dolanor/README.md

## README.md

      
    Raw
  

              README.md
            
          
    #Apache2 and bind configuration for subdomain for each web application running on different port


http://gitlab.domain.tld will redirect to https://gitlab.domain.tld to enforce security


https://gitlab.domain.tld will proxy request to the localhost:3000 where the rails app is running


http://shellinabox.domain.tld isn't existing and doesn't do nothing. It is a small of security by obfuscation which isn't great, but I prefer people to know to connect through https to go to the shellinabox


https://shellinabox.domain.tld will proxy request to the localhost:4200 where the shellinaboxd is running


## etc,apache2,site-available,gitlab
<VirtualHost *:80>
        ServerName gitlab.domain.tld

        Redirect / https://gitlab.domain.tld/

        CustomLog /var/log/apache2/gitlab/access.log combined
        ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName gitlab.domain.tld
        ServerAdmin root@domain.tld

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt
        SSLCertificateKeyFile /etc/apache2/ssl/key-gitlab.domain.tld.key

        SSLProxyEngine on
        SSLProxyCACertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt

        ProxyRequests On
        ProxyPreserveHost On
        ProxyVia full

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass / http://127.0.0.1:3000/
        ProxyPassReverse / http://127.0.0.1:3000/

        CustomLog /var/log/apache2/gitlab/access.log combined
        ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>

## etc,apache2,site-available,shellinabox
<VirtualHost *:443>
        ServerName shellinabox.domain.tld

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/cert-sh.domain.tld.crt
        SSLCertificateKeyFile /etc/apache2/key-sh.domain.tld.key


        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass / http://localhost:4200/
        ProxyPassReverse / http://localhost:4200/
</VirtualHost>

## etc,bind,db.domain.tld
/etc/bind/db.domain.tld
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.domain.tld. root.domain.tld. (
                        20121101014103  ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.domain.tld.
; Mandatory to get an access in http://domain.tld without servername before
        IN      A       123.255.231.128
ns      IN      A       123.255.231.128
ns      IN      AAAA    ipv6:adde:55:::::
gitlab  IN      A       123.255.231.128
*       IN      A       123.255.231.128
*       IN      AAAA    ipv6:adde:55:::::

## etc,bind,db.domain.tld.inv
@ IN SOA domain.tld. admin.domain.tld. (
                      2006081401;
                      28800;
                      604800;
                      604800;
                      86400);
                     IN    NS     ns.domain.tld.
66                   IN    PTR    domain.tld.

## etc,bind,named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "domain.tld" {
        type master;
        file "/etc/bind/db.domain.tld";
};

zone "0.231.255.123.in-addr.arpa" {
        type master;
        file "/etc/bind/db.domain.tld.inv";
};

## etcapache2site-availablegitlab
<VirtualHost *:80>
        ServerName gitlab.domain.tld

        Redirect / https://gitlab.domain.tld/

        CustomLog /var/log/apache2/gitlab/access.log combined
        ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName gitlab.domain.tld
        ServerAdmin root@domain.tld

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt
        SSLCertificateKeyFile /etc/apache2/ssl/key-gitlab.domain.tld.key

        SSLProxyEngine on
        SSLProxyCACertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt

        ProxyRequests On
        ProxyPreserveHost On
        ProxyVia full

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass / http://127.0.0.1:3000/
        ProxyPassReverse / http://127.0.0.1:3000/

        CustomLog /var/log/apache2/gitlab/access.log combined
        ErrorLog /var/log/apache2/gitlab/error.log
</VirtualHost>

## etcapache2site-availableshellinabox
<VirtualHost *:443>
        ServerName shellinabox.domain.tld

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/cert-sh.domain.tld.crt
        SSLCertificateKeyFile /etc/apache2/key-sh.domain.tld.key


        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass / http://localhost:4200/
        ProxyPassReverse / http://localhost:4200/
</VirtualHost>

