====== Reverse proxy (http and https) ======
* **Reverse proxy http**
__Public services, open from WAN__
apt-get install apache2
a2dismod actions auth_basic authn_file authz_groupfile authz_user
a2enmod cache proxy proxy_http proxy_ajp
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.ORI
nano -w /etc/apache2/sites-available/default
ServerAdmin webmaster@localhost
ServerName fc2.to.cnr.it
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ProxyRequests Off
ProxyPreserveHost On
Order deny,allow
Allow from all
ProxyPass /fedora/describe ajp://127.0.0.1:8009/fedora/describe
ProxyPassReverse /fedora/describe ajp://127.0.0.1:8009/fedora/describe
ProxyPass /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
ProxyPassReverse /fedora/risearch ajp://127.0.0.1:8009/fedora/risearch
ProxyPass /fedora/get ajp://127.0.0.1:8009/fedora/get
ProxyPassReverse /fedora/get ajp://127.0.0.1:8009/fedora/get
ProxyPass /fedora/services ajp://127.0.0.1:8009/fedora/services
ProxyPassReverse /fedora/services ajp://127.0.0.1:8009/fedora/services
ProxyPass /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
ProxyPassReverse /adore-djatoka ajp://127.0.0.1:8009/adore-djatoka
service apache2 restart
\\
\\
* **Reverse proxy https**
__SSL connection between back-end (repository) and front-end (drupal)__
\\
\\
Certificate self-signed generation (1 year)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
chmod 400 /etc/ssl/private/apache.key
\\
Configure and enable SSL virtualhost
cd /etc/apache2/
cp sites-available/default-ssl sites-available/default-ssl.ORI
nano -w sites-available/default-ssl
ServerAdmin webmaster@localhost
ServerName fc2.to.cnr.it
ProxyRequests Off
ProxyPreserveHost On
Order Deny,Allow
Deny from all
# front-end IP
Allow from 150.145.48.44 2a00:1620::44
ProxyPass /fedora http://fc2.to.cnr.it:8080/fedora
ProxyPassReverse /fedora http://fc2.to.cnr.it:8080/fedora
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
a2enmod ssl
a2ensite default-ssl
service apache2 restart
\\
You have to disable certificate validation in Islandora module:
nano -w /usr/share/v2p2.to.cnr.it/sites/all/modules/islandora/islandora/libraries/tuque/HttpConnection.php
/**
* FALSE to stop cURL from verifying the peer's certificate. (Default: TRUE)
* @var type boolean
*/
public $verifyPeer = FALSE;