Apache and Openssl Installation V3.0
Apache and Openssl Installation V3.0
Copyright ©2024 Aurus Inc. All Rights Reserved. All information contained herein is confidential and proprietary to Aurus Inc... It
shall not be disclosed, duplicated, or used in part or in whole, for any purpose without prior written consent from Aurus Inc... Aurus Inc.
Reserves the right to make changes to specifications at any time and without notice. This information contained within is believed to be
accurate and reliable; however, no responsibility is assumed by Aurus Inc. For its use. All trademarks, service marks, and trade names
referenced in this material are the property of their respective owners. Information security is addressed in the execution of the Project.
This includes secure development techniques, secure coding, and secure code reviews.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 1
SYS Admin Documentation
TABLE OF CONTENT
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 2
SYS Admin Documentation
5.5.2 Configure & make install the nghttp2 ...................................................................... 12
5.5.3 apr and apr-util Installation ..................................................................................... 14
5.6 httpd installation .......................................................................................................... 15
5.6.1 Extract the httpd package on /usr/local dir. ........................................................... 15
5.6.2 Extract the apr and apr-util file in/usr/local/httpd-2.4.58/srclib....................... 15
5.6.3 Configure the apache with following step. .............................................................. 15
5.6.4 Copy required old files backup. ................................................................................ 16
5.6.5 Make changes in httpd.conf and httpd-ssl.conf ...................................................... 16
5.7 Mod caucho Installation ............................................................................................... 17
5.7.1 Extract the resin tar file in /usr/local ...................................................................... 17
5.7.2 Change older backup path and configure with apache2 and run .......................... 17
5.7.3 Start apache service and verify ................................................................................. 18
6. Modsecurity Installation ..................................................................................................... 19
6.1 Modsecurity installation .............................................................................................. 19
6.2 Create directory for modsecurity ................................................................................ 19
6.3 Modsecurity package download .................................................................................. 19
6.4 Configure modsecurity package and make install ..................................................... 20
6.5 Copy modsecurity config recommended file to modsecurity directory ................... 20
6.6 coreruleset package setup ........................................................................................... 20
6.7 coreruleset config file setup......................................................................................... 21
7. Modsecurity Configuration ................................................................................................. 22
7.1 Enable modsecurity in httpd.conf ............................................................................... 22
7.2 Configure modsecurity parameters ............................................................................ 22
7.3 Configure coreruleset parameters .............................................................................. 24
8. HTTPD Config -Enabled the line on config file .................................................................. 27
9. SSL certificates Renewal ..................................................................................................... 35
9.1 SSL Certificate Renewal on web Server ...................................................................... 35
9.2 SSL certificates add on web ......................................................................................... 35
9.3 Restart the Apache service........................................................................................... 35
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 3
SYS Admin Documentation
1. Document Overview
1.1 About this Document
This document covers the Apache and Openssl installation, along with that HTTP2
installation.
1.3 Approver
2.0 Siva P.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 4
SYS Admin Documentation
2. Introduction
2.1 Overview
Apache HTTP Server, commonly referred to as apache, is one of the most widely used open-
source web servers globally. Renowned for its stability, flexibility, and robustness, Apache
serves as the backbone for countless websites and applications. Apache’s modular
architecture allows you to extend and customize its functionality through modules, enabling
a tailored configuration to meet your specific requirements.
Apache provides robust security features, including access control, SSL/TLS support,
and customizable authentication mechanisms. With features such as multi-processing
modules and caching, Apache delivers optimal performance for serving dynamic and static
content. OpenSSL is a robust, open-source implementation of SSL and TLS protocols. Widely
utilized for secure communication over computer networks, OpenSSL provides a toolkit for
the implementation of secure networking protocols.
OpenSSL ensures the encryption of data in transit, safeguarding sensitive
information from unauthorized access. Certificate Management: With support for X.509
certificates OpenSSL facilitates the creation, signing, and management of digital certificates
for secure communication. OpenSSL supports a range of cryptographic protocols, including
SSL, TLS and DTLS, providing a versatile platform for secure data exchange.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 5
SYS Admin Documentation
3. Installation of Openssl
3.1 Install all require package
When we install packages through Forman with the help of yum it gets installed
from centralized Forman server.