## etcbinddb.domain.tld
/etc/bind/db.domain.tld
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.domain.tld. root.domain.tld. (
                        20121101014103  ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.domain.tld.
; Mandatory to get an access in http://domain.tld without servername before
        IN      A       123.255.231.128
ns      IN      A       123.255.231.128
ns      IN      AAAA    ipv6:adde:55:::::
gitlab  IN      A       123.255.231.128
*       IN      A       123.255.231.128
*       IN      AAAA    ipv6:adde:55:::::

## etcbinddb.domain.tld.inv
@ IN SOA domain.tld. admin.domain.tld. (
                      2006081401;
                      28800;
                      604800;
                      604800;
                      86400);
                     IN    NS     ns.domain.tld.
66                   IN    PTR    domain.tld.

## etcbindnamed.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "domain.tld" {
        type master;
        file "/etc/bind/db.domain.tld";
};

zone "0.231.255.123.in-addr.arpa" {
        type master;
        file "/etc/bind/db.domain.tld.inv";
};
	<VirtualHost *:80>
	ServerName gitlab.domain.tld

	Redirect / https://gitlab.domain.tld/

	CustomLog /var/log/apache2/gitlab/access.log combined
	ErrorLog /var/log/apache2/gitlab/error.log
	</VirtualHost>

	NameVirtualHost *:443
	<VirtualHost *:443>
	ServerName gitlab.domain.tld
	ServerAdmin root@domain.tld

	SSLEngine On
	SSLCertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt
	SSLCertificateKeyFile /etc/apache2/ssl/key-gitlab.domain.tld.key

	SSLProxyEngine on
	SSLProxyCACertificateFile /etc/apache2/ssl/cert-gitlab.domain.tld.crt

	ProxyRequests On
	ProxyPreserveHost On
	ProxyVia full

	<Proxy *>
	Order deny,allow
	Allow from all
	</Proxy>

	ProxyPass / http://127.0.0.1:3000/
	ProxyPassReverse / http://127.0.0.1:3000/

	CustomLog /var/log/apache2/gitlab/access.log combined
	ErrorLog /var/log/apache2/gitlab/error.log
	</VirtualHost>
	<VirtualHost *:443>
	ServerName shellinabox.domain.tld

	SSLEngine on
	SSLCertificateFile /etc/apache2/ssl/cert-sh.domain.tld.crt
	SSLCertificateKeyFile /etc/apache2/key-sh.domain.tld.key


	ProxyRequests Off
	<Proxy *>
	Order deny,allow
	Allow from all
	</Proxy>
	ProxyPass / http://localhost:4200/
	ProxyPassReverse / http://localhost:4200/
	</VirtualHost>
	/etc/bind/db.domain.tld
	;
	; BIND data file for local loopback interface
	;
	$TTL 604800
	@ IN SOA ns.domain.tld. root.domain.tld. (
	20121101014103 ; Serial
	604800 ; Refresh
	86400 ; Retry
	2419200 ; Expire
	604800 ) ; Negative Cache TTL
	;
	@ IN NS ns.domain.tld.
	; Mandatory to get an access in http://domain.tld without servername before
	IN A 123.255.231.128
	ns IN A 123.255.231.128
	ns IN AAAA ipv6:adde:55:::::
	gitlab IN A 123.255.231.128
	* IN A 123.255.231.128
	* IN AAAA ipv6:adde:55:::::
	@ IN SOA domain.tld. admin.domain.tld. (
	2006081401;
	28800;
	604800;
	604800;
	86400);
	IN NS ns.domain.tld.
	66 IN PTR domain.tld.
	//
	// Do any local configuration here
	//

	// Consider adding the 1918 zones here, if they are not used in your
	// organization
	//include "/etc/bind/zones.rfc1918";

	zone "domain.tld" {
	type master;
	file "/etc/bind/db.domain.tld";
	};

	zone "0.231.255.123.in-addr.arpa" {
	type master;
	file "/etc/bind/db.domain.tld.inv";
	};