intsrv, pubsrv, site1srv

apt update
apt install -y apache2

intsrv

echo "main web service" > /var/www/html/index.html

pubsrv

echo "public web service" > /var/www/html/index.html
cp /ca/cacert.pem /var/www/html/RootCA.crt
cp /ca/crl/crl.pem /var/www/html/RootCA.crl

dmzsrv

scp 10.0.0.1:/ca/cacert.pem /var/www/html/SubCA.crt
scp 10.0.0.1:/ca/crl/crl.pem /var/www/html/SubCA.crl

site1srv

a2enmod ldap authnz_ldap ssl

echo "site1 web service" > /var/www/html/index.html
mkdir /var/www/ldap
echo "site1 auth web service" > /var/www/ldap/index.html
scp 10.0.0.1:/etc/ssl/chain.crt /etc/ssl/ca.crt
scp 10.0.0.1:/ca/certs/wild* /etc/ssl

cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/ssl.conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/ldap.conf

a2ensite ssl ldap

vi /etc/apache2/sites-available/ssl.conf

#####
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
	DocumentRoot /var/www/html
	ServerName site1.skill39.com
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	SSLEngine on
	SSLUseStapling on
	SSLCertificateFile /etc/ssl/wild.crt
	SSLCertificateKeyFile /etc/ssl/wild.key
	SSLCertificateChainFile /etc/ssl/ca.crt
	<FilesMatch "\\.(?:cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
</VirtualHost>

#####

vi /etc/apache2/sites-available/ldap.conf

#####
<VirtualHost *:80>
	ServerName site1.skill39.local
	DocumentRoot /var/www/ldap
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	<Directory /var/www/ldap>
		AuthType Basic
		AuthName "LDAP Authentication"
		AuthBasicProvider ldap
		AuthLDAPURL "ldaps://ldap.skill39.local:636/ou=site1,dc=skill39,dc=local?sAMAccountName?sub?(objectClass=*)"
		Require valid-user
	</Directory>
</VirtualHost>
#####

systemctl disable nginx
systemctl stop nginx
systemctl restart apache2