| Apache2 transparent Proxy Docker Container erstellen |
wget -O install.sh 'https://s2011.de/nc_doku2/apache_proxy_install.php' chmod 0744 install.sh ./install.sh |
| apache2.conf |
echo ' DefaultRuntimeDir ${APACHE_RUN_DIR} PidFile ${APACHE_PID_FILE} Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} HostnameLookups Off ErrorLog /var/log/apache2/http_error.log CustomLog /var/log/apache2/http_access.log selfmade LogLevel warn IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf Include ports.conf <Directory /> Options -FollowSymLinks AllowOverride None Require all denied </Directory> AccessFileName .htaccess <FilesMatch "^\.ht"> Require all denied </FilesMatch> LogFormat "%h [%v:%p] (%>s) %t \"%r\" %O \"%{Referer}i\" \"%{User-Agent}i\"" selfmade LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent IncludeOptional conf-enabled/*.conf IncludeOptional sites-enabled/*.conf ' > apache2.conf |
| ports.conf |
echo ' Listen 80 <IfModule ssl_module> Listen 443 </IfModule> ' > ports.conf |
| security.conf |
echo ' ServerTokens Prod ServerSignature Off TraceEnable Off ' > security.conf |
| ssl.conf |
echo ' <IfModule mod_ssl.c> #Alle Protokolle deaktivieren und nur TLSv1.2+1.3 aktivieren SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCompression off SSLOptions +StrictRequire SSLOpenSSLConfCmd Curves X448:secp521r1:secp384r1 SSLOpenSSLConfCmd ECDHParameters Automatic SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem" #Fuer TLSv1.3 nur 2 Ciphers mit 256bit SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 #Fuer TLSv1.2 nur 2 Ciphers mit 256bit SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder on SSLSessionTickets off SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLUseStapling On SSLStaplingCache shmcb:logs/ssl_stapling(32768) </IfModule> ' > ssl.conf |
| 20_html_http.conf |
echo ' <VirtualHost *:80> ErrorLog /var/log/apache2/http_error.log CustomLog /var/log/apache2/http_access.log combined RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> ' > 20_html_http.conf |
| 40_html_https.conf |
echo ' <IfModule mod_ssl.c> <VirtualHost *:443> ServerName debian.fritz.box SSLProxyEngine On ### Einstellungen fuer Nextcloud hinter Proxy (je nach Beadrf) SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ### Folgende 2 Zeilen fuer die Nextcloud ueber http anpassen ProxyPass / http://172.40.0.15/ ProxyPassReverse / http://172.40.0.15/ SSLEngine on ### selbst erstelltes Zertifikat SSLCertificateFile /etc/ssl/certs/selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/selfsigned.key ### Einstellungen fuer Nextcloud hinter Proxy RewriteEngine On RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </IfModule> </VirtualHost> </IfModule> ' > 40_html_https.conf |
| dockerfile |
echo ' from debian run apt update run apt upgrade run apt install -y openssl run apt install -y certbot run apt install -y apache2 run apt install -y python3-certbot-apache run apt install -y apache2-utils run rm /etc/apache2/mods-enabled/* run rm /etc/apache2/conf-enabled/* run rm /etc/apache2/sites-enabled/* run openssl req -x509 -nodes -days 365 \ -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key \ -out /etc/ssl/certs/selfsigned.crt \ -subj "/C=DE/ST=Germany/L=/O=/CN=domain.de" run openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 copy apache2.conf /etc/apache2/apache2.conf copy ports.conf /etc/apache2/ports.conf copy security.conf /etc/apache2/conf-available/security.conf copy ssl.conf /etc/apache2/mods-available/ssl.conf run a2enconf security.conf run a2enmod mpm_event run a2enmod proxy run a2enmod proxy_http run a2enmod authz_core run a2enmod ssl run a2enmod rewrite run a2enmod alias run a2enmod headers run a2enmod dir copy 20_html_http.conf /etc/apache2/sites-available/20_html_http.conf copy 40_html_https.conf /etc/apache2/sites-available/40_html_https.conf run a2ensite 20_html_http.conf run a2ensite 40_html_https.conf CMD ["apache2ctl", "-D", "FOREGROUND"] ' > dockerfile |
| build container |
docker build -t apache_proxy . |
| start container |
docker run -d \ -p 80:80 \ -p 443:443 \ --name apache_proxy \ apache_proxy ### Optionale Parameter ### --net proxy_net \ ### --ip 172.40.0.11 \ |