Security reinforce for apache server

Disable ServerSignature and Hide apache related infromation.

Change-Id: I9188ddb85988539087c922117bb9f53454b7507c
This commit is contained in:
Jeffrey Zhang 2018-03-14 16:57:30 +08:00
parent 4e870b46f9
commit f8cb527f78
11 changed files with 24 additions and 0 deletions

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ aodh_api_port }} Listen {{ api_interface_address }}:{{ aodh_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ aodh_api_port }}> <VirtualHost *:{{ aodh_api_port }}>

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ cinder_api_port }} Listen {{ api_interface_address }}:{{ cinder_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ cinder_api_port }}> <VirtualHost *:{{ cinder_api_port }}>

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ cloudkitty_api_port }} Listen {{ api_interface_address }}:{{ cloudkitty_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ cloudkitty_api_port }}> <VirtualHost *:{{ cloudkitty_api_port }}>

View File

@ -2,6 +2,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ freezer_api_port }} Listen {{ api_interface_address }}:{{ freezer_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ freezer_api_port }}> <VirtualHost *:{{ freezer_api_port }}>

View File

@ -2,6 +2,8 @@
{% set wsgi_path = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} {% set wsgi_path = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
Listen {{ api_interface_address }}:{{ gnocchi_api_port }} Listen {{ api_interface_address }}:{{ gnocchi_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ gnocchi_api_port }}> <VirtualHost *:{{ gnocchi_api_port }}>

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/share/openstack-dashboard' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/share/openstack-dashboard' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ horizon_port }} Listen {{ api_interface_address }}:{{ horizon_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ horizon_port }}> <VirtualHost *:{{ horizon_port }}>

View File

@ -3,6 +3,8 @@
Listen {{ api_interface_address }}:{{ keystone_public_port }} Listen {{ api_interface_address }}:{{ keystone_public_port }}
Listen {{ api_interface_address }}:{{ keystone_admin_port }} Listen {{ api_interface_address }}:{{ keystone_admin_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ keystone_public_port }}> <VirtualHost *:{{ keystone_public_port }}>

View File

@ -3,6 +3,8 @@
{% set wsgi_directory = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} {% set wsgi_directory = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
Listen {{ api_interface_address }}:{{ placement_api_port }} Listen {{ api_interface_address }}:{{ placement_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ placement_api_port }}> <VirtualHost *:{{ placement_api_port }}>

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ panko_api_port }} Listen {{ api_interface_address }}:{{ panko_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ panko_api_port }}> <VirtualHost *:{{ panko_api_port }}>

View File

@ -1,6 +1,10 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ vitrage_api_port }} Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ vitrage_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off
<VirtualHost *:{{ vitrage_api_port }}> <VirtualHost *:{{ vitrage_api_port }}>
## Vhost docroot ## Vhost docroot

View File

@ -1,6 +1,8 @@
{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
Listen {{ api_interface_address }}:{{ zun_api_port }} Listen {{ api_interface_address }}:{{ zun_api_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off TraceEnable off
<VirtualHost *:{{ zun_api_port }}> <VirtualHost *:{{ zun_api_port }}>