contato318/proxmox_conf_apache.txt

## proxmox_conf_apache.txt
###########################################################
# CONFIGURANDO O PROXMOX PARA RESPONDER APENAS LOCALMENTE #
###########################################################
echo -e "ALLOW_FROM="127.0.0.1"nDENY_FROM="all"nPOLICY="allow"" > /etc/default/pveproxy
sed -i -e "s|port => 8006,|port => 8006,nhost => "127.0.0.1",|" /usr/bin/pveproxy
/etc/init.d/pveproxy restart
/etc/init.d/pveproxy status

apt-get update
apt-get install apache2


##############
# GERAR CERT #
##############

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

##################
# CONF DO APACHE #
# <DOMINIO>.conf #
##################

<VirtualHost *:80>
  Redirect "/" "https://<DOMINIO>/"
	ServerAdmin webmaster@<DOMINIO>
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
  ServerName <DOMINIO>
  ServerAdmin proxmox@<DOMINIO>
  DocumentRoot /var/www

  SSLEngine On
  SSLCertificateFile  /etc/ssl/certs/apache-selfsigned.crt
  SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
  SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

  SSLHonorCipherOrder On
  SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
  SSLProxyEngine on
  SSLProxyVerify none

  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  ProxyRequests off
  ProxyPreserveHost on

  <Location />
    ProxyPass https://localhost:8006/
    ProxyPassReverse  https://localhost:8006/
    Order allow,deny
    allow from all
  </Location>

<LocationMatch /api2/json/nodes/host1/([^/]*)/([^/]*)/vncwebsocket>
    ProxyPass wss://localhost:8006/api2/json/nodes/host1/$1/$2/vncwebsocket retry=0
    ProxyPassReverse  wss://localhost:8006/api2/json/nodes/host1/$1/$2/vncwebsocket
    Order allow,deny
    allow from all
</LocationMatch>

  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
  ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
</VirtualHost>


####################################
# COMPLEMENTANDO O RESTO DO APACHE #
####################################
a2enmod ssl
a2enmod proxy
a2enmod headers
a2enmod mod_proxy
a2enmod proxy proxy_http proxy_ajp
a2enmod proxy_html
a2enmod proxy_http
a2enmod proxy_wstunnel
a2enmod rewrite

a2ensite <DOMINIO>.conf
systemctl restart apache2
	###########################################################
	# CONFIGURANDO O PROXMOX PARA RESPONDER APENAS LOCALMENTE #
	###########################################################
	echo -e "ALLOW_FROM="127.0.0.1"nDENY_FROM="all"nPOLICY="allow"" > /etc/default/pveproxy
	sed -i -e "s\|port => 8006,\|port => 8006,nhost => "127.0.0.1",\|" /usr/bin/pveproxy
	/etc/init.d/pveproxy restart
	/etc/init.d/pveproxy status

	apt-get update
	apt-get install apache2


	##############
	# GERAR CERT #
	##############

	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

	openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

	##################
	# CONF DO APACHE #
	# <DOMINIO>.conf #
	##################

	<VirtualHost *:80>
	Redirect "/" "https://<DOMINIO>/"
	ServerAdmin webmaster@<DOMINIO>
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	</VirtualHost>
	<VirtualHost *:443>
	ServerName <DOMINIO>
	ServerAdmin proxmox@<DOMINIO>
	DocumentRoot /var/www

	SSLEngine On
	SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
	SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
	SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

	SSLHonorCipherOrder On
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
	SSLProxyEngine on
	SSLProxyVerify none

	SSLProxyVerify none
	SSLProxyCheckPeerCN off
	SSLProxyCheckPeerName off
	ProxyRequests off
	ProxyPreserveHost on

	<Location />
	ProxyPass https://localhost:8006/
	ProxyPassReverse https://localhost:8006/
	Order allow,deny
	allow from all
	</Location>

	<LocationMatch /api2/json/nodes/host1/([^/])/([^/])/vncwebsocket>
	ProxyPass wss://localhost:8006/api2/json/nodes/host1/$1/$2/vncwebsocket retry=0
	ProxyPassReverse wss://localhost:8006/api2/json/nodes/host1/$1/$2/vncwebsocket
	Order allow,deny
	allow from all
	</LocationMatch>

	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
	ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
	</VirtualHost>


	####################################
	# COMPLEMENTANDO O RESTO DO APACHE #
	####################################
	a2enmod ssl
	a2enmod proxy
	a2enmod headers
	a2enmod mod_proxy
	a2enmod proxy proxy_http proxy_ajp
	a2enmod proxy_html
	a2enmod proxy_http
	a2enmod proxy_wstunnel
	a2enmod rewrite

	a2ensite <DOMINIO>.conf
	systemctl restart apache2