huilapman · April 24, 2018 02:08
diff --git a/openssl_apache_tomcat.txt b/openssl_apache_tomcat.txt
 # ======================
 #  Download Files
 # ======================
 cd ~

 curl -O https://www.openssl.org/source/openssl-1.0.2o.tar.gz
 curl -O http://ftp.cuhk.edu.hk/pub/packages/apache.org/httpd/httpd-2.4.33.tar.gz
 curl -O http://apache.website-solution.net/apr/apr-1.6.3.tar.gz
 curl -O http://apache.website-solution.net/apr/apr-util-1.6.1.tar.gz
 curl -O https://jaist.dl.sourceforge.net/project/pcre/pcre/8.42/pcre-8.42.tar.gz
 curl -O http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.43-src.tar.gz

 # ======================
 #  Unzip Files
 # ======================
 tar -xvzf openssl-1.0.2o.tar.gz
 tar -xvzf httpd-2.4.33.tar.gz
 tar -xvzf apr-1.6.3.tar.gz
 tar -xvzf apr-util-1.6.1.tar.gz
 tar -xvzf pcre-8.42.tar.gz
 tar -xvzf tomcat-connectors-1.2.43-src.tar.gz

 # ======================
 #  Install OpenSSL
 # ======================
 cd ~
 cd openssl-1.0.2o
 ./config --prefix=/usr/local/openssl-1.0.2o
 make
 make test
 make install
 ln -s /usr/local/openssl-1.0.2o	/usr/local/ssl
 ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

 # ======================
 #  Check OpenSSL Version
 # ======================
 openssl version
 openssl ciphers -v

 # ======================
 #  Install PCRE
 # ======================
 cd ~
 cd pcre-8.42
 ./configure --prefix=/usr/local/pcre-8.42
 make && make install
 ln -s /usr/local/pcre-8.42 /usr/local/pcre

 # ======================
 #  Install Apache
 # ======================
 cd ~
 mv ~/apr-1.6.3 ~/httpd-2.4.33/srclib/
 mv ~/apr-util-1.6.1 ~/httpd-2.4.33/srclib/
 ln -s ~/httpd-2.4.33/srclib/apr-1.6.3 ~/httpd-2.4.33/srclib/apr
 ln -s ~/httpd-2.4.33/srclib/apr-util-1.6.1 ~/httpd-2.4.33/srclib/apr-util

 cd httpd-2.4.33
 ./configure --prefix=/usr/local/httpd-2.4.33 --enable-ssl --with-ssl=/usr/local/ssl --enable-so --with-included-apr --with-pcre=/usr/local/pcre
 make && make install
 cd /usr/local/httpd-2.4.33/
 ln -s /usr/local/httpd-2.4.33 /usr/local/httpd

 # ======================
 #  Control Apache
 # ======================
 /usr/local/httpd/bin/apachectl -k start
 /usr/local/httpd/bin/apachectl -k stop
 /usr/local/httpd/bin/apachectl -k restart

 # ======================
 #  Self-signed Cert
 # ======================
 cd ~
 openssl req -nodes -x509 -newkey rsa:4096 -keyout /usr/local/httpd/conf/server.key -out /usr/local/httpd/conf/server.crt -days 365 -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"

 # ======================
 #  Install Mod_jk
 # ======================
 cd ~
 cd tomcat-connectors-1.2.43-src/native
 ./configure --with-apxs=/usr/local/httpd/bin/apxs
 make && make install

 # ======================
 #  httpd.conf
 # ======================
 cd ~
 vi /usr/local/httpd/conf/httpd.conf
 -----------------------
 LoadModule ssl_module modules/mod_ssl.so

 Include conf/extra/jk.conf
 Include conf/extra/httpd-ssl.conf
 -----------------------

 # ======================
 #  jk.conf
 # ======================
 cd ~
 vi /usr/local/httpd/conf/extra/jk.conf
 -----------------------
 LoadModule      jk_module       /usr/local/httpd/modules/mod_jk.so
 JkWorkersFile   /usr/local/httpd/conf/workers.properties
 JkShmFile       /var/log/httpd/mod_jk.shm
 JkLogFile       /var/log/httpd/mod_jk.log
 JkLogLevel      info
 JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
 	
 JkMount /jkstatus/*	jkstatus
 JkMount /app/*		loadbalancer
 -----------------------

 # ======================
 #  workers.properties
 # ======================
 cd ~
 vi /usr/local/httpd/conf/workers.properties
 ----------------------- 
 worker.list=loadbalancer,jkstatus
 worker.loadbalancer.type=lb
 worker.loadbalancer.balance_workers=worker1,worker2
 
 worker.jkstatus.type=status
 
 worker.worker1.type=ajp13
 worker.worker1.host=127.0.0.1
 worker.worker1.port=8009
 
 worker.worker2.type=ajp13
 worker.worker2.host=127.0.0.1
 worker.worker2.port=9009
 -----------------------

 # ======================
 #  httpd_ssl.conf
 # ======================
 cd ~
 vi /usr/local/httpd/conf/extra/jk.conf
 -----------------------
 SSLProtocol -all +TLSv1.2

 SSLCertificateKeyFile "/usr/local/httpd-2.4.33/conf/server.key"
 SSLCertificateFile "/usr/local/httpd-2.4.33/conf/server.crt"

 JkMount /jkstatus/*	jkstatus
 JkMount /app/*		loadbalancer
 -----------------------

 # ======================
 #  Check TLS 1.2 
 # ======================
 openssl s_client -connect 127.0.0.1:443 -tls1_2

 # ======================
 #  Display Cert Content
 # ======================
 openssl x509 -in /usr/local/httpd/conf/server.crt -text

