sS
ich was den Apache betrifft, völliger Einsteiger. Ich habe es über diverse Tutorials hinbekommen einen sicheren Nextcloud Server einzurichten der auch aus dem Internet erreichbar ist, mit fail2ban usw.
So nun stehe ich vor einem Problem wo ich mir die Zähne ausbeise: Ich möchte auch verschiedene andere Dienste mit dem Apache nutzen, allem voran der phpmyadmin.
Der PHPMYAdmin darf natürlich nur im lokalen Netz erreichbar sein. Ich wollte das mit einem extra virtualhost auf einem anderen Port als 80 bzw. 443 lösen.
Das Problem ist aber, dass ich außer der Nextcloud nix auf dem Server erreiche. Die Anfragen aus dem Browser werden alle auf die Nextcloud umgeleitet. Die Config-Files schauen so aus:
001-nextcloud.conf_
- Code: Select all
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName ######.ddns.net
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/nextcloud
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =########.ddns.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
001-nextcloud-le-ssl.conf
- Code: Select all
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName ###########.ddns.net
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/nextcloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent MIME based attacks
Header set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
# SSL Configuration - uses strong cipher list - these might need to
# be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn..
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =######.ddns.net
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/#######.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/########.ddns.net/privkey.pem
</VirtualHost>
</IfModule>
Wie muss denn meine vhost.conf denn aussehen, damit das funktioniert? Aktuell sieht sie so aus:
- Code: Select all
<VirtualHost *:81>
DocumentRoot /var/www/html/phpmyadmin
ServerName phpmyadmin
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory /var/www/html/phpmyadmin>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Require all granted
Require host localhost
Require ip 127.0.0.1
Require ip 192.168
</Directory>
Vielen Dank!!!
Bitte habt Nachsicht, ich habe nicht so viel Ahnung vom Apache!
Grüße Martin