Difference between revisions of "Apache 2"

Line 135: Line 135:
  
 
You can now test your installation by going to 'http://localhost' or 'http://myServer'. You should see the default page.
 
You can now test your installation by going to 'http://localhost' or 'http://myServer'. You should see the default page.
 
 
 
 
 
 
=HTTP Virtual host=
 
 
 
==Preparation==
 
 
Initialize configuration
 
 
<syntaxhighlight lang="bash">
 
cd /etc/apache2/sites-available/
 
</syntaxhighlight>
 
 
 
Create target directory
 
 
<syntaxhighlight lang="bash">
 
mkdir -p /var/www/myServer
 
</syntaxhighlight>
 
 
 
Prepare the log files
 
 
<syntaxhighlight lang="bash">
 
mkdir -p /var/log/apache2/myServer
 
touch /var/log/apache2/myServer/access.log
 
touch /var/log/apache2/myServer/error.log
 
chmod -R 660 /var/log/apache2/myServer/*
 
chown -R www-data:www-data /var/log/apache2/myServer/*
 
</syntaxhighlight>
 
 
 
Copy default index file
 
 
<syntaxhighlight lang="bash">
 
cp /var/www/html/index.html /var/www/myServer
 
chown -R www-data:www-data /var/log/apache2/myServer/*
 
</syntaxhighlight>
 
 
 
 
==Configuration==
 
 
Init configuration
 
 
<syntaxhighlight lang="bash">
 
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myServer.conf
 
</syntaxhighlight>
 
 
 
'''Edit configuration'''
 
 
<syntaxhighlight lang="bash">
 
vim /etc/apache2/sites-available/myServer
 
</syntaxhighlight>
 
 
 
To begin the virtual host, write the following lines:
 
* Adjust the settings to your own configuration
 
 
<syntaxhighlight lang="bash">
 
<VirtualHost 192.168.0.100:80>   → Choose the best options for your needs
 
<VirtualHost *:80>
 
 
#############################
 
        # Server main properties
 
#############################
 
 
ServerName myServer
 
ServerAlias www.myServer *.myServer
 
ServerAdmin webmaster@domain
 
 
# Logs settings
 
LogLevel Warn
 
CustomLog ${APACHE_LOG_DIR}/myServer/access.log combined
 
ErrorLog ${APACHE_LOG_DIR}/myServer/error.log
 
 
 
#############################
 
        # Root folder properties
 
#############################
 
DocumentRoot /var/www/myServer
 
 
        # SECURITY: forbid access to .htaccess so no outsider can ever change it
 
        <Files ~ "^\.ht">
 
                ## Old Apache2 (before 2.4) syntax
 
                Order allow,deny
 
                deny from all
 
 
                ## Apache 2.4 syntax
 
                Require all denied
 
        </Files>
 
        # Restrict access to server root
 
        <Directory />
 
                Options FollowSymLinks
 
                AllowOverride None
 
                Require all denied
 
        </Directory>
 
 
 
        # Virtual host root directory
 
<Directory /var/www/myServer>
 
Options Indexes FollowSymLinks MultiViews
 
AllowOverride None
 
 
                ## Old Apache2 (before 2.4) syntax
 
Order allow,deny
 
allow from all
 
               
 
                ## Apache 2.4
 
                Require all granted 
 
</Directory>
 
 
 
#############################
 
        # Other configuration
 
        # Alias, proxy redirections, CGI scripts, Directory, etc.
 
#############################
 
 
 
 
</VirtualHost>
 
</syntaxhighlight>
 
 
 
 
==Enable / disable virtual host(s)==
 
 
 
'''Virtual Host desactivation'''
 
 
If you're listening on '''*:80''' then you should probably disable the default virtual host before enabling yours!
 
 
<syntaxhighlight lang="bash">
 
a2dissite 000-default
 
</syntaxhighlight>
 
 
 
 
 
'''Virtual Host activation'''
 
 
To activate a Virtual Host, just type
 
 
<syntaxhighlight lang="bash">
 
a2ensite  myServer
 
</syntaxhighlight>
 
 
Then, restart your web server
 
 
<syntaxhighlight lang="bash">
 
/etc/init.d/apache2 restart
 
</syntaxhighlight>
 
 
 
Check your server! You should see your "index.html" page.
 
