Updated Apache HTTPD and Squid docker container configuration

This commit is contained in:
Oleg Kalnichevski 2018-10-23 13:29:52 +02:00
parent bbaf8af59e
commit b518e3d871
4 changed files with 20 additions and 5 deletions

View File

@ -33,7 +33,7 @@ RUN mkdir ${httpd_home}/ssl
COPY server-cert.pem ${httpd_home}/ssl/
COPY server-key.pem ${httpd_home}/ssl/
COPY httpd.conf ${httpd_home}/conf/
COPY httpd-ssl.conf ${httpd_home}/conf/
COPY httpd-ssl.conf ${httpd_home}/conf/extra/
RUN mkdir -p ${private_dir}
# user: testuser; pwd: nopassword

View File

@ -67,8 +67,8 @@ Listen 8443
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the

View File

@ -77,6 +77,9 @@ Listen 8080
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module modules/mod_mpm_event.so
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
@ -154,6 +157,8 @@ LoadModule version_module modules/mod_version.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
@ -428,6 +433,15 @@ LogLevel warn
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
@ -556,7 +570,7 @@ Include conf/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
Include conf/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent

View File

@ -14,7 +14,8 @@
# limitations under the License.
# ==========================================================================
http_port 8888 8889
http_port 8888
http_port 8889
coredump_dir /var/spool/squid3