Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation [2021/05/04 08:39] kopro [Disabling mod_security rules] update configuration for certificates |
tutorial:adm:server_preparation [2021/05/10 16:09] urbanl [HTTPd installation and configuration] |
||
---|---|---|---|
Line 542: | Line 542: | ||
RewriteRule " | RewriteRule " | ||
</ | </ | ||
+ | |||
+ | === Certificate for httpd === | ||
+ | |||
+ | If you have prepared certifikate, | ||
+ | < | ||
+ | SSLCertificateFile PATH_TO_CERTIFICATE_FILE | ||
+ | SSLCertificateKeyFile PATH_TO_CERTIFICATE_KEY_FILE | ||
+ | SSLCertificateChainFile PATH_TO_CA_CHAIN_FILE | ||
+ | </ | ||
+ | Then continue with cheking syntax of httpd. | ||
+ | |||
+ | If you not prepared them in the moment. Create temporary certificate and key. | ||
+ | < | ||
+ | mkdir / | ||
+ | cd / | ||
+ | openssl genrsa -out http_temp_cert.key | ||
+ | openssl req -new -key http_temp_cert.key -out http_temp_cert.csr -subj "/ | ||
+ | openssl x509 -req -in http_temp_cert.csr -signkey http_temp_cert.key -days 1 -sha256 -out http_temp_cert.crt | ||
+ | rm http_temp_cert.csr | ||
+ | chmod 600 / | ||
+ | chown -R tomcat: | ||
+ | </ | ||
+ | Then change set path to them in these properties in ''/ | ||
+ | < | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | </ | ||
+ | |||
+ | === Checking httpd configuration syntax and configuring selinux === | ||
Syntax check before httpd restart | Syntax check before httpd restart | ||
Line 608: | Line 637: | ||
SecRuleRemoveById 950100 | SecRuleRemoveById 950100 | ||
</ | </ | ||
- | |||
- | # These break Certificate Authority module | ||
- | < | ||
- | SecRuleRemoveById 960915 | ||
- | SecRuleRemoveById 200003 | ||
- | </ | ||
- | | ||
- | # Modsec can throw false positives on some files due to multipart boundary check | ||
- | < | ||
- | SecRuleRemoveById 960915 | ||
- | SecRuleRemoveById 200003 | ||
- | </ | ||
# do not log request/ | # do not log request/ |