a lot of options on those certificates. ~~You can still get a free SSL certificate from StartSSL.com. However, a new and very interesting service is available from~~ the [[TLS|Lets Encrypt]] project: They automate free certificate installation, making TLS security accessible to all. If you want expert help in getting your site secured, contact {{CompanyName}}

Check your domain registrar for their services or products around SSL certificates. There are a lot of Certificate Authorities to choose from. Plus a lot of options on those certificates. We use the [[TLS|Lets Encrypt]] project: They automate free certificate installation, making TLS security accessible to all. If you want expert help in getting your site secured, contact {{CompanyName}}

== Security ==

==Security==

Check out the NIST and DISA checklist and STIG docs, they are good places to start - their checks are based on industry best practices and Apache httpd CVEs.

Line 170:

Line 171:

Thank the US tax payers =)

== Support / Customization ==

==Support / Customization==

There is a presentation on http://OutOfOrder.cc about Mass Virtual Hosting approaches that is worth a look if you're considering that. OutOfOrder.cc is a collaborative effort between Paul Querna and Edward Rudd -- two guys who have a lot of experience with Apache.

== Quick Check ==

==Quick Check==

You have a bunch of virtual hosts configured by various files in your Apache's configuration directories. Since you can output them all with <code>apache2ctl -S</code>, you can also do a bit more parsing of the output to be able to quickly check if they're all responding.

@@ Line 1: / Line 1: @@
 Apache (the webserver) is a [https://www.apache.org/free/ freely licensed] project of the Apache Software Foundation.
-== Docs ==
+==Docs==
 In addition to the extensive [http://httpd.apache.org online documentation of the Apache project], you should consult the local documentation on your system under /usr/share/doc/apache2.2-common or similar
 The [https://help.ubuntu.com/lts/serverguide/httpd.html Ubuntu Server Guide] is also a helpful documentation source.
-== Canonical Domain ==
+==Canonical Domain==
 Here is how we use Apache to answer requests to our multiple registered TLDs, but direct everything to our canonical "bare" domain.
 <source lang="apache">
@@ Line 42: / Line 42: @@
    RewriteRule ^/?(.*) https://equality-tech.com/$1 [L,R=301,NE]
 </source>
-* Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>
-* Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref>
-== Rewrites ==
+*Flags: No Case, Last, Redirect permanent, No Escape <ref>https://httpd.apache.org/docs/current/rewrite/flags.html#flag_ne</ref>
+*Response Code: 301 = Permanent <ref>https://tools.ietf.org/html/rfc2616</ref>
+==Rewrites==
 Use .htaccess ONLY for testing rules on-the-fly during development
 so that you don't have to constantly reload Apache.
@@ Line 69: / Line 70: @@
 you can place the rules in a <directory> stanza)
-== Secure Server ==
+==Secure Server==
 These notes illustrate what I did for my Ubuntu system and are based on an instructional video from Linux Journal for RedHat systems see http://www.linuxjournal.com/video/set-secure-virtual-host-apache
@@ Line 158: / Line 159: @@
 </source>
-== SSL Providers ==
+==SSL Providers==
-Check your domain registrar for their services or products around SSL certificates.  There are a lot of Certificate Authorities to choose from.  Plus a lot of options on those certificates.  You can still get a free SSL certificate from StartSSL.com.  However, a new and very interesting service is available from the [[TLS|Lets Encrypt]] project: They automate free certificate installation, making TLS security accessible to all.  If you want expert help in getting your site secured, contact {{CompanyName}}
+Check your domain registrar for their services or products around SSL certificates.  There are a lot of Certificate Authorities to choose from.  Plus a lot of options on those certificates.  We use the [[TLS|Lets Encrypt]] project: They automate free certificate installation, making TLS security accessible to all.  If you want expert help in getting your site secured, contact {{CompanyName}}
-== Security ==
+==Security==
 Check out the NIST and DISA checklist and STIG docs, they are good places to start - their checks are based on industry best practices and Apache httpd CVEs.
@@ Line 170: / Line 171: @@
 Thank the US tax payers =)
-== Support / Customization ==
+==Support / Customization==
 There is a presentation on http://OutOfOrder.cc about Mass Virtual Hosting approaches that is worth a look if you're considering that.  OutOfOrder.cc is a collaborative effort between Paul Querna and Edward Rudd -- two guys who have a lot of experience with Apache.
-== Quick Check ==
+==Quick Check==
 You have a bunch of virtual hosts configured by various files in your Apache's configuration directories.  Since you can output them all with <code>apache2ctl -S</code>, you can also do a bit more parsing of the output to be able to quickly check if they're all responding.