Apache HTTPd Installation unter Ubuntu Linux

Aus Laub-Home.de Wiki
Zur Navigation springen Zur Suche springen

Der Apache HTTPd ist einer der meistverbreitesten Webserver.

Ich beschreibe hier die Installation und Konfiguration unter Ubuntu Linux.

Installation

aptitude install apache2

Konfiguration

Erstmal stoppen wir den Apache Server

service apache2 stop

Nun legen wir das Work Directory unter /srv an und legen die Logfiles hierherein:

mkdir -p /srv/httpd/logs
mkdir -p /srv/httpd/vhosts
rm -rf /var/log/apache2/
ln -s /srv/httpd/logs/ /var/log/apache2
a2enmod rewrite

Nun legen wir die Zertifikats Ordner an (Wenn kein SSL (HTTPs) benötigt wird braucht man diesen Schritt nicht zu machen!)

mkdir /etc/apache2/ssl.crt
mkdir /etc/apache2/ssl.key
mkdir /etc/apache2/ssl.csr

/etc/apache2/conf.d/security

#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages.
#
<Directory />
        AllowOverride None
        Order Deny,Allow
        Deny from all
</Directory>



# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Minimal
#ServerTokens OS
#ServerTokens Full
ServerTokens Prod

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
#ServerSignature Off
ServerSignature Off

#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of:  On | Off | extended
#
TraceEnable Off
#TraceEnable On

/etc/apache2/vhostdefaults.conf

# Deaktiviert alle Request Methods ausser POST and GET
<Location />
    <LimitExcept POST GET>
        Deny from All
    </LimitExcept>
</Location>

Einrichtung Default vHosts

vHost des Servernames, aus Security Gründen mit Leerer index.html

mkdir -p /srv/httpd/vhosts/$(/bin/hostname -f)/htdocs
touch /srv/httpd/vhosts/$(/bin/hostname -f)/htdocs/index.html

/etc/apache2/sites-available/servername.domain.tld

# default vhost
<VirtualHost *:80>
    ServerName FQDN-HOSTNAME
    ServerAlias OWNIPADDRESSE
    ErrorLog /var/log/apache2/FQDN-HOSTNAME-error.log
    CustomLog /var/log/apache2/FQDN-HOSTNAME-access.log combined
    
    Include vhostdefaults.conf
    DocumentRoot /srv/httpd/vhosts/FQDN-HOSTNAME/htdocs
    <Directory /srv/httpd/vhosts/FQDN-HOSTNAME/htdocs>
       Order Deny,Allow
       Allow from all
       AllowOverride None
       Options -Indexes +FollowSymLinks -Includes -MultiViews
    </Directory>
</VirtualHost>

Localhost vHost /etc/apache2/sites-available/localhost

# localhost
<VirtualHost *:80>
    ServerName localhost
    ServerAlias 127.0.0.1
    ErrorLog /var/log/apache2/main-error.log
    CustomLog /var/log/apache2/main-access.log combined
    <Location /server-status>
       SetHandler server-status
       Order deny,allow
       Deny from all
       Allow from 127.0.0.1 localhost
       Allow from OWNIPADDRESSE
    </Location>
</VirtualHost>

Nun aktivieren:

a2ensite $(/bin/hostname -f)
a2ensite localhost
mv /etc/apache2/sites-enabled/$(/bin/hostname -f) /etc/apache2/sites-enabled/000-$(/bin/hostname -f)
a2dissite default

Hardening

Das Apache Hardening findet ihr in folgender Doku: