Create a file under /etc/apache2/conf-enabled with following content
Header Set X-Robots-Tag “noindex, nofollow, noarchive, nosnippet”
Check your config with wget –server-response –spider example.com
apache
Apache Varnish ssl
You want to use apache with varnish and ssl. Let´s start.
First install Varnish 6
Please Look here for install Varnish on Ubuntu/Debian
https://packagecloud.io/varnishcache/varnish41/install#manual-deb
replace trusty with bionic
root@remote:~# cat /etc/apt/sources.list.d/varnishcache_varnish60.list
deb https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
deb-src https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
Install Varnish 6
apt-get install varnish
start and enable Varnish as service
sudo systemctl start varnish.service
sudo systemctl enable varnish.service
Attention look here for more information about Varnish and Systemd
https://docs.varnish-software.com/tutorials/configuring-systemd-services/
Next Step we configure Varnish
systemctl edit varnish.service
Insert following, feel free do adjust your memory settings
[Service] ExecStart= ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -p first_byte_timeout=600
we create a full replacement of varnish.service
systemctl edit --full varnish.serviceMake your changes and save the file. After saving we reloading the systemd config
systemctl daemon-reload
You can also adjust /etc/varnish/default.vcl for Browser caching or anything else
https://konkretor.com/2017/05/29/leverage-browser-caching-with-varnish/
That´s it for install and adjust Varnish
Install Apache with SSL
apt-get install apache2
We create a redirect from http to https
vim /etc/apache2/sites-available/redirect.conf
<Virtualhost vhost.example.com>
ServerName vhost.example.com
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
</Virtualhost>
We create a new vhost file with rondtrip.conf, we running the static site with port 8080
vim /etc/apache2/sites-available/roundtrip.conf
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
We create a new vhost file for ssl
vim /etc/apache2/sites-available/ssl.conf
<VirtualHost *:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/sslcert.key
SSLCertificateFile /etc/ssl/private/sslcert.crt
# SSLCertificateChainFile /eDigiCertCA.crt
</VirtualHost>
we delete the default site, we don´t need it
rm /etc/apache2/sites-enabled/000-default.conf
We are enable the apache config
a2ensite redirect.conf
a2ensite ssl.conf
a2ensite roundtrip.conf
We are enable port 8080
vim /etc/apache2/ports.conf
add
Listen 8080
Enable some modules that we need
a2enmod proxy
a2enmod proxy_http
a2enmod headers
Check your Apache Config
apachectl configtest
Restart your Apache
systemctl restart apache
That´s it!
quic webserver
Look at here when you are looking for a webserver with quic support
http://open.litespeedtech.com/mediawiki/
forcing oft mime type file to download
Apache is sometimes nice and sometimes ugly. Show me the ugly Apache 🙂
I have a webserver with Apache and some files doc, pdf and “oft” outlook template file.
Internet Explorer open “oft” directly without prompting and show the source code of the file.
add to your apache2.conf file following
AddType application/octet-stream .oft oft
Check your apache conf file that is allowed to use htaccess file
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
we need two mods, rewrite and headers, very often rewrite is enable, headers not so often. When you not have enable headers you will get a 500 server error from Apache.
enable headers with
a2enmod headers
apachectl restart
place your .htaccess file in your www data folder /var/www/
You need following content, this works with all other extension that you will be force to download
<FilesMatch “\.(.oft|OFT)$”>
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
That´s it
Konkretor Blog, IT Stuff and more 