Important: Before installing the Micetro Web Application on Linux, make sure you
have an operational Apache Web Server running. The Web Application will configure its
own virtual host.
The Micetro Web Application installer configures the web server with HTTP support only to provide a functional foundation. It is the responsibility of the system administrator to configure HTTPS/TLS and ensure that the server follows the most current security best practices.
To install the Micetro Web Application on Linux:
- Extract and install the Micetro Web Application installation package with root
privileges:
tar -xzvf micetro-web-application-25.2.0.linux.x64.tgz - Run the following
argument:
cd micetro-web-application-10.3.5.linux.x64 && ./install --web-virtual-host-domain web-application.domain.tldwhere
web-application.domain.tldis the domain where the Web Application will be accessed.Note: Make sure that you're installing the latest version. The example above installs version 25.2.0.The--web-virtual-host-domainargument will install both the Micetro Web Application and proxypass configuration for the web service.includestatements for each will be added to the Apache main configuration file.- conf/mmweb.conf — A virtual host configuration for Micetro Web Application
- conf/mmws.conf — ProxyPass configuration for Micetro web service
On Debian/Ubuntu operating systems, it's common practice to define the site configuration in /etc/apache2/sites-available, and then use the helper toola2ensite/a2dissiteto enable or disable the site. If you want to keep that convention for your config, move the mmweb.conf file fromconf/tosites-available/and then enable the site. To do so:- Remove the include of mmweb.conf from apache2.conf.
- Enable the
site:
cd /etc/apache2 mv conf/mmweb.conf sites-available/ a2ensite mmweb
- Restart the Apache web
server:
sudo systemctl restart apache2 # Debian/Ubuntu sudo systemctl restart httpd # RHEL/CentOS/FedoraNote: The default Apache installation may already have a<VirtualHost>directive, which may conflict with the mmweb.conf file. On Debian/Ubuntu operating systems, disable the default site by usinga2dissiteor, for RHEL/CentOS/Fedora, comment out the existingVirtualHostblock to avoid conflicts. - For RHEL/CentOS/Fedora with SELinux enabled, make sure Apache is permitted to
connect to the Web Application
service:
setsebool httpd_can_network_connect 1 -P
Web server best practices
To maintain a secure and reliable environment, it's strongly recommended to adhere
to established best practices, including:
- HTTPS/TLS only: Enforce HTTPS by redirecting all HTTP traffic. Disable obsolete protocols, e.g., SSLv2, SSLv3, TLS < v1.2, and weak cipher suites.
- Principle of least privilege: Run services under dedicated, non-administrative accounts. Disable or remove unused modules and features.
- Stay current: Apply the latest stable security patches to the operating system, web server, and all supporting components.
- Server hardening: Minimize information disclosure, enforce strict file and directory permissions, and configure appropriate security headers, e.g., CSP, HSTS, X-Content-Type-Options.
- Logging and monitoring: Enable detailed access and error logs, and integrate with centralized monitoring or SIEM solutions.
- Access control: Where possible, restrict access using allow-listing or deny-listing to minimize the exposed service surface. Additionally, make use of built-in security modules, e.g., IIS Dynamic IP Restrictions or Apache mod_evasive or mod_security, to throttle or temporarily block abusive clients or subnets. This helps protect against brute force attempts and reduces the impact of denial-of-service style traffic.
Note: These best practices are provided for informational purposes only. They are not
exhaustive and do not replace a formal security assessment, compliance review, or
organization-specific security policies. Each environment is unique and additional
hardening measures may be required.
Always consult official vendor documentation and applicable regulatory standards for information on security measures. For more information about web server security, refer the following:
- Apache HTTP Server Security Tips for setting up a web server
- Mozilla SSL Configuration Generator, which generates secure configurations for different web servers. Highly recommended for securing Apache
- OWASP Secure Headers Project, which provides technical information about HTTP security headers
- SSL Server Test, which provides a free SSL test for your public web servers
- Mozilla HTTP Security Headers Test, which assesses a site's HTTP headers and other security configurations
For recommendations on securing your Micetro Web Application, refer to Securing the Web Application.