# To configure
[root@Testing_L1 openssl-3.1.4]# ./config –prefix=/usr --
openssldir=/usr/local/openssl shared zlib
# To make
[root@Testing_L1 openssl-3.1.4]# make
# To make install
[root@Testing_L1 openssl-3.1.4]# make install
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 6
SYS Admin Documentation
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 7
SYS Admin Documentation
4. Installation of apache
4.1 Get the latest version of apache
# Extracting apr
[root@Testing_L1 local]# tar -xvf apr-1.7.0.tar.gz -C httpd-
2.4.58/srclib/
# Extracting apt-util
[root@Testing_L1 local]# tar -xvf apr-util-1.6.1.tar.gz -C
httpd-2.4.58/srclib/
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 8
SYS Admin Documentation
4.5 Configure the apache with following step
# Configure apache
[root@Testing_L1 httpd-2.4.58]# ./configure –enable-module=so -
-prefix=/usr/local/apache --with-mpm=worker –with-included-apr
–with-ssl=/usr/local/openssl
# make
[root@Testing_L1 httpd-2.4.58]# make
# make install
[root@Testing_L1 httpd-2.4.58]# make install
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 9
SYS Admin Documentation
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 10
SYS Admin Documentation
5.2 Install below dependency packages using yum install command
Go to existing /usr/local/ directory and take backup for existing apache folder and make
sure to stop apache service.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 11
SYS Admin Documentation
https://www.openssl.org/source/
# To configure
[root@Testing_L1 openssl- 3.1.4]# ./config –prefix=/usr --
openssldir=/usr/local/openssl shared zlib
# To make
[root@Testing_L1 openssl- 3.1.4]# make
# To make install
[root@Testing_L1 openssl- 3.1.4]# make install
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 12
SYS Admin Documentation
# To Configure
[root@Testing_L1 nghttp2-1.57.0]# ./config
# To make
[root@Testing_L1 nghttp2-1.57.0]# make
# To make install
[root@Testing_L1 nghttp2-1.57.0]# make install
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 13
SYS Admin Documentation
5.5.3 apr and apr-util Installation
# Extract apr
[root@Testing_L1 local]# tar -xvzf apr-1.7.4.tar.gz
# Configure apr
[root@Testing_L1 apr-1.7.4]# ./configure
# apr make
[root@Testing_L1 apr-1.7.4]# make
# Extract apr-util
[root@Testing_L1 local]# tar -xvzf apr-util-1.6.3.tar.gz
# Configure apr-util
[root@Testing_L1 apr-util-1.6.3]# ./configure
#apr-util make
[root@Testing_L1 apr-util-1.6.3]# make
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 14
SYS Admin Documentation
5.6 httpd installation
# Extracting apr
[root@Testing_L1 local]# tar -xvf apr-1.7.4.tar.gz -C httpd-
2.4.58/srclib/
# Extracting apt-util
[root@Testing_L1 local]# tar -xvf apr-util-1.6.3.tar.gz -C
httpd-2.4.58/srclib/
# Configure apache
[root@Testing_L1 httpd-2.4.58]# ./configure --enable-module=so -
-prefix=/usr/local/apache --with-pcre=/usr/bin/pcre-config --
with-mpm=worker --with-included-apr –with ssl=/usr/local/openssl
--enable-http2 --with-nghttp2=/usr/local/nghttp2
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 15
SYS Admin Documentation
5.6.4 Copy required old files backup.
Next you need to enable HTTP/2. This involved adding the following line to your
apache config.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 16
SYS Admin Documentation
5.7 Mod caucho Installation
5.7.2 Change older backup path and configure with apache2 and run
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 17
SYS Admin Documentation
5.7.3 Start apache service and verify
# To check process
[root@Testing_L1 ~]# ps -ef | grep apache
[ root@Testing_Li ~]# ps -ef |grep apache
root 7307 1 0 03:54 ? 00:00:00
/usr/local/apache/bin/httpd -k start
daemon 7308 7307 0 03:54 ? 00:00:00
/usr/local/apache/bin/httpd -k start
daemon 7309 7307 0 03:54 ? 00:00:00
/usr/local/apache/bin/httpd -k start
daemon 7310 7307 0 03:54 ? 00:00:00
/usr/local/apache/bin/httpd -k start
root 7404 7244 0 03:54 pts/0 00:00:00 grep --color-auto
apache
[root@Testing_Li ~]#
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 18
SYS Admin Documentation
6. Modsecurity Installation
6.1 Modsecurity installation
The package xz-devel by libxml2 as its dependency so install both the packages.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 19
SYS Admin Documentation
6.4 Configure modsecurity package and make install
Download and extract coreruleset tar file from below github repo.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 20
SYS Admin Documentation
# Download coreruleset tar fie
[root@Testing_L1 modsecurity-2.9.7]# wget
https://github.com/coreruleset/coreruleset/archive/coreruleset-
3.3.4.tar.gz
Rename extracted coreruleset-3.3.4 file as name coreruleset and copy its configuration
file.
