tamu tamu

Toback CDMS Group

(home)

Apache Setup

Instructions
      
-------------------------------------------------------------
Initial Apache2 Setup:
-------------------------------------------------------------
##  Update, upgrade, install
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install apache2

##  Edit ports config file
$ sudo vim /etc/apache2/ports.conf
  --Clear the file and add the following:

#  For secure host server
Listen 443

#  For local host server
Listen 8000

##  Disable and remove default sites
$ sudo a2dissite 000-default.conf default-ssl.conf
$ sudo rm /etc/apache2/sites-available/000-default.conf
$ sudo rm /etc/apache2/sites-available/default-ssl.conf

##  Create server name config file
$ sudo touch /etc/apache2/sites-available/server-name.conf
  --Add the following to the new file:

# Local IP Address
ServerName localhost

##  Enable server name site
$ sudo a2ensite server-name.conf

-------------------------------------------------------------
PAM Authentication Setup:
-------------------------------------------------------------
##  Install needed packages
$ sudo apt install libapache2-mod-authnz-external pwauth

##  Create PAM config file
$ sudo touch /etc/apache2/sites-available/auth-pam.conf
  --Add the following to the new file:

AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
<Directory /var/www/html/auth-pam>
  AuthType Basic
  AuthName "PAM Authentication"
  AuthBasicProvider external
  AuthExternal pwauth
  require valid-user
</Directory>

##  Enable PAM site
$ sudo a2ensite auth-pam.conf

##  Make PAM directory
$ sudo mkdir /var/www/html/auth-pam

##  Create Test HTML File for PAM
$ sudo touch /var/www/html/auth-pam/index.html
  --Add the following to the new file:

<html>
  <head>
    <div style="width: 100%; font-size: 70px; font-weight: bold; text-align: center;">
      <u>PAM + MIDAS</u>
    </div>
  </head>

  <body>
    <div style="width: 100%; font-size: 30px; text-align: center;">
      <br>This page is for displaying information about MIDAS, and potentially links to stuff.<br>
      It is protected by a PAM/SSL/Virtual Host setup, so feel safe and secure while here.
    </div>
  </head>

</html>

-------------------------------------------------------------
SSL Virtual Host and Secure Reverse Proxy Setup:
-------------------------------------------------------------
##  Install needed packages
$ sudo apt install libxml2-dev build-essential

##  Enable ssl/proxy mods
$ sudo a2enmod proxy proxy_http proxy_ajp rewrite deflate headers proxy_balancer proxy_connect proxy_html ssl

##  The following is for creating a self-signed certifacite
##  In the future we will hope to obtain a third-party key
##  Most of these steps would not be neccassary

##  Generate Certificates
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
  --Answer the questions

##  Create SSL Directory
$ sudo mkdir /etc/apache2/ssl

##  Move files into directory
$ sudo mv ca.crt ca.key /etc/apache2/ssl

##  Create SSL/Proxy config file
$ sudo touch /etc/apache2/sites-available/proxy-ssl-host.conf
  --Add the following to the new file:

<VirtualHost *:443>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html/auth-pam/
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  SSLEngine On
  # Set the path to SSL certificate
  # Usage: SSLCertificateFile /path/to/cert.pem
  SSLCertificateFile /etc/apache2/ssl/ca.crt
  SSLCertificateKeyFile /etc/apache2/ssl/ca.key

  # Send the authorized user to the auth-pam directory
  # Everything needing authorization will be within here
  ProxyPreserveHost On
  <Location "/midas">
    ProxyPass "http://localhost:8000/"
    ProxyPassReverse "http://localhost:8000/"
  </Location>

</VirtualHost>

##  Enable SSL/Proxy site
$ sudo a2ensite proxy-ssl-host.conf

-------------------------------------------------------------
Local Virtual Host for Reverse Proxy Setup:
-------------------------------------------------------------
##  Create local server config file
$ sudo touch /etc/apache2/sites-available/local-virtual-host.conf
  --Add the following to the new file:

<VirtualHost *:8000>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html/auth-pam/

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  ProxyPreserveHost on
  Include /etc/apache2/sites-enabled/midas-proxy-locations.conf
</VirtualHost>

##  Create midas version location config file
$ sudo touch /etc/apache2/sites-available/midas-proxy-locations.conf
  --Add the following to the new file:

# HTML File showing working versions of MIDAS
#
<Location "">
  ProxyPass "https://127.0.0.1:443/"
  ProxyPassReverse "https://127.0.0.1:443/"
</Location>

# Working versions of MIDAS
#
<Location "/v0">
  ProxyPass "http://127.0.0.1:8081"
  ProxyPassReverse "http://127.0.0.1:8081"
</Location>

<Location "/v1">
  ProxyPass "http://127.0.0.1:8082"
  ProxyPassReverse "http://127.0.0.1:8082"
</Location>

##  Enable local virtual host and location sites
$ sudo a2ensite local-virtual-host.conf midas-proxy-locations.conf

##  Start apache services
$ sudo service apache2 start
Created by Joshua Winchell
Updated:
Updated by Josh Winchell