From 9ab47299c182833c5bfc91e338b78d83d2037906 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 28 Sep 2018 13:58:15 +0300 Subject: [PATCH] Updated Apache config for non-SSL connections --- .../alpine/conf/etc/zabbix/apache.conf | 76 ++++++++--------- .../alpine/conf/etc/zabbix/apache_ssl.conf | 49 ++++++++++- .../centos/conf/etc/zabbix/apache.conf | 76 ++++++++--------- .../ubuntu/conf/etc/zabbix/apache.conf | 81 +++++++++---------- .../ubuntu/conf/etc/zabbix/apache_ssl.conf | 54 ++++++++++++- .../alpine/conf/etc/zabbix/apache.conf | 76 ++++++++--------- .../alpine/conf/etc/zabbix/apache_ssl.conf | 49 ++++++++++- .../centos/conf/etc/zabbix/apache.conf | 76 ++++++++--------- .../ubuntu/conf/etc/zabbix/apache.conf | 81 +++++++++---------- .../ubuntu/conf/etc/zabbix/apache_ssl.conf | 54 ++++++++++++- 10 files changed, 426 insertions(+), 246 deletions(-) diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf index f57e8771f..2a5aedc30 100644 --- a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf +++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf @@ -4,42 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf index b66eb642d..74fd226b5 100644 --- a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -5,20 +5,65 @@ Listen 443 + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + diff --git a/web-apache-mysql/centos/conf/etc/zabbix/apache.conf b/web-apache-mysql/centos/conf/etc/zabbix/apache.conf index f57e8771f..2a5aedc30 100644 --- a/web-apache-mysql/centos/conf/etc/zabbix/apache.conf +++ b/web-apache-mysql/centos/conf/etc/zabbix/apache.conf @@ -4,42 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - diff --git a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf index 95ce0a375..2a5aedc30 100644 --- a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf +++ b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf @@ -4,47 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - diff --git a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf index f0ac57989..74fd226b5 100644 --- a/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -1,19 +1,69 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +Listen 443 + + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf index f57e8771f..2a5aedc30 100644 --- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf +++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf @@ -4,42 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf index b66eb642d..74fd226b5 100644 --- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -5,20 +5,65 @@ Listen 443 + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + diff --git a/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf b/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf index f57e8771f..2a5aedc30 100644 --- a/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf +++ b/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf @@ -4,42 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - - - - Require all denied - - Order deny,allow - Deny from all - - diff --git a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf index 95ce0a375..2a5aedc30 100644 --- a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf +++ b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf @@ -4,47 +4,42 @@ DirectoryIndex index.php AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + - - - Options FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - - - - Order deny,allow - Deny from all - - Order deny,allow - Deny from all - - diff --git a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf index f0ac57989..74fd226b5 100644 --- a/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -1,19 +1,69 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +Listen 443 + + SSLEngine on + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php + AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php-source .phps # Enable/Disable SSL for this virtual host. SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/apache2/ssl.crt SSLCertificateKeyFile /etc/ssl/apache2/ssl.key # SSLCACertificatePath /etc/ssl/apache2/chain/ + + # HSTS (mod_headers is required) (15768000 seconds = 6 months) + Header always set Strict-Transport-Security "max-age=15768000" + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + + + + + Require all denied + + Order deny,allow + Deny from all + +