# Rename coreruleset
[root@Testing_L1 modsecurity-2.9.7]# mv coreruleset-3.3.4
coreruleset
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 21
SYS Admin Documentation
7. Modsecurity Configuration
7.1 Enable modsecurity in httpd.conf
Add below block of line at the bottom of the httpd.conf file to enable modsecurity on the
webserver.
<IfModule security2_module>
Include "/usr/local/apache/conf/modsecurity/modsecurity.conf"
Include "/usr/local/apache/conf/modsecurity/coreruleset/crs-
setup.conf"
Include
"/usr/local/apache/conf/modsecurity/coreruleset/rules/*.conf"
</IfModule>
[root@Testing_L1 modsecurity]
# vi /usr/local/apache/conf/modsecurity/modsecurity.conf
SecRuleEngine On
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 22
SYS Admin Documentation
Comment default rule and add a rule.
SecDebugLog /usr/local/apache/logs/modsec_debug.log
SecDebugLogLevel 3
SecAuditLogStorageDir /usr/local/apache/logs
SecAuditLogType Serial
SecAuditLog /usr/local/apache/logs/modsec_audit.log
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 23
SYS Admin Documentation
7.3 Configure coreruleset parameters
Comment below lines as per requirement we can edit this in crs-setup.conf file
[root@Testing_L1 coreruleset]# vi
/usr/local/apache/conf/modsecurity/coreruleset/crs-setup.conf
SecAction \
"id:900700,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.dos_burst_time_slice=60',\
setvar:'tx.dos_counter_threshold=100',\
setvar:'tx.dos_block_timeout=30'"
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 24
SYS Admin Documentation
Comment below line to avoid unnecessary logs.
vi /usr/local/apache/conf/modsecurity/coreruleset/rules/REQUEST-
920-PROTOCOL-ENFORCEMENT.conf
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 25
SYS Admin Documentation
After adding the above changes we have to stop start apache service to enable
modsecurity.
Now we have to check mod security is enabled or not in error log of apache.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 26
SYS Admin Documentation
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 27
SYS Admin Documentation
User/Group: The name (or #number) of the user/group to run httpd as.
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 28
SYS Admin Documentation
Add Document Root and other parameters as below.
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 29
SYS Admin Documentation
Add below lines for modifying LogFormat in apache.
###Allow running cgi scripts from /cgi-bin directory & also enable
module for same###
<IfModule cgid_module>
</IfModule>
<Directory “/usr/local/apache/cgi-bin”>
AllowOverride None
Options None
Required all granted
</Directory>
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 30
SYS Admin Documentation
<IfModule header_module>
RequestHeader unset Proxy early
</IfModule>
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-userdir.conf
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 31
SYS Admin Documentation
###X-Frame Parameters###
Header append X-FRAME-OPTIONS "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "default-src 'self';"
###PCI Changes###
TraceEnable Off
FileETag None
UserDir Disabled
ServerTokens ProductOnly
ServerSignature Off
UserDir Disabled
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 32
SYS Admin Documentation
<Location /resin-admin>
Order deny,allow
Deny from all
</Location>
<Location ~ "/*.jsp">
Order deny,allow
Deny from all
</Location>
###Compress JS###
<Location />
SetInputFilter DEFLATE
SetOutputFilter DEFLATE
</Location>
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 33
SYS Admin Documentation
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 34
SYS Admin Documentation
First Copy the required certificate and bundle files from local system to servers.
After that take the backup of the existing
<VirtualHost 192.xxx.xx.1:443>
DocumentRoot /usr/local/apache/htdocs
ServerName www.servername.com
SSLEngine on
SSLCertificateFile
"/usr/local/apache/conf/ssl/11Mar2024/558c5b36f41d3b53.crt"
SSLCertificateKeyFile
"/usr/local/apache/conf/ssl/11Mar2024/*.auruspay.com.key
SSLCertificateChainFile
"/usr/local/apache/conf/ssl/11Mar2024/gd_bundle-g2-g1.crt"
</VirtualHost>
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 35
SYS Admin Documentation
Version 2.0 Copyright ©2024 Aurus Inc. All Rights Reserved Page 36