Difference between revisions of "Apache 2"

 
(69 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[Category:Linux]]
 +
 +
 +
 
=Requirements=
 
=Requirements=
Before going through this tutorial, I recommend you to:
+
 
* Setup a MySQL database
+
Before going through this tutorial, I recommend you to setup:
* Setup SSL infrastructure and create a server certificate
+
* [[MySQL server]]
* Setup LDAP
+
* [[SSL server]]
 +
* [[LDAP server]]
 +
 
  
  
Line 11: Line 17:
  
 
==Apache 2==
 
==Apache 2==
 +
 
This will install web server + PHP + Perl + all required libraries.
 
This will install web server + PHP + Perl + all required libraries.
  
Apache2 core
+
===Apache2 core===
<syntaxhighlight lang="bash">
 
apt-get install apache2 apache2-mpm-prefork apache2-utils ssl-cert
 
</syntaxhighlight>
 
  
Additional libraries
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get install libapache2-mod-fcgid libruby libapache2-mod-ruby
+
apt install apache2 apache2-utils
 +
apt install ssl-cert
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Doc
+
Since Ubuntu 16.04 <code>apache2-mpm-prefork</code> is not required
<syntaxhighlight lang="bash">
 
apt-get install apache2-doc
 
</syntaxhighlight>
 
  
Perl
+
===Doc===
<syntaxhighlight lang="bash">
 
apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc
 
</syntaxhighlight>
 
  
 
==PHP 5==
 
Core
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get install libapache2-mod-php5 php5 php5-common
+
apt install apache2-doc
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Module PHP5
 
<syntaxhighlight lang="bash">
 
apt-get install php5-curl php5-dev php5-gd php-pear php5-imagick php5-imap php5-mcrypt
 
apt-get install php5-memcache php5-mhash php5-mysql php5-snmp php5-xmlrpc php5-xcache php5-curl php5-xsl
 
</syntaxhighlight>
 
  
Additional libs
+
===Perl===
<syntaxhighlight lang="bash">
 
apt-get install php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt
 
</syntaxhighlight>
 
  
Image Magick
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get install php5-imagick imagemagick
+
apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
==Firewall==
+
===SNMP===
You have to open the following ports:
 
* Port 80 = HTTP
 
* Port 443 = HTTPS
 
  
<syntaxhighlight lang="bash">
+
Sometimes you might encounter some SNMP errors on latest Debian based distributions.
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 80 -j ACCEPT
 
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 443 -j ACCEPT
 
</syntaxhighlight>
 
 
 
Restart the firewall
 
<syntaxhighlight lang="bash">
 
/etc/init.d/firewall restart
 
</syntaxhighlight>
 
  
 +
In that case you have to install a new package and run it.
  
 
=PHP 5=
 
 
Edit config file:
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /etc/php5/apache2/php.ini
+
apt-get install snmp-mibs-downloader
 +
download-mibs
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Add / uncomment the following lines in Dynamic extensions area (~ line 865)
 
* extension=mysql.so
 
* extension=gd.so
 
  
 +
source: http://www.podciborski.co.uk/miscellaneous/snmp-cannot-find-module/
  
  
=Apache 2 configuration # Multi-threading=
+
==PHP 8==
 +
2021-11: PHP 8 is not included in Ubuntu 20.04 LTS.
  
 +
Source article: http://www.daxiongmao.eu/wiki/index.php?title=Apache_2&action=edit
  
==MPM prefork==
+
===Add PHP 8.0 repository===
This manage processes
 
* Max clients = nb of max simultaneous requests that the server can handle
 
* Server limit = max nb of process that the server can handle
 
* Start servers = nb of process to create on server start
 
* Min / Max spare servers = nb of min / max process listening for incoming request
 
* Max request per child = nb of requests that each process can execute
 
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /etc/apache2/apache2.conf
+
apt install software-properties-common
 +
add-apt-repository ppa:ondrej/php
 +
apt update
 
</syntaxhighlight>
 
</syntaxhighlight>
Let default values; put a limit to MaxRequestsPerChild at 100 000
 
  
 +
===Install core packages===
  
==MPM worker==
+
To install the latest version of PHP:
This manage threads.
 
Threads are executed within a specific process.
 
All process’ threads share the same context and global variables.
 