 
 
 
=HTTPS (SSL) Virtual host=
 
 
 
==Create SSL certificate==
 
 
First of all, you need to create a server certificate.
 
Cf. SSL dedicated document → Create a new server certificate
 
 
>> see [[SSL server]]
 
 
 
 
==Enable SSL module==
 
 
You have to either copy or create symlinks for server certificate.
 
 
To avoid rights collision I'm using a ''copy'' operation. However I know from past experience that ''symLinks'' work very well if you set the correct rights.
 
 
 
-Note-
 
 
You MUST use the NON-ENCRYPTED private key if you want to start Apache2 automatically on each reboot.
 
 
 
 
'''Copy certificates'''
 
 
<syntaxhighlight lang="bash">
 
cp /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
 
cp /srv/ssl/private/myServer.nopass.key /etc/apache2/webServer.key
 
</syntaxhighlight>
 
 
 
 
Alternative: '''Symlinks to /srv/ssl/'''
 
 
<syntaxhighlight lang="bash">
 
ln -s /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
 
ln -s /srv/ssl/private/myServer.nopass.key /etc/apache2/webServer.key
 
</syntaxhighlight>
 
 
 
 
'''Activate the SSL module'''
 
 
<syntaxhighlight lang="bash">
 
a2enmod ssl
 
</syntaxhighlight>
 
 
 
 
==Prepare virtual host (optional)==
 
 
Create virtual host folder
 
 
<syntaxhighlight lang="bash">
 
mkdir -p /var/www/myServer-ssl
 
cp /var/www/index.html /var/www/myServer-ssl
 
chown -R www-data:www-data /var/www/myServer-ssl
 
</syntaxhighlight>
 
 
 
 
==Prepare the log files (optional)==
 
 
<syntaxhighlight lang="bash">
 
# That should already exists from before
 
mkdir -p /var/log/apache2/myServer
 
 
# Create *-ssl.log
 
touch /var/log/apache2/myServer/error-ssl.log
 
touch /var/log/apache2/myServer/access-ssl.log
 
chmod -R 660 /var/log/apache2/myServer/*
 
chown -R www-data:www-data /var/log/apache2/myServer/*
 
</syntaxhighlight>
 
 
 
 
Create a default "/var/www/myServer-ssl/index.html" to check your virtual host.
 
 
If you'd like you can use this ultra-simple file [http://daxiongmao.eu/wiki_upload_files/apache2/index.html]
 
 
<syntaxhighlight lang="bash">
 
cd /var/www/myServer-ssl/
 
wget http://daxiongmao.eu/wiki_upload_files/apache2/index.html
 
chown www-data:www-data index.html
 
</syntaxhighlight>
 
 
 
 
 
==Virtual host declaration==
 
 
You have 2 possibilities:
 
* Update your current virtual host (recommended)
 
* Create a new one, only for the SSL virtual host
 
 
 
'''Update non-ssl V.Host configuration'''
 
 
<syntaxhighlight lang="bash">
 
vim /etc/apache2/sites-available/myServer
 
</syntaxhighlight>
 
 
 
!! Adjust the settings to your own configuration !!
 
 
<syntaxhighlight lang="bash">
 
# Secure web server
 
<VirtualHost _default_:443>
 
<VirtualHost 192.168.0.100:443>   → Choose the best options for your needs
 
<VirtualHost *:443>
 
 
#############################
 
        # Server main properties
 
#############################
 
 
ServerName myServer
 
ServerAlias www.myServer *.myServer
 
ServerAdmin webmaster@domain
 
 
# Logs settings
 
LogLevel Warn
 
CustomLog ${APACHE_LOG_DIR}/myServer/access-ssl.log combined
 
ErrorLog ${APACHE_LOG_DIR}/myServer/error-ssl.log
 
 
        # Enable SSL
 
        SSLEngine              On
 
        SSLCertificateFile      /etc/apache2/webServer.pem
 
        SSLCertificateKeyFile  /etc/apache2/webServer.key
 
 
#############################
 
        # Root folder properties
 
#############################
 
DocumentRoot /var/www/myServer-ssl
 
 
 
