Secure apache web server quickly

From Urandom
Jump to: navigation, search

Needed to close down a fresh apache installation. Should work with most debians.

Contents

Enable SSL

Enable ssl module and site.

a2enmod ssl
a2ensite default-ssl

Redirect http to https

Enable rewrite module

a2enmod rewrite
Added this to /etc/apache2/sites-enabled/000-default in the
<VirtualHost *:80>
section
        <LocationMatch "/">
                RewriteEngine On
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        </LocationMatch>

Set up basic authentication

Create password file and add users

Create password file

htpasswd -c /etc/apache2/passwords admin
  • NB: to add another user
htpasswd /etc/apache2/passwords moderator

Configure apache with basic authentication

<Location />
AuthType basic
AuthName "Access requires authentication"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
</Location>

Reload configuration

service apache2 reload
Personal tools