Updated Apache HTTPD and Squid docker container configuration
This commit is contained in:
parent
bbaf8af59e
commit
b518e3d871
|
@ -33,7 +33,7 @@ RUN mkdir ${httpd_home}/ssl
|
|||
COPY server-cert.pem ${httpd_home}/ssl/
|
||||
COPY server-key.pem ${httpd_home}/ssl/
|
||||
COPY httpd.conf ${httpd_home}/conf/
|
||||
COPY httpd-ssl.conf ${httpd_home}/conf/
|
||||
COPY httpd-ssl.conf ${httpd_home}/conf/extra/
|
||||
|
||||
RUN mkdir -p ${private_dir}
|
||||
# user: testuser; pwd: nopassword
|
||||
|
|
|
@ -67,8 +67,8 @@ Listen 8443
|
|||
# ensure these follow appropriate best practices for this deployment.
|
||||
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
|
||||
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
|
||||
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
|
||||
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
|
||||
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
|
||||
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
|
||||
|
||||
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
|
||||
# Older ciphers should be disallowed as soon as possible, while the
|
||||
|
|
|
@ -77,6 +77,9 @@ Listen 8080
|
|||
# Example:
|
||||
# LoadModule foo_module modules/mod_foo.so
|
||||
#
|
||||
LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
||||
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
||||
#LoadModule authn_anon_module modules/mod_authn_anon.so
|
||||
|
@ -154,6 +157,8 @@ LoadModule version_module modules/mod_version.so
|
|||
#LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
|
||||
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
|
||||
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
|
||||
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
|
||||
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
|
||||
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
|
||||
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
||||
|
@ -428,6 +433,15 @@ LogLevel warn
|
|||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<IfModule headers_module>
|
||||
#
|
||||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
|
||||
# backend servers which have lingering "httpoxy" defects.
|
||||
# 'Proxy' request header is undefined by the IETF, not listed by IANA
|
||||
#
|
||||
RequestHeader unset Proxy early
|
||||
</IfModule>
|
||||
|
||||
<IfModule mime_module>
|
||||
#
|
||||
# TypesConfig points to the file containing the list of mappings from
|
||||
|
@ -556,7 +570,7 @@ Include conf/extra/proxy-html.conf
|
|||
</IfModule>
|
||||
|
||||
# Secure (SSL/TLS) connections
|
||||
Include conf/httpd-ssl.conf
|
||||
Include conf/extra/httpd-ssl.conf
|
||||
#
|
||||
# Note: The following must must be present to support
|
||||
# starting without SSL on platforms with no /dev/random equivalent
|
||||
|
|
|
@ -14,7 +14,8 @@
|
|||
# limitations under the License.
|
||||
# ==========================================================================
|
||||
|
||||
http_port 8888 8889
|
||||
http_port 8888
|
||||
http_port 8889
|
||||
|
||||
coredump_dir /var/spool/squid3
|
||||
|
||||
|
|
Loading…
Reference in New Issue