        # SECURITY: forbid access to .htaccess so no outsider can ever change it
 
        <Files ~ "^\.ht">
 
                ## Old Apache2 (before 2.4) syntax
 
                Order allow,deny
 
                deny from all
 
 
                ## Apache 2.4 syntax
 
                Require all denied
 
        </Files>
 
 
        # Restrict access to server root
 
        <Directory />
 
                Options FollowSymLinks
 
                AllowOverride None
 
                Require all denied
 
        </Directory>
 
 
        # Virtual host root directory
 
<Directory /var/www/myServer-ssl>
 
                Require all granted
 
Options Indexes FollowSymLinks MultiViews
 
AllowOverride None
 
 
                ## Old Apache2 (before 2.4) syntax
 
Order allow,deny
 
allow from all
 
               
 
                ## Apache 2.4
 
                Require all granted 
 
</Directory>
 
 
 
#############################
 
        # Other configuration
 
        # Alias, proxy redirections, CGI scripts, Directory, etc.
 
#############################
 
 
Alias /phpsec  /var/somewhere/phpsecinfo
 
<Location /phpsec >
 
                ## Old apache 2 (before 2.4)
 
order deny,allow
 
allow from all
 
Allow from 127.0.0.1 192.168.1.0/24
 
 
                ## Apache 2.4
 
require local
 
require ip 192.168.1
 
                require host dev.daxiongmao.eu
 
        </Location>
 
</VirtualHost>
 
</syntaxhighlight>
 
 
 
Restart the web server
 
 
<syntaxhighlight lang="bash">
 
service apache2 restart
 
</syntaxhighlight>
 
 
 
Now you can test your server ''https://myServer''
 
 
 
If you've use a self-signed certificate you might see some alert. Just discarded it and process anyway!
 
 
=Related topics=
 
 
 
==Distribute and install the certificates==
 
 
Some guides to setup specific application and features:
 
 
* [[Apache 2 - Redirection / proxy|Apache 2- Redirection & rewrite]]
 
 
* [[Apache 2 - proxy]]
 
 
* [[Apache 2 - Security]]
 
 
* [[Apache 2 - Performances]]
 
 
* [[Apache 2 - SSL certificates page]]
 
 
* [[Apache 2 - LDAP access]]
 

Revision as of 17:50, 8 August 2014



Requirements

Before going through this tutorial, I recommend you to setup:



Installation

Apache 2

This will install web server + PHP + Perl + all required libraries.

Apache2 core

apt-get install apache2 apache2-mpm-prefork apache2-utils ssl-cert


Additional libraries

apt-get install libapache2-mod-fcgid libruby


Doc

apt-get install apache2-doc


Perl

apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc


SNMP

Sometimes you might encounter some SNMP errors on latest Debian based distributions.

In that case you have to install a new package and run it.

apt-get install snmp-mibs-downloader
download-mibs


source: http://www.podciborski.co.uk/miscellaneous/snmp-cannot-find-module/


PHP 5

Core

apt-get install libapache2-mod-php5 php5 php5-common


Modules PHP5

apt-get install php5-cli php5-cgi
apt-get install php5-curl php5-xmlrpc php5-xsl php5-dev php-pear 
apt-get install php5-mysql 
apt-get install php5-memcache php5-xcache
apt-get install php5-mhash php-auth php5-mcrypt mcrypt
apt-get install php5-imap 
apt-get install php5-snmp


Image Magick

apt-get install php5-gd php5-imagick imagemagick


Configuration

Edit PHP config file:

vim /etc/php5/apache2/php.ini

Add / uncomment the following lines in Dynamic extensions area (~ line 865)

  • extension=mysql.so
  • extension=gd.so


!! Note this is NOT required on Ubuntu 14.04 because these modules are enabled by default !!


Firewall

see Firewall INPUT filters#Web server

Restart the firewall

/etc/init.d/firewall restart


Test your installation

Restart the Apache2 server

service apache2 restart


You can now test your installation by going to 'http://localhost' or 'http://myServer'. You should see the default page.