 # ======================
 #  Check Ciphers Support
 # ======================
 nmap --script ssl-enum-ciphers -p 443 100.66.201.107
	# ======================
	# Download Files
	# ======================
	cd ~

	curl -O https://www.openssl.org/source/openssl-1.0.2o.tar.gz
	curl -O http://ftp.cuhk.edu.hk/pub/packages/apache.org/httpd/httpd-2.4.33.tar.gz
	curl -O http://apache.website-solution.net/apr/apr-1.6.3.tar.gz
	curl -O http://apache.website-solution.net/apr/apr-util-1.6.1.tar.gz
	curl -O https://jaist.dl.sourceforge.net/project/pcre/pcre/8.42/pcre-8.42.tar.gz
	curl -O http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.43-src.tar.gz

	# ======================
	# Unzip Files
	# ======================
	tar -xvzf openssl-1.0.2o.tar.gz
	tar -xvzf httpd-2.4.33.tar.gz
	tar -xvzf apr-1.6.3.tar.gz
	tar -xvzf apr-util-1.6.1.tar.gz
	tar -xvzf pcre-8.42.tar.gz
	tar -xvzf tomcat-connectors-1.2.43-src.tar.gz

	# ======================
	# Install OpenSSL
	# ======================
	cd ~
	cd openssl-1.0.2o
	./config --prefix=/usr/local/openssl-1.0.2o
	make
	make test
	make install
	ln -s /usr/local/openssl-1.0.2o /usr/local/ssl
	ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

	# ======================
	# Check OpenSSL Version
	# ======================
	openssl version
	openssl ciphers -v

	# ======================
	# Install PCRE
	# ======================
	cd ~
	cd pcre-8.42
	./configure --prefix=/usr/local/pcre-8.42
	make && make install
	ln -s /usr/local/pcre-8.42 /usr/local/pcre

	# ======================
	# Install Apache
	# ======================
	cd ~
	mv ~/apr-1.6.3 ~/httpd-2.4.33/srclib/
	mv ~/apr-util-1.6.1 ~/httpd-2.4.33/srclib/
	ln -s ~/httpd-2.4.33/srclib/apr-1.6.3 ~/httpd-2.4.33/srclib/apr
	ln -s ~/httpd-2.4.33/srclib/apr-util-1.6.1 ~/httpd-2.4.33/srclib/apr-util

	cd httpd-2.4.33
	./configure --prefix=/usr/local/httpd-2.4.33 --enable-ssl --with-ssl=/usr/local/ssl --enable-so --with-included-apr --with-pcre=/usr/local/pcre
	make && make install
	cd /usr/local/httpd-2.4.33/
	ln -s /usr/local/httpd-2.4.33 /usr/local/httpd

	# ======================
	# Control Apache
	# ======================
	/usr/local/httpd/bin/apachectl -k start
	/usr/local/httpd/bin/apachectl -k stop
	/usr/local/httpd/bin/apachectl -k restart

	# ======================
	# Self-signed Cert
	# ======================
	cd ~
	openssl req -nodes -x509 -newkey rsa:4096 -keyout /usr/local/httpd/conf/server.key -out /usr/local/httpd/conf/server.crt -days 365 -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.example.com"

	# ======================
	# Install Mod_jk
	# ======================
	cd ~
	cd tomcat-connectors-1.2.43-src/native
	./configure --with-apxs=/usr/local/httpd/bin/apxs
	make && make install

	# ======================
	# httpd.conf
	# ======================
	cd ~
	vi /usr/local/httpd/conf/httpd.conf
	-----------------------
	LoadModule ssl_module modules/mod_ssl.so

	Include conf/extra/jk.conf
	Include conf/extra/httpd-ssl.conf
	-----------------------

	# ======================
	# jk.conf
	# ======================
	cd ~
	vi /usr/local/httpd/conf/extra/jk.conf
	-----------------------
	LoadModule jk_module /usr/local/httpd/modules/mod_jk.so
	JkWorkersFile /usr/local/httpd/conf/workers.properties
	JkShmFile /var/log/httpd/mod_jk.shm
	JkLogFile /var/log/httpd/mod_jk.log
	JkLogLevel info
	JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

	JkMount /jkstatus/* jkstatus
	JkMount /app/* loadbalancer
	-----------------------

	# ======================
	# workers.properties
	# ======================
	cd ~
	vi /usr/local/httpd/conf/workers.properties
	-----------------------
	worker.list=loadbalancer,jkstatus
	worker.loadbalancer.type=lb
	worker.loadbalancer.balance_workers=worker1,worker2

	worker.jkstatus.type=status

	worker.worker1.type=ajp13
	worker.worker1.host=127.0.0.1
	worker.worker1.port=8009

	worker.worker2.type=ajp13
	worker.worker2.host=127.0.0.1
	worker.worker2.port=9009
	-----------------------

	# ======================
	# httpd_ssl.conf
	# ======================
	cd ~
	vi /usr/local/httpd/conf/extra/jk.conf
	-----------------------
	SSLProtocol -all +TLSv1.2

	SSLCertificateKeyFile "/usr/local/httpd-2.4.33/conf/server.key"
	SSLCertificateFile "/usr/local/httpd-2.4.33/conf/server.crt"

	JkMount /jkstatus/* jkstatus
	JkMount /app/* loadbalancer
	-----------------------

	# ======================
	# Check TLS 1.2
	# ======================
	openssl s_client -connect 127.0.0.1:443 -tls1_2

	# ======================
	# Display Cert Content
	# ======================
	openssl x509 -in /usr/local/httpd/conf/server.crt -text

	# ======================
	# Check Ciphers Support
	# ======================
	nmap --script ssl-enum-ciphers -p 443 100.66.201.107