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /etc/apache2/apache2.conf
+
# PHP core
 +
apt-get install php
 +
apt-get install php-cli
 +
# Apache2 support
 +
apt install libapache2-mod-php
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Let default values; put a limit to MaxRequestsPerChild at 10 000
 
 
 
 
=Apache 2 configuration # Virtual host=
 
  
 +
===Modules PHP===
  
==Preparation==
 
Initialize configuration
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
cd /etc/apache2/sites-available/
+
apt-get install php-cgi
cp default myServer
+
#apt-get install php-opcache
 +
apt-get install php-gd
 +
apt-get install php-bz2
 +
apt-get install php-curl
 +
apt-get install php-xmlrpc
 +
apt-get install php-json
 +
apt-get install php-mysql
 +
apt-get install php-imap
 +
apt-get install php-mbstring
 +
# Performances
 +
apt install php-fpm libapache2-mod-fcgid
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Create target directory
+
Enable modules
<syntaxhighlight lang="bash">
 
mkdir -p /var/www/myServer
 
</syntaxhighlight>
 
  
Prepare the log files
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
mkdir -p /var/log/apache2/myServer
+
sudo a2enmod proxy_fcgi setenvif
touch /var/log/apache2/myServer/access.log
+
sudo a2enconf php8.0-fpm
touch /var/log/apache2/myServer/error.log
 
chmod -R 660 /var/log/apache2/myServer/*
 
chown -R www-data:www-data /var/log/apache2/myServer/*
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
===Utility===
  
==Configuration==
 
Init configuration
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/myServer
+
apt install php-pear
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
===Configuration===
 +
 +
Edit '''PHP config''' file:
  
'''Edit configuration'''
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /etc/apache2/sites-available/myServer
+
vim /etc/php/8.0/cli/php.ini
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
* Let CGI behaves like before: set <code>cgi.fix_pathinfo=1</code>
 +
* Adjust file upload size <code>upload_max_filesize = 32M</code>
 +
* Adjust post size <code>post_max_size = 32M</code>
 +
* Adjust time zone <code>date.timezone = Europe/Paris</code>
 +
* Save path: <code>session.save_path = "/tmp"</code>
  
To begin the virtual host, write the following lines:
+
===Check PHP version and configuration===
→ Adjust the settings to your own configuration
 
<syntaxhighlight lang="bash">
 
<VirtualHost 192.168.0.100:80>   → Choose the best options for your needs
 
<VirtualHost *:80>
 
 
 
ServerName myServer
 
ServerAlias www.myServer *.myServer
 
ServerAdmin webmaster@domain
 
 
# Logs settings
 
LogLevel Warn
 
CustomLog {APACHE_LOG_DIR}/myServer/access.log combined
 
ErrorLog {APACHE_LOG_DIR}/myServer/error.log
 
  
# Root folder properties
+
To ensure PHP 8.0 is well-installed just type:
DocumentRoot /var/www/myServer
 
<Directory />
 
Options FollowSymLinks
 
AllowOverride None
 
</Directory>
 
        <Directory /var/www/myServer />
 
Options Indexes FollowSymLinks MultiViews
 
AllowOverride None
 
Order allow,deny
 
allow from all
 
</Directory>
 
  
# Scripts CGI
+
<syntaxhighlight lang="bash">
# [ required for PHP 5 ]
+
php -v
ScriptAlias /cgi-bin/ /var/www/cgi-bin
 
<Directory "/var/www/cgi-bin">
 
AllowOverride None
 
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 
Order allow,deny
 
Allow from all
 
</Directory>
 
 
 
</VirtualHost>
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
'''Activation of a Virtual Host'''
+
===Image Magick===
 
 
To activate a Virtual Host, just type
 
<syntaxhighlight lang="bash">
 
a2ensite  myServer
 
</syntaxhighlight>
 
  
Then, restart your web server
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
/etc/init.d/apache2 restart
+
apt install php-gd php-imagick imagemagick
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
===Configuration===
  
 +
Edit PHP config file:
  
=Apache 2 configuration # SSL Virtual host=
 
 
 
==Create SSL certificate==
 
First of all, you need to create a server certificate.
 
