I have secured a website using Apache2 HTTPD with LDAP mod with the following config. It works great for almost everyone, however for 2 users it returns an "<user> not found" error.
Our security team has indicated that we should try changing from checking the UID to instead check the ANR.
I have googled, but can't find much information on ANR. What is ANR? How do I switch to use ANR?
<VirtualHost *:80>
ServerName mydomain
Redirect permanent / https://mydomain/
</VirtualHost>
<VirtualHost *:443>
SSLProxyEngine on
SSLCertificateFile /etc/apache2/ssl/mydomain.pem
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key
ProxyPreserveHost on
ProxyRequests off
ServerName mydomain
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
<Proxy *>
AuthType Basic
Authname "Password Required"
AuthBasicProvider ldap
AuthLDAPURL ldaps://realm.domain.local:3269
#AuthLDAPCompareAsUser on
#LDAPReferrals off
AuthLDAPBindDN "CN=SVC-Auth,OU=ServiceAccounts,DC=<domain>,DC=local"
AuthLDAPBindPassword "<password>"
Require valid-user
</Proxy>
</VirtualHost>
How is it possible for this to work great for the majority of users, but for the user to be missing for a small subset of users? These users can login fine to all other AD services.
Related
I have just configured my server with an open-source ALM tool, e.g. ZenTao. Now I need to edit httpd.conf to visit it through my domain with https, but I don't know-how, could someone help with that?
I am using Ubuntu 18.04 LTS (GNU) and I have already applied for a certificate for my domain from Letsencrypt.
If you want to make your https work for your ZenTao domain, you should provision your httpd.conf with port 443 details, which you could refer to the following,
DocumentRoot and Directory should be your /zentao/www root,
And you should configure with your SSL certificates in it as well,
<VirtualHost *:443>
ServerName *.xxx.com
ServerAlias *.xxx.com
DocumentRoot "/zentaoalm/www/"
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/xxx.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx.com.key
SSLCertificateChainFile /etc/apache2/ssl/xxx.com.pem
<Directory "/zentaopms/www">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
I am developing node.js application and wants to deploy on apache server and run with https url only.
There is following url scheme I would like to configure on server.
https://example.com runs node js application on 1000 port from /home/main/public_html/ directory.
https://example.com:1335 runs node js application from /home/main/public_html/stagging/ directory.
https://example.com:4234 runs node js application from /home/main/public_html/development/ directory.
I want to achieve this type of url output from server.
I tried following way to achieve this but it display just directory listing only. I want to execute nodejs application.
<VirtualHost *:80>
ServerAdmin webmaster#domain.com
ServerName sub.domain.com
ProxyRequests Off
#Executes code from main directory
<Proxy https://whizbite.com:1000>
Order deny,allow
Allow from all
ProxyPreserveHost off
ProxyPass https://localhost:8080/
ProxyPassReverse https://localhost:8080/
</Proxy>
#Executes code from staging directory
<Proxy https://whizbite.com:1335>
Order deny,allow
Allow from all
ProxyPreserveHost off
ProxyPass https://localhost:8080/staging/
ProxyPassReverse https://localhost:8080/staging/
</Proxy>
#Executes code from development directory
<Proxy https://whizbite.com:4234>
Order deny,allow
Allow from all
ProxyPreserveHost off
ProxyPass https://localhost:8080/development/
ProxyPassReverse https://localhost:8080/development/
</Proxy>
</VirtualHost>
I really don't know how to achieve above url scheme by modification of apache configuration.
I was doing the basic authentication to access the web pages via dispatcher. I have gone through some blog and was able to achieve it, but only for one directory. Below is the virtual host that i configured.
