APACHE: Configuration

APACHE Module (active)

Enable module by typing a2enmod <module_name>.

alias	Maps URLs to filesystem locations
deflate	Gzip-compression (CSS / JS / usw.)
expires	Browser Cache
filter	Compression
headers	Control and modify HTTP request and response headers
rewrite	Rewriting URLs by Rules
ssl	Protect access to your CRM+ installation via SSL certificate

a2enmod alias deflate expires filter headers rewrite ssl

Note

Ideally, only certificates are used that have been signed by public and trusted certification authorities.

If selfsigned certificates are used, please contact us first.

APACHE Module (deactivate (optional / recommend))

Disable module by typing a2dismod <module_name>.

autoindex	Security: prevents directories from being listed
status	Security: prevents the display of information from the Apache web server in the browser
cgi	Security: prevents the execution of CGI scripts

a2dismod -f autoindex status cgi

APACHE Configuration (available sites)

AllowOverride

allows the overwriting of file and directory rights by the supplied .htaccess

Example site configuration could look like this:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName "<domain>"

        DocumentRoot "/var/www/vhosts/<domain>/crm/"

        SSLCertificateFile /etc/ssl/...
        SSLCertificateKeyFile /etc/ssl/...

        TimeOut 600

        <Directory /var/www/vhosts/<domain>/crm>
            SSLRequireSSL
            Options -Includes -ExecCGI
        </Directory>

        <Directory /var/www/vhosts/<domain>/crm>
            Options +FollowSymLinks
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>
</IfModule>

<VirtualHost *:80>
    ServerName "<domain>"
    Redirect permanent / https://<domain>/
</VirtualHost>

APACHE Configuration (optional)

Create the file /etc/apache2/conf-available/optional.conf with following content, after creating the file enable the module by typing a2enconf optional.

# Security: disables page tracking
TraceEnable Off

# Security: disables the server signature in the footer of an error page
ServerSignature Off

# Security: Restriction of the returned header so that no version number is displayed.
ServerTokens Prod