Apache/NGINX vhost's
Apache vhost
vim /etc/httpd/conf/httpd.conf
add << include vhosts/*.conf >> at the bottom
mkdir /etc/httpd/vhosts
vim /etc/httpd/vhosts/domains.conf
##############
### NO SSL ###
##############
<VirtualHost *:80>
DocumentRoot "/var/www/vhost/domain.com/"
ServerName www.domain.com
<Directory /var/www/vhost/domain.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<Directory "/var/www/vhost/domain.com/secure_domain">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
###########
### SSL ###
###########
<VirtualHost *:443>
DocumentRoot "/var/www/vhost/domain.com/"
ServerName www.domain.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/www_domain_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www_domain_com.key
<Directory /var/www/vhost/domain.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<Directory "/var/www/vhost/domain.com/secure_domain">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Generating a .htpasswd:
htpasswd -c /var/www/vhost/domain.com/secure_domain username
The SSL conf << /etc/httpd/conf.d/ssl.conf >> should look like this
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
Nginx vhost:
SSL+PHP7-fpm
server {
listen 80;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server_name www.domain.com;
root /var/www/vhosts/wiki/public;
index index.php index.html;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dh.pem;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Revese proxy:
location / {
proxy_pass_header Authorization;
proxy_pass http://205.233.150.48:9099;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}