Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/06/18 13:18] urbanl [Disabling mod_security rules] |
tutorial:adm:server_preparation_tmp [2020/07/24 08:00] fiserp [Basic system setup] |
||
---|---|---|---|
Line 11: | Line 11: | ||
{{tag> | {{tag> | ||
- | This tutorial shows how to prepare the server for test or production | + | This tutorial shows how to prepare the server for test or production |
===== Basic system setup ===== | ===== Basic system setup ===== | ||
- | * 1 server (can be virtualized) for all: backend, frontend and database. | + | * 1 server (can be virtualized) for everything: backend, frontend and database. |
- | * OS Linux with EPEL repository enabled - CENTOS, basic network enabled installation | + | * OS Linux with EPEL repository enabled - CentOS, basic network enabled installation |
- | * It is possible to use Debian but you have to adjust | + | * It is possible to use Debian |
- | * PostgreSQL - installed from a new repository | + | * PostgreSQL |
- | * Java - distribution repository (OpenJDK 1.8) | + | * Java 11 - installed from OS packages. |
- | * Apache Tomcat - manually | + | * Apache Tomcat |
- | * Services | + | * Apache HTTPd 2.4.x - installed from OS packages. Can be replaced by nGinx. |
- | * Services run under dedicated | + | * All services |
+ | * Each service runs under dedicated non-privileged | ||
===== Instalation and software configuration ===== | ===== Instalation and software configuration ===== | ||
Prerequisities - Basic installation of CentOS 8 | Prerequisities - Basic installation of CentOS 8 | ||
Line 616: | Line 616: | ||
==== mod_security configuration - CentOS8 | ==== mod_security configuration - CentOS8 | ||
- | In the file / | + | In the file / |
- | Whole rules after the changes looks like this: | + | |
+ | * find the rule 900200 and add methods | ||
< | < | ||
Line 627: | Line 628: | ||
nolog,\ | nolog,\ | ||
setvar:' | setvar:' | ||
+ | </ | ||
+ | * find the rule 900220 and add support for content\_type=application/ | ||
+ | |||
+ | < | ||
# Default HTTP policy: allowed_request_content_type (rule 900220) | # Default HTTP policy: allowed_request_content_type (rule 900220) | ||
SecRule & | SecRule & |