Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mail_c7:horde_2 [11.09.2014 14:18. ] – [Hauptkonfigurationsdatei /usr/share/horde/config/conf.php] django
+++ centos:mail_c7:horde_2 [20.09.2014 21:05. ] – django
@@ Zeile 2: / Zeile 2: @@
 Nach der erfolgreichen [[centos:mail_c7:horde_1|Installation]] von Horde machen wir uns nun an die Konfiguration unserer Installation.
-===== Apache vHost =====
-==== vHost Definition ====
-Für unsere WEB-Applikation richten wir uns nun einen geeigneten **[[centos:web_c7:apache_2|SSL-Name Based Virtual Host]]** ein.
-Im Konfigurationsverzeichnis unseres [[centos:web_c7:apache_1|Apache-Webservers 2.4]] legen wir uns eine neue vHOST-Konfigurationsdatei an.
-   # vim /etc/httpd/conf.d/vhost_443_horde.conf
-<file apache /etc/httpd/conf.d/vhost_443_horde.conf>#
-# horde.sec-mail.guru (Horde Groupware Version 5)
-#
-<VirtualHost *:80>
-        ServerAdmin webmaster@nausch.org
-        ServerName horde.sec-mail.guru
-	ServerAlias xn--bro-hoa.sec-mail.guru
-        ServerPath /
-        <Location />
-                Options -Indexes +FollowSymLinks
-		Require all granted
-        </Location>
-        RewriteEngine on
-        RewriteCond %{HTTPS} off
-        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-        DirectoryIndex index.php
-        ErrorLog logs/horde_error.log
-        CustomLog logs/horde_access.log combined
-</VirtualHost>
-<VirtualHost *:443>
-        ServerAdmin webmaster@nausch.org
-        ServerName horde.sec-mail.guru
-        ServerAlias xn--bro-hoa.sec-mail.guru
-        ServerPath /
-        DocumentRoot "/usr/share/horde"
-        AddType application/x-httpd-php .php
-	# Link to system Javascript Libraries
-	Alias /horde/js/scriptaculous     /usr/share/scriptaculous
-	Alias /horde/js/prototype.js      /usr/share/prototype/prototype.js
-	Alias /horde/js/syntaxhighlighter /usr/share/syntaxhighlighter
-        # Link to Micro$oft stuff
-        Alias /Microsoft-Server-ActiveSync /usr/share/horde/rpc.php
-        Alias /autodiscover/autodiscover.xml /usr/share/horde/rpc.php
-        # Django
-        # Required, because there is a host with same ServerName and
-        # ServerAlias LISTENING ON PORT 80, - and if these lines are
-        # not present, and .htaccess-Files or LDAP-Access is enabled
-        # for one or more Directory the host on PORT 443 and PORT 80
-        # will ASK for .htaccess ord LDAP-Access, so please remember
-        # ----------------------------------------------------------
-        # -- DO NOT DELETE THE FOLLOWING LINES, STARTING WITH SSL --
-        # --         WHEN USING .htaccess or LDAP-Access!         --
-        # ----------------------------------------------------------
-        SSLEngine on
-	SSLProtocol -ALL +SSLv3 +TLSv1
-	SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
-	SSLHonorCipherOrder on
-        SSLCertificateFile /etc/pki/tls/private/CAcert-class3-wildcard.crt
-        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
-        SSLCertificateChainFile /etc/pki/tls/private/CAcert_chain.crt
-	<Directory /usr/share/horde/>
-                <IfModule mod_authz_core.c>
-                        # Access-stuff (Zugriff von überall erlauben.)
-                	#Require all granted
-                        # Access-stuff (Zugriff nur vom Admin-Netz aus!)
-			Require host nausch.org
-                </IfModule>
-                Options All
-		AllowOverride All
-                # Rewrite the requestet URI, when it is with german "Umlaute".
