# AGREGAR INTERFACES VIRTUALES $ sudo /sbin/ifconfig bond0:0 inet 192.168.241.221 netmask 255.255.255.0 $ sudo /sbin/ifconfig bond0:1 inet 192.168.241.

222 netmask 255.255.255.0 $ sudo /sbin/ifconfig bond0:2 inet 192.168.241.223 netmask 255.255.255.0 # INSTALACIN DE APACHE v2.2 $ cd aplicaciones/bea/install/ $ sudo ./configure --prefix=/aplicaciones/apache2 --with-layout=Apache --enablemodules=most --enable-mods-shared=most --enable-module=so --enable-proxy --enabl e-proxy-http --enable-proxy-balancer --enable-ssl --with-ssl=/usr/lib $ sudo make $ sudo make install # CONFIGURACIN DE APACHE v2.2 $ cd /aplicaciones/apache2/conf/ $ sudo vim httpd.conf ServerRoot "/aplicaciones/apache2" Listen 80 Listen 443 LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule authn_file_module modules/mod_authn_file.so authn_dbm_module modules/mod_authn_dbm.so authn_anon_module modules/mod_authn_anon.so authn_dbd_module modules/mod_authn_dbd.so authn_default_module modules/mod_authn_default.so authz_host_module modules/mod_authz_host.so authz_groupfile_module modules/mod_authz_groupfile.so authz_user_module modules/mod_authz_user.so authz_dbm_module modules/mod_authz_dbm.so authz_owner_module modules/mod_authz_owner.so authz_default_module modules/mod_authz_default.so auth_basic_module modules/mod_auth_basic.so auth_digest_module modules/mod_auth_digest.so dbd_module modules/mod_dbd.so dumpio_module modules/mod_dumpio.so reqtimeout_module modules/mod_reqtimeout.so ext_filter_module modules/mod_ext_filter.so include_module modules/mod_include.so filter_module modules/mod_filter.so substitute_module modules/mod_substitute.so deflate_module modules/mod_deflate.so log_config_module modules/mod_log_config.so logio_module modules/mod_logio.so env_module modules/mod_env.so expires_module modules/mod_expires.so headers_module modules/mod_headers.so ident_module modules/mod_ident.so setenvif_module modules/mod_setenvif.so version_module modules/mod_version.so

LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule LoadModule

mime_module modules/mod_mime.so dav_module modules/mod_dav.so status_module modules/mod_status.so autoindex_module modules/mod_autoindex.so asis_module modules/mod_asis.so info_module modules/mod_info.so cgi_module modules/mod_cgi.so dav_fs_module modules/mod_dav_fs.so vhost_alias_module modules/mod_vhost_alias.so negotiation_module modules/mod_negotiation.so dir_module modules/mod_dir.so imagemap_module modules/mod_imagemap.so actions_module modules/mod_actions.so speling_module modules/mod_speling.so userdir_module modules/mod_userdir.so alias_module modules/mod_alias.so rewrite_module modules/mod_rewrite.so

# Modulo de evasion #LoadModule evasive20_module modules/mod_evasive20.so # Proxy para salida de las aplicaciones WebLogic LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so # Plug-in de WebLogic LoadModule weblogic_module modules/mod_wl_22.so # Mdulo SSL para HTTPS LoadModule ssl_module modules/mod_ssl.so <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> User daemon Group daemon </IfModule> </IfModule> ServerAdmin you@example.com DocumentRoot "/aplicaciones/apache2/htdocs" <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> <Directory "/aplicaciones/apache2/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule>

<FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" com bined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" common </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/aplicaciones/apache2/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> <Directory "/aplicaciones/apache2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> DefaultType text/plain <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/log/apache/admin/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/log/apache/admin/ssl_mutex" </IfModule> <IfModule evasive20_module> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1

