Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation [2021/05/10 16:09] urbanl [HTTPd installation and configuration] |
tutorial:adm:server_preparation [2021/09/01 09:04] fiserp [HTTPd installation and configuration] |
||
---|---|---|---|
Line 215: | Line 215: | ||
</ | </ | ||
- | * Download Apache Tomcat | + | * Download Apache Tomcat |
- | * In our exapmle the version is 8.5.57. | + | * In our exapmle the version is 9.0.45. |
* extract files from the archive: | * extract files from the archive: | ||
<code bash> | <code bash> | ||
- | tar xzf apache-tomcat-8.5.57.tar.gz | + | tar xzf apache-tomcat-9.0.45.tar.gz |
</ | </ | ||
Line 475: | Line 475: | ||
<code bash> | <code bash> | ||
yum install -y httpd httpd-tools mod_ssl mod_security mod_security_crs | yum install -y httpd httpd-tools mod_ssl mod_security mod_security_crs | ||
+ | |||
</ | </ | ||
Line 480: | Line 481: | ||
Change MPM to worker - in the file ''/ | Change MPM to worker - in the file ''/ | ||
- | |||
<code bash> | <code bash> | ||
# Select the MPM module which should be used by uncommenting exactly | # Select the MPM module which should be used by uncommenting exactly | ||
Line 500: | Line 500: | ||
# | # | ||
#LoadModule mpm_event_module modules/ | #LoadModule mpm_event_module modules/ | ||
+ | |||
</ | </ | ||
Disable " | Disable " | ||
+ | |||
<code bash> | <code bash> | ||
cd / | cd / | ||
mv welcome.conf welcome.conf-DISABLED | mv welcome.conf welcome.conf-DISABLED | ||
touch welcome.conf | touch welcome.conf | ||
+ | |||
</ | </ | ||
Line 515: | Line 518: | ||
| | ||
</ | </ | ||
+ | |||
</ | </ | ||
- | Set the proxy in the virtualhost for https (443/tcp) - at the end of the file ''/ | + | Set the proxy in the virtualhost for https (443/tcp) - at the end of the file ''/ |
< | < | ||
- | Protocols | + | Protocols |
ProxyRequests | ProxyRequests | ||
ProxyPreserveHost on | ProxyPreserveHost on | ||
Line 526: | Line 529: | ||
ProxyPass / ajp:// | ProxyPass / ajp:// | ||
ProxyPassReverse / ajp:// | ProxyPassReverse / ajp:// | ||
+ | |||
</ | </ | ||
- | In IE 11, CzechIdM | + | In IE 11, CzechIdM has problems with missing icons. Icons are created by special fonts and those fonts are handled badly in the IE. It is necessary to set '' |
< | < | ||
# workaround for bad font handling in IE 11 | # workaround for bad font handling in IE 11 | ||
< | < | ||
- | Header set Cache-Control " | + | Header set Cache-Control " |
</ | </ | ||
+ | |||
</ | </ | ||
- | Identity manager CzechIdM will be available on address https:// | + | Identity manager CzechIdM will be available on address |
- | To do so, add following lines to the virtualhost config file (ssl.conf): | + | |
< | < | ||
+ | |||
RewriteEngine On | RewriteEngine On | ||
- | RewriteRule " | + | RewriteRule " |
</ | </ | ||
Line 547: | Line 553: | ||
If you have prepared certifikate, | If you have prepared certifikate, | ||
< | < | ||
- | SSLCertificateFile PATH_TO_CERTIFICATE_FILE | + | |
- | SSLCertificateKeyFile PATH_TO_CERTIFICATE_KEY_FILE | + | SSLCertificateKeyFile PATH_TO_CERTIFICATE_KEY_FILE |
- | SSLCertificateChainFile PATH_TO_CA_CHAIN_FILE | + | SSLCertificateChainFile PATH_TO_CA_CHAIN_FILE |
</ | </ | ||
+ | |||
Then continue with cheking syntax of httpd. | Then continue with cheking syntax of httpd. | ||
- | If you not prepared them in the moment. Create temporary certificate and key. | + | If you not prepared them in the moment. Create temporary certificate and key. |
< | < | ||
mkdir / | mkdir / | ||
Line 563: | Line 572: | ||
chmod 600 / | chmod 600 / | ||
chown -R tomcat: | chown -R tomcat: | ||
+ | |||
</ | </ | ||
+ | |||
Then change set path to them in these properties in ''/ | Then change set path to them in these properties in ''/ | ||
< | < | ||
- | SSLCertificateFile / | + | |
- | SSLCertificateKeyFile / | + | SSLCertificateKeyFile / |
</ | </ | ||
Line 573: | Line 585: | ||
Syntax check before httpd restart | Syntax check before httpd restart | ||
+ | |||
< | < | ||
httpd -t -D DUMP_VHOST | httpd -t -D DUMP_VHOST | ||
# or apachectl configtest | # or apachectl configtest | ||
+ | |||
</ | </ | ||
httpd restart and reload configuration changes: | httpd restart and reload configuration changes: | ||
+ | |||
< | < | ||
systemctl restart httpd | systemctl restart httpd | ||
+ | |||
</ | </ | ||
Allow in SELINUX to httpd connect to network: | Allow in SELINUX to httpd connect to network: | ||
+ | |||
< | < | ||
/ | / | ||
+ | |||
</ | </ | ||
- | + | ||
Enable httpd after OS start: | Enable httpd after OS start: | ||
+ | |||
<code bash> | <code bash> | ||
systemctl enable httpd.service | systemctl enable httpd.service | ||
+ | |||
</ | </ | ||
+ | |||
===== mod_security configuration ===== | ===== mod_security configuration ===== |