Cf. SSL dedicated document → Create a new server certificate
 
>> TODO : link to SSL page
 
 
 
==Enable SSL module==
 
Create symlinks for server certificate
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
ln -s /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
+
vim /etc/php/8.0/apache2/php.ini
ln -s /srv/ssl/private/ myServer.nopass.key /etc/apache2/webServer.key
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Activate the SSL module
+
Add / uncomment the following lines in Dynamic extensions area
<syntaxhighlight lang="bash">
+
<syntaxhighlight lang="php">
a2enmod ssl
+
// PHP 8  (~ line 904)
 +
extension=bz2
 +
extension=curl
 +
extension=gd
 +
extension=imap
 +
extension=mysqli
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
==Prepare virtual host==
+
!! Note this is NOT required on Ubuntu 20.04 because these modules are enabled by default !!
Create virtual host folder
 
<syntaxhighlight lang="bash">
 
mkdir -p /var/www/myServer-ssl
 
cp /var/www/index.html /var/www/myServer-ssl
 
chown -R www-data:www-data /var/www/myServer-ssl
 
</syntaxhighlight>
 
  
 +
==Firewall==
  
==Prepare the log files==
+
see [[Firewall INPUT filters#Web server]]
<syntaxhighlight lang="bash">
 
mkdir -p /var/log/apache2/myServer-ssl
 
touch /var/log/apache2/myServer-ssl/error.log
 
touch /var/log/apache2/myServer-ssl/access.log
 
chmod 660 /var/log/apache2/*
 
chown root:www-data /var/log/apache2/*
 
</syntaxhighlight>
 
  
 +
Restart the firewall
  
==Virtual host declaration==
 
Init configuration
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/myServer-ssl
+
/etc/init.d/firewall restart
</syntaxhighlight>
 
 
 
Edit configuration
 
<syntaxhighlight lang="bash">
 
vim /etc/apache2/sites-available/myServer-ssl
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Then, you will need to edit the Virtual Host configuration file:
 
<syntaxhighlight lang="bash">
 
vim /etc/apache2/sites-availables/virtualHostName
 
</syntaxhighlight>
 
  
!! Adjust the settings to your own configuration
 
<syntaxhighlight lang="bash">
 
# Secure web server
 
<VirtualHost _default_:443>
 
<VirtualHost 192.168.0.100:443>   → Choose the best options for your needs
 
<VirtualHost *:443>
 
  
ServerName myServer
+
==Test your installation==
ServerAlias www.myServer *.myServer
 
ServerAdmin webmaster@domain
 
 
# Logs settings
 
LogLevel Warn
 
CustomLog {APACHE_LOG_DIR}/myServer-ssl/access.log combined
 
ErrorLog {APACHE_LOG_DIR}/myServer-ssl/error.log
 
  
# Root folder properties
 
DocumentRoot /var/www/myServer-ssl
 
  
        # Enable SSL
+
Restart the Apache2 server
        SSLEngine              On
 
        SSLCertificateFile      /etc/apache2/webServer.pem
 
        SSLCertificateKeyFile  /etc/apache2/webServer.key
 
  
        # Root directory properties
 
        <Directory /var/www/ssl />
 
            Options Indexes FollowSymLinks MultiViews
 
            AllowOverride None
 
            Order allow,deny
 
            allow from all
 
        </Directory>
 
 
        ##########################
 
        # ALIAS AND REDIRECTIONS #
 
        ##########################
 
 
</VirtualHost>
 
</syntaxhighlight>
 
 
Enable site
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
a2ensite myServer-ssl
+
service apache2 restart
</syntaxhighlight>
 
 
 
Restart the web server
 
<syntaxhighlight lang="bash">
 
/etc/init.d/apache2 restart
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
==Accept auto-signed certificate==
 
Go to https://myServer/certs/
 
Cf SSL document to get installation details
 
  
 
+
Create a simple PHP script
 
 
=Apache 2 configuration # Redirect HTTP to HTTPS=
 
The safer way to redirect HTTP to HTTPS is use to adjust the virtual host configuration.
 
