Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
centos:mail_c7:horde_1 [19.09.2014 06:54. ] – [Installationsdokumentation] django | centos:mail_c7:horde_1 [20.09.2014 21:05. ] – [PHP Einstellungen] django | ||
---|---|---|---|
Zeile 2775: | Zeile 2775: | ||
</ | </ | ||
- | ===== PHP Einstellungen | + | ===== Konfiguration ===== |
- | Gemäß den angaben | + | ==== PHP Einstellungen ==== |
+ | Gemäß den Angaben | ||
# vim / | # vim / | ||
Zeile 2790: | Zeile 2791: | ||
... | ... | ||
</ | </ | ||
+ | |||
+ | Den Hinweisen aus der Sicherheitsdokumentation // | ||
+ | # vim / | ||
+ | <code php / | ||
+ | |||
+ | ; Decides whether PHP may expose the fact that it is installed on the server | ||
+ | ; (e.g. by adding its signature to the Web server header). | ||
+ | ; threat in any way, but it makes it possible to determine whether you use PHP | ||
+ | ; on your server or not. | ||
+ | ; http:// | ||
+ | ; Django : 2014-09-19 | ||
+ | ; horde' | ||
+ | ; default: expose_php = On | ||
+ | expose_php = Off | ||
+ | |||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Zur Aktivierung der Anpassungen führen wir einen Reload des Apache-Daemon durch. | ||
+ | # systemctl reload httpd.service | ||
+ | |||
+ | ===== Apache vHost ===== | ||
+ | ==== vHost Definition ==== | ||
+ | Für unsere WEB-Applikation richten wir uns nun einen geeigneten **[[centos: | ||
+ | Im Konfigurationsverzeichnis unseres [[centos: | ||
+ | # vim / | ||
+ | |||
+ | <file apache / | ||
+ | # horde.sec-mail.guru (Horde Groupware Version 5) | ||
+ | # | ||
+ | < | ||
+ | ServerAdmin webmaster@nausch.org | ||
+ | ServerName horde.sec-mail.guru | ||
+ | ServerAlias xn--bro-hoa.sec-mail.guru | ||
+ | ServerPath / | ||
+ | |||
+ | < | ||
+ | Options -Indexes +FollowSymLinks | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | RewriteEngine on | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https:// | ||
+ | |||
+ | DirectoryIndex index.php | ||
+ | |||
+ | ErrorLog logs/ | ||
+ | CustomLog logs/ | ||
+ | </ | ||
+ | < | ||
+ | ServerAdmin webmaster@nausch.org | ||
+ | ServerName horde.sec-mail.guru | ||
+ | ServerAlias xn--bro-hoa.sec-mail.guru | ||
+ | ServerPath / | ||
+ | DocumentRoot "/ | ||
+ | |||
+ | < | ||
+ | SSLEngine on | ||
+ | SSLProtocol -ALL +SSLv3 +TLSv1 | ||
+ | SSLCipherSuite EECDH+AES256: | ||
+ | SSLHonorCipherOrder on | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | SSLCertificateChainFile / | ||
+ | |||
+ | </ | ||
+ | |||
+ | < | ||
+ | GnuTLSEnable on | ||
+ | GnuTLSPriorities SECURE:!MD5 | ||
+ | # # | ||
+ | GnuTLSCertificateFile / | ||
+ | GnuTLSKeyFile / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/ | ||
+ | AddOutputFilterByType DEFLATE application/ | ||
+ | < | ||
+ | < | ||
+ | SetOutputFilter DEFLATE | ||
+ | BrowserMatch ^Mozilla/4 gzip-only-text/ | ||
+ | BrowserMatch ^Mozilla/ | ||
+ | BrowserMatch \bMSIE !no-gzip !gzip-only-text/ | ||
+ | SetEnvIfNoCase Request_URI \.(?: | ||
+ | </ | ||
+ | < | ||
+ | Header append Vary User-Agent env=!dont-vary | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | AddType application/ | ||
+ | |||
+ | # Link to system Javascript Libraries | ||
+ | Alias / | ||
+ | Alias / | ||
+ | Alias / | ||
+ | |||
+ | # Link to Micro$oft stuff | ||
+ | Alias / | ||
+ | Alias / | ||
+ | |||
+ | < | ||
+ | # **IMPORTANT** By default, everyone accessing Horde is automatically logged | ||
+ | # in as ' | ||
+ | # you change the authentication backend under the ' | ||
+ | # For this reason, Horde is currently only accessible from localhost. | ||
+ | < | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-kronolith.conf übernommen | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteBase | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule ^(.*)$ rampage.php [QSA,L] | ||
+ | </ | ||
+ | |||
+ | Options +FollowSymLinks | ||
+ | #Options All | ||
+ | # | ||
+ | |||
+ | # Rewrite the requestet URI, when it is with german " | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{REQUEST_URI} ^/$ | ||
+ | RewriteCond %{HTTP_HOST} ^xn--bro-hoa.sec-mail.guru$ [NC] | ||
+ | RewriteRule ^$ https:// | ||
+ | |||
+ | # Exclude file from password protection | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | |||
+ | # ActiveSync | ||
+ | RewriteEngine On | ||
+ | RewriteRule ^/ | ||
+ | RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION: | ||
+ | RewriteRule .* - [E=HTTP_X_MS_POLICYKEY: | ||
+ | RewriteRule .* - [E=HTTP_AUTHORIZATION: | ||
+ | </ | ||
+ | |||
+ | # Deny access to the test.php files except from localhost | ||
+ | <Files " | ||
+ | # Django : 2014-09-19 | ||
+ | # Zugriff generell verbieten | ||
+ | # Require all denied | ||
+ | # Zugriff nur vom Host vml000010.dmz.nausch.org aus erlauben | ||
+ | Require host vml000010.dmz.nausch.org | ||
+ | </ | ||
+ | |||
+ | # Those directories should not be viewed by Web clients. | ||
+ | < | ||
+ | Require all denied | ||
+ | </ | ||
+ | < | ||
+ | Require all denied | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-content.conf übernommen | ||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule ^(.*)$ index.php [QSA,L] | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-kronolith.conf übernommen | ||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | DirectoryIndex index.php | ||
+ | ErrorLog logs/ | ||
+ | CustomLog logs/ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | <WRAP round important> | ||
+ | |||
+ | Solange wir unseren vHost noch nicht in der Produktionsumgebung steht und fertig konfiguriert wurde, beschränken wir den Zugriff auf den vHost noch. Hierzu tragen wir in der **Directive // | ||
+ | <code apache> | ||
+ | < | ||
+ | # Access-stuff (Zugriff von überall erlauben.) | ||
+ | #Require all granted | ||
+ | # Access-stuff (Zugriff nur vom Admin-Netz aus!) | ||
+ | Require host nausch.org | ||
+ | </ | ||
+ | ... | ||
+ | </ | ||
+ | Nach erfolgter Konfiguration, | ||
+ | <code apache> | ||
+ | < | ||
+ | # Access-stuff (Zugriff von überall erlauben.) | ||
+ | Require all granted | ||
+ | # Access-stuff (Zugriff nur vom Admin-Netz aus!) | ||
+ | #Require host nausch.org | ||
+ | </ | ||
+ | ... | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== Konfiguration aktivieren ==== | ||
+ | Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler. | ||
+ | # apachectl -t | ||
+ | |||
+ | | ||
+ | |||
+ | Abschließend führen wir einen Reload sdes Daemon durch. | ||
+ | # systemctl reload httpd.service | ||
+ | |||
+ | Bei Bedarf können wir auch den Status des Apche Webservers abfragen. | ||
+ | # systemctl status httpd.service | ||
+ | |||
+ | < | ||
+ | | ||
+ | | ||
+ | Process: 20019 ExecStop=/ | ||
+ | Process: 22718 ExecReload=/ | ||
+ | Main PID: 20024 (httpd) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Sep 10 19:45:20 vml000097.dmz.nausch.org systemd[1]: Reloading The Apache HTTP Server. | ||
+ | Sep 10 19:45:21 vml000097.dmz.nausch.org systemd[1]: Reloaded The Apache HTTP Server. | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Applikationen ===== | ||
* [[centos: | * [[centos: |