<VirtualHost *:80>
ServerAdmin admin#aemcorner.com
ServerName aemcorner.com
ServerAlias www.aemcorner.com
#DocumentRoot /var/www/example.com/public_html
DocumentRoot /opt/communique/dispatcher/cache
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /content/practice/en/hello/secure-pages>
# <Directory /var/www/example.com/public_html>
AuthType Basic
AuthName "Secure Content"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require all granted
</Directory>
</VirtualHost>
Here i want to work with the commented lines, this snippet work fine but when i
replace it with /content/practice/en/Secure-Pages and use the commented DocumentRoot it give me an error as below :
**Forbidden
You don't have permission to access /content/practice/en/hello/secure-pages/sp1.html on this server.**
I want to access the page /opt/communique/dispatcher/cache/content/practice/en/Secure-Pages/SP1.html
Also i am getting the below error :
[Mon Sep 07 20:57:39.500158 2015] [authz_core:error] [pid 9483:tid 140017092585216] [client 127.0.0.1:49543] AH01630: client denied by server configuration: /opt/communique/dispatcher/cache/favicon.ico, referer: http://aemcorner.com/content/practice/en/hello/secure-pages/sp1.html
I was able to solve this problem via below configuration :
<VirtualHost *:80>
ServerAdmin admin#aemcorner.com
ServerName aemcorner.com
ServerAlias www.aemcorner.com
#DocumentRoot /var/www/example.com/public_html
DocumentRoot /opt/communique/dispatcher/cache
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /content/practice/en/hello/secure-pages>
# <Directory /var/www/example.com/public_html>
AuthType Basic
AuthName "Secure Content"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require valid-user
</Location>
</VirtualHost>
I have use Location instead of Directory and Require valid-user
What I am trying to do
After running the command (export PORT=3000 && node server.js) my node.js app (StackEdit) is served at: http://example.com:3000/.
The command (export PORT=80 && node server.js) wouldn't work considering that Apache already uses port 80 on the server.
As I am new to Node.js, an easy way to make the node.js app available at http://example.com/ (i.e. port 80) would be to set up Apache as a reverse proxy.
Here's what I've tried
In /etc/apache2/sites-available/example.com.conf
Trial (1):
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com/public
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/editor.aahanblog.com/logs/access.log combined
ProxyPass / http://example.com:3000/
ProxyPassReverse / http://example.com:3000/
</VirtualHost>
This simply shows the directory listing for the public directory. So, in this case the requests aren't reaching the node.js app.
Trial (2):
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/example.com/public
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /var/www/example.com/public>
ProxyPass http://mydomain:3000/
ProxyPassReverse http://mydomain:3000/
</Location>
</VirtualHost>
This doesn't work either. It takes me to some default apache page.
What I am missing here?
Change your Location directive as
<Location /> from <Location /var/www/example.com/public>
basically, Location directive is a prefix of the path component of the URL
I'm trying to get an SVN server up and running. CentOS 6.4, apache 2.2.15. More importantly, I need to have it running on https only. So I figure that I'll get ssl running first, as I've already tested it on port 80, and SVN works the way I want it to.
In /etc/httpd/ssl, I have ..
intermediate.crt wildcard.mycompany.com.crt wildcard.mycompany.com.key
We bought a wildcard certificate from GeoTrust, and I downloaded the intermediate.crt from their website. In /etc/httpd/httpd.conf, I have..
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin my.email#mycompany.com
ServerName hostname.mycompany.com
ErrorLog logs/error_log
CustomLog logs/access_log common
Redirect permanent / https://hostname.mycompany.com
</VirtualHost>
<VirtualHost hostname.mycompany.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/wildcard.mycompany.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/wildcard.mycompany.com.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt
ServerName hostname.mycompany.com
ServerAdmin my.email#mycompany.com
ErrorLog logs/subversion-error_log
CustomLog logs/subversion-access_log common
</VirtualHost>
I can connect to the server, but my browser tells me that the certificate is untrusted. So I'm guessing that there's an error in the permissions, or perhaps in the format of the file?
I can't see anything in the logs.
I set this up at home on my own server, but wasn't using a wildcard certificate.
Anyone care to advise as to what's gone wrong?
Thanks.