 
 
Edit configuration
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
vim /etc/apache2/sites-available/myServer
+
vim /var/www/html/phpinfo.php
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Make it looks like:
+
Put the following:
<syntaxhighlight lang="bash">
+
<syntaxhighlight lang="php">
<VirtualHost *:80>
+
<?php
ServerAdmin guillaume@qin-diaz.com
+
phpinfo();
 
+
?>
ServerName dev.daxiongmao.eu
 
ServerAlias *.dev.daxiongmao.eu dev.qin-diaz.com www.dev.qin-diaz.com
 
 
 
### LOG ###
 
ErrorLog ${APACHE_LOG_DIR}/daxiongmao/error.log
 
LogLevel warn
 
CustomLog ${APACHE_LOG_DIR}/daxiongmao/access.log combined
 
 
## Redirect all traffic to HTTPS website
 
redirect permanent / https://myServer/
 
 
## No need of a document root anymore as everything is redirect
 
 
</VirtualHost>
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
You can remove:
+
Adjust rights
* Document root
 
* CGI url
 
* All the alias
 
 
 
Restart your server
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
service apache2 restart
+
chown www-data:www-data /var/www/html/phpinfo.php
 +
chmod 755 /var/www/html/phpinfo.php
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
 
+
You can now test your installation by going to 'http://localhost/phpinfo.php' or 'http://myServer/phpinfo.php'. You should see the default page.
=Apache 2 # redirections using mod_proxy=
 
Thanks to Julien Rialland for his insight regarding this part!
 
 
 
 
 
==Principle==
 
The proxy module allow you to redirect remote user to a specific server that can be host on a different machine or port through a clear URL.
 
 
 
 
 
===Current limits===
 
Some application are not available from outside…
 
 
 
For security reasons [default URL is not allowed]
 

Latest revision as of 16:38, 3 November 2021



Requirements

Before going through this tutorial, I recommend you to setup:



Installation

Apache 2

This will install web server + PHP + Perl + all required libraries.

Apache2 core

apt install apache2 apache2-utils 
apt install ssl-cert

Since Ubuntu 16.04 apache2-mpm-prefork is not required

Doc

apt install apache2-doc


Perl

apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc


SNMP

Sometimes you might encounter some SNMP errors on latest Debian based distributions.

In that case you have to install a new package and run it.

apt-get install snmp-mibs-downloader
download-mibs


source: http://www.podciborski.co.uk/miscellaneous/snmp-cannot-find-module/


PHP 8

2021-11: PHP 8 is not included in Ubuntu 20.04 LTS.

Source article: http://www.daxiongmao.eu/wiki/index.php?title=Apache_2&action=edit

Add PHP 8.0 repository

apt install software-properties-common
add-apt-repository ppa:ondrej/php
apt update

Install core packages

To install the latest version of PHP:

# PHP core
apt-get install php
apt-get install php-cli
# Apache2 support
apt install libapache2-mod-php


Modules PHP

apt-get install php-cgi 
#apt-get install php-opcache
apt-get install php-gd 
apt-get install php-bz2 
apt-get install php-curl 
apt-get install php-xmlrpc
apt-get install php-json 
apt-get install php-mysql 
apt-get install php-imap 
apt-get install php-mbstring
# Performances
apt install php-fpm libapache2-mod-fcgid

Enable modules

sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php8.0-fpm

Utility

apt install php-pear

Configuration

Edit PHP config file:

vim /etc/php/8.0/cli/php.ini
  • Let CGI behaves like before: set cgi.fix_pathinfo=1
  • Adjust file upload size upload_max_filesize = 32M
  • Adjust post size post_max_size = 32M
  • Adjust time zone date.timezone = Europe/Paris
  • Save path: session.save_path = "/tmp"

Check PHP version and configuration

To ensure PHP 8.0 is well-installed just type:

php -v


Image Magick

apt install php-gd php-imagick imagemagick

Configuration

Edit PHP config file:

vim /etc/php/8.0/apache2/php.ini

Add / uncomment the following lines in Dynamic extensions area

// PHP 8  (~ line 904)
extension=bz2
extension=curl
extension=gd
extension=imap
extension=mysqli


!! Note this is NOT required on Ubuntu 20.04 because these modules are enabled by default !!

Firewall

see Firewall INPUT filters#Web server

Restart the firewall

/etc/init.d/firewall restart


Test your installation

Restart the Apache2 server

service apache2 restart


Create a simple PHP script

vim /var/www/html/phpinfo.php

Put the following:

<?php
phpinfo();
?>

Adjust rights

chown www-data:www-data /var/www/html/phpinfo.php
chmod 755 /var/www/html/phpinfo.php


You can now test your installation by going to 'http://localhost/phpinfo.php' or 'http://myServer/phpinfo.php'. You should see the default page.