-                RewriteEngine On
-                RewriteCond %{REQUEST_URI} ^/$
-                RewriteCond %{HTTP_HOST} ^xn--bro-hoa.sec-mail.guru$ [NC]
-                RewriteRule ^$ https://horde.sec-mail.guru [L,R=301]
-                # Exclude file from password protection
-                SetEnvIf Request_URI "(rpc.php)$"  allow
-                SetEnvIf Request_URI "(rpc.php/turba/mailsystem/)$"  allow
-                SetEnvIf Request_URI "(rpc.php/nag/mailsystem/)$" allow
-                SetEnvIf Request_URI "(sapi/profile/client)$"  allow
-                SetEnvIf Request_URI "(devinfo)$"  allow
-                SetEnvIf Request_URI "(Microsoft-Server-ActiveSync)$"  allow
-                # ActiveSync
-                RewriteEngine On
-                RewriteRule ^/Microsoft-Server-ActiveSync /rpc.php [PT,L,QSA]
-                RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
-                RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
-                RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-	</Directory>
-        # Deny access to the test.php files except from localhost
-        <LocationMatch "^/horde/(.*/)?test.php">
-		Require local
-        </LocationMatch>
-        # Deny access to directories that are not served directly by the webserver
-        <DirectoryMatch "^var/www/horde/(.*/)?(config|lib|locale|po|scripts|templates)/(.*)?">
-                Require all denied
-        </DirectoryMatch>
-	<Directory /usr/share/horde/rpc>
-		<IfModule mod_rewrite.c>
-			RewriteEngine On
-			RewriteCond   %{REQUEST_FILENAME}  !-d
-			RewriteCond   %{REQUEST_FILENAME}  !-f
-			RewriteRule   ^(.*)$ index.php/$1 [QSA,L]
- 		</IfModule>
-	</Directory>
-        DirectoryIndex index.php
-        ErrorLog logs/horde_error.log
-        CustomLog logs/horde_access.log combined
-</VirtualHost>
-</file>
-<WRAP round important>**Wichtig:**
-Solange wir unseren vHost noch nicht in der Produktionsumgebung steht und fertig konfiguriert wurde, beschränken wir den Zugriff auf den vHost noch. Hierzu tragen wir in der **Directive //Directory//** folgendes ein:
-<code apache>...
-                <IfModule mod_authz_core.c>
-                        # Access-stuff (Zugriff von überall erlauben.)
-                	#Require all granted
-                        # Access-stuff (Zugriff nur vom Admin-Netz aus!)
-			Require host nausch.org
-                </IfModule>
-...
-</code>
-Nach erfolgter Konfiguration, geben wir dann den Zugriff für alle frei.
-<code apache>...
-                <IfModule mod_authz_core.c>
-                        # Access-stuff (Zugriff von überall erlauben.)
-                	Require all granted
-                        # Access-stuff (Zugriff nur vom Admin-Netz aus!)
-			#Require host nausch.org
-                </IfModule>
-...
-</code>
-</WRAP>
-==== Konfiguration aktivieren ====
-Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler.
-   # apachectl -t
-   Syntax OK
-Abschließend führen wir einen Reload sdes Daemon durch.
-   # systemctl reload httpd.service
-Bei Bedarf können wir auch den Status des Apche Webservers abfragen.
-   # systemctl status httpd.service
-<code>httpd.service - The Apache HTTP Server
-   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
-   Active: active (running) since Tue 2014-09-09 18:26:47 CEST; 1 day 15h ago
-  Process: 20019 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
-  Process: 22718 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
- Main PID: 20024 (httpd)
-   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
-   CGroup: /system.slice/httpd.service
-           ├─20024 /usr/sbin/httpd -DFOREGROUND
-           ├─22721 /usr/sbin/httpd -DFOREGROUND
-           ├─22722 /usr/sbin/httpd -DFOREGROUND
-           ├─22723 /usr/sbin/httpd -DFOREGROUND
-           ├─22724 /usr/sbin/httpd -DFOREGROUND
-           └─22725 /usr/sbin/httpd -DFOREGROUND
-Sep 10 19:45:20 vml000097.dmz.nausch.org systemd[1]: Reloading The Apache HTTP Server.
-Sep 10 19:45:21 vml000097.dmz.nausch.org systemd[1]: Reloaded The Apache HTTP Server.
-</code>
 ===== mySQL Datenbank =====