DOSSiteInterval 1 DOSBlockingPeriod 300 </IfModule> <IfModule mod_status.c> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> </IfModule> # Archivos complemetarios # Server-pool management (MPM specific) #Include conf/extra/httpd-mpm.conf # Multi-language error messages #Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings #Include conf/extra/httpd-languages.conf # User home directories #Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings #Include conf/extra/httpd-default.conf $ cd extra $ sudo vim httpd-vhosts.conf NameVirtualHost 192.168.241.221:80 <VirtualHost 192.168.241.221:80> ServerName swb.empleo.gob.mx ServerAdmin admindba@infotec.com.mx DocumentRoot "/deployments/swb/" ErrorLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/empleo/error_l og.%Y%m%d 86400" CustomLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/empleo/access_ log.%Y%m%d 86400" common Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANC

ER_ROUTE_CHANGED <Proxy balancer://swb> BalancerMember http://192.168.241.203:9020 loadfactor=1 route=1 BalancerMember http://192.168.241.215:9020 loadfactor=1 route=2 ProxySet lbmethod=byrequests </Proxy> ProxyPass /balancer-manager ! ProxyPass /login/SWBAdmin ! ProxyPass /swb/SWBAdmin ! ProxyPass / balancer://swb/ stickysession=ROUTEID ProxyPassReverse / http://192.168.241.203:9020/ ProxyPassReverse / http://192.168.241.215:9020/ RewriteEngine RewriteRule RewriteRule RewriteRule on ^/swbadmin$ / [R] ^/login/SWBAdmin$ / [R] ^/swb/SWBAdmin$ / [R]

<Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> <Location /login/SWBAdmin> Order Deny,Allow Deny from all </Location> <Location /swb/SWBAdmin> Order Deny,Allow Deny from all </Location> </VirtualHost> NameVirtualHost 192.168.241.222:80 <VirtualHost 192.168.241.222:80> ServerName app.empleo.gob.mx ServerAdmin admindba@infotec.com.mx ErrorLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/app/error_log. %Y%m%d 86400" CustomLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/app/access_log .%Y%m%d 86400" common Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANC ER_ROUTE_CHANGED <Proxy balancer://empleoweb> BalancerMember http://192.168.241.203:9030 route=1 loadfactor=1 BalancerMember http://192.168.241.215:9030 route=2 loadfactor=1 ProxySet stickysession=ROUTEID </Proxy> ProxyPass /balancer-manager ! ProxyPass / balancer://empleoweb/ ProxyPassReverse / http://192.168.241.203:9030/

ProxyPassReverse / http://192.168.241.215:9030/ <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 192.168 localhost </Location> </VirtualHost> NameVirtualHost 192.168.241.223:443 <VirtualHost 192.168.241.223:443> ServerName admin.empleo.gob.mx ServerAdmin admindba@infotec.com.mx DocumentRoot "/deployments/swbAdmin/" ErrorLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/admin/error_log.% Y%m%d 86400" TransferLog "|/aplicaciones/apache2/bin/rotatelogs /log/apache/admin/access_l og.%Y%m%d 86400" ProxyPass / http://http://192.168.241.200:9010/ ProxyPassReverse / http://192.168.241.200:9010/ RewriteEngine on RewriteRule ^/$ /swbadmin [R] RewriteRule ^/swb/empleo/home/_lang/es$ / [R] SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNU LL SSLCertificateFile "/aplicaciones/apache2/conf/server.crt" SSLCertificateKeyFile "/aplicaciones/apache2/conf/server.key" <FilesMatch "\.(cgi|shtml|jsp)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/aplicaciones/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/log/apache/admin/request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> # INSTALAR CERTIFICADO Y CLAVE PARA EL SOPORTE SSL EN APACHE $ cd /aplicaciones/apache2/conf/ $ sudo openssl req -new -out server.csr $ sudo openssl rsa -in privkey.pem -out server.key $ sudo openssl x509 -in server.csr -out server.crt -req -signkey server.key -day

s 365 $ sudo rm privkey.pem $ sudo rm server.csr