Reverse proxy (http and https)
Public services, open from WAN apt-get install apache2 a2dismod actions auth_basic authn_file authz_groupfile authz_user a2enmod cache proxy proxy_http proxy_ajp cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.ORI nano -w /etc/apache2/sites-available/default <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName fc2.to.cnr.it ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /fedora/describe ajp://127.0.0.1:8009/fedora/describe ProxyPassReverse /fedora/describe ajp://127.0.0.1:8009/fedora/describe ProxyPass /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch ProxyPassReverse /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch ProxyPass /fedora/get ajp://127.0.0.1:8009/fedora/get ProxyPassReverse /fedora/get ajp://127.0.0.1:8009/fedora/get ProxyPass /fedora/services ajp://127.0.0.1:8009/fedora/services ProxyPassReverse /fedora/services ajp://127.0.0.1:8009/fedora/services ProxyPass /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka ProxyPassReverse /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka </VirtualHost> service apache2 restart
SSL connection between back-end (repository) and front-end (drupal)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt chmod 400 /etc/ssl/private/apache.key
cd /etc/apache2/ cp sites-available/default-ssl sites-available/default-ssl.ORI nano -w sites-available/default-ssl <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost ServerName fc2.to.cnr.it ProxyRequests Off ProxyPreserveHost On <Proxy *> Order Deny,Allow Deny from all # front-end IP Allow from 150.145.48.44 2a00:1620::44 </Proxy> ProxyPass /fedora http://fc2.to.cnr.it:8080/fedora ProxyPassReverse /fedora http://fc2.to.cnr.it:8080/fedora ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> SSLEngine on SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule> a2enmod ssl a2ensite default-ssl service apache2 restart
nano -w /usr/share/v2p2.to.cnr.it/sites/all/modules/islandora/islandora/libraries/tuque/HttpConnection.php /** * FALSE to stop cURL from verifying the peer's certificate. (Default: TRUE) * @var type boolean */ public $verifyPeer = FALSE; |