Difference between revisions of "Apache 2"

(Created page with "Requirements You should have setup a MySQL database before going through this tutorial. I also recommend you to: Setup SSL infrastructure and create a server certificate Se...")
 
Line 1: Line 1:
Requirements
+
=Requirements=
 
+
Before going through this tutorial, I recommend you to:
You should have setup a MySQL database before going through this tutorial.
+
* Setup a MySQL database
 
+
* Setup SSL infrastructure and create a server certificate
I also recommend you to:
+
* Setup LDAP
Setup SSL infrastructure and create a server certificate
 
Setup LDAP
 
  
  
Line 322: Line 320:
 
Go to https://myServer/certs/  
 
Go to https://myServer/certs/  
 
Cf SSL document to get installation details
 
Cf SSL document to get installation details
 +
 +
 +
 +
=Apache 2 configuration # Redirect HTTP to HTTPS=
 +
The safer way to redirect HTTP to HTTPS is use to adjust the virtual host configuration.
 +
 +
Edit configuration
 +
<syntaxhighlight lang="bash">
 +
vim /etc/apache2/sites-available/myServer
 +
</syntaxhighlight>
 +
 +
Make it looks like:
 +
<syntaxhighlight lang="bash">
 +
<VirtualHost *:80>
 +
ServerAdmin guillaume@qin-diaz.com
 +
 +
ServerName dev.daxiongmao.eu
 +
ServerAlias *.dev.daxiongmao.eu dev.qin-diaz.com www.dev.qin-diaz.com
 +
 +
### LOG ###
 +
ErrorLog ${APACHE_LOG_DIR}/daxiongmao/error.log
 +
LogLevel warn
 +
CustomLog ${APACHE_LOG_DIR}/daxiongmao/access.log combined
 +
 +
## Redirect all traffic to HTTPS website
 +
redirect permanent / https://myServer/
 +
 +
## No need of a document root anymore as everything is redirect
 +
 +
</VirtualHost>
 +
</syntaxhighlight>
 +
 +
You can remove:
 +
* Document root
 +
* CGI url
 +
* All the alias
 +
 +
Restart your server
 +
<syntaxhighlight lang="bash">
 +
service apache2 restart
 +
</syntaxhighlight>
 +
 +
 +
 +
=Apache 2 # redirections using mod_proxy=
 +
Thanks to Julien Rialland for his insight regarding this part!
 +
 +
 +
==Principle==
 +
The proxy module allow you to redirect remote user to a specific server that can be host on a different machine or port through a clear URL.
 +
 +
 +
===Current limits===
 +
Some application are not available from outside…
 +
 +
For security reasons [default URL is not allowed]

Revision as of 18:05, 26 January 2014

Requirements

Before going through this tutorial, I recommend you to:

  • Setup a MySQL database
  • Setup SSL infrastructure and create a server certificate
  • Setup LDAP


Installation

Apache 2

This will install web server + PHP + Perl + all required libraries.

Apache2 core

apt-get install apache2 apache2-mpm-prefork apache2-utils ssl-cert

Additional libraries

apt-get install libapache2-mod-fcgid libruby libapache2-mod-ruby

Doc

apt-get install apache2-doc

Perl

apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc


PHP 5

Core

apt-get install libapache2-mod-php5 php5 php5-common

Module PHP5

apt-get install php5-curl php5-dev php5-gd php-pear php5-imagick php5-imap php5-mcrypt 
apt-get install php5-memcache php5-mhash php5-mysql php5-snmp php5-xmlrpc php5-xcache php5-curl php5-xsl

Additional libs

apt-get install php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt

Image Magick

apt-get install php5-imagick imagemagick


Firewall

You have to open the following ports:

  • Port 80 = HTTP
  • Port 443 = HTTPS
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 443 -j ACCEPT

Restart the firewall

/etc/init.d/firewall restart


PHP 5

Edit config file:

vim /etc/php5/apache2/php.ini

Add / uncomment the following lines in Dynamic extensions area (~ line 865)

  • extension=mysql.so
  • extension=gd.so


Apache 2 configuration # Multi-threading

MPM prefork

This manage processes

  • Max clients = nb of max simultaneous requests that the server can handle
  • Server limit = max nb of process that the server can handle
  • Start servers = nb of process to create on server start
  • Min / Max spare servers = nb of min / max process listening for incoming request
  • Max request per child = nb of requests that each process can execute
vim /etc/apache2/apache2.conf

Let default values; put a limit to MaxRequestsPerChild at 100 000


MPM worker

This manage threads. Threads are executed within a specific process. All process’ threads share the same context and global variables.

vim /etc/apache2/apache2.conf

Let default values; put a limit to MaxRequestsPerChild at 10 000


Apache 2 configuration # Virtual host

Preparation

Initialize configuration

cd /etc/apache2/sites-available/
cp default myServer

Create target directory

mkdir -p /var/www/myServer

Prepare the log files

mkdir -p /var/log/apache2/myServer
touch /var/log/apache2/myServer/access.log
touch /var/log/apache2/myServer/error.log
chmod -R 660 /var/log/apache2/myServer/*
chown -R www-data:www-data /var/log/apache2/myServer/*


Configuration

Init configuration

cp /etc/apache2/sites-available/default /etc/apache2/sites-available/myServer


Edit configuration

vim /etc/apache2/sites-available/myServer


To begin the virtual host, write the following lines: → Adjust the settings to your own configuration

<VirtualHost 192.168.0.100:80>		  → Choose the best options for your needs
<VirtualHost *:80>

	ServerName		myServer
	ServerAlias		www.myServer *.myServer
	ServerAdmin		webmaster@domain
	
	# Logs settings
	LogLevel		Warn
	CustomLog		{APACHE_LOG_DIR}/myServer/access.log combined
	ErrorLog		{APACHE_LOG_DIR}/myServer/error.log

	# Root folder properties
	DocumentRoot	/var/www/myServer
	<Directory />
		Options FollowSymLinks 
		AllowOverride None
	</Directory>
        <Directory /var/www/myServer />
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	# Scripts CGI
	# [ required for PHP 5 ]
	ScriptAlias /cgi-bin/ /var/www/cgi-bin
	<Directory "/var/www/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

</VirtualHost>


Activation of a Virtual Host

To activate a Virtual Host, just type

a2ensite  myServer

Then, restart your web server

/etc/init.d/apache2 restart


Apache 2 configuration # SSL Virtual host

Create SSL certificate

First of all, you need to create a server certificate. Cf. SSL dedicated document → Create a new server certificate >> TODO : link to SSL page


Enable SSL module

Create symlinks for server certificate

ln -s /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
ln -s /srv/ssl/private/ myServer.nopass.key /etc/apache2/webServer.key

Activate the SSL module

a2enmod ssl


Prepare virtual host

Create virtual host folder

mkdir -p /var/www/myServer-ssl
cp /var/www/index.html /var/www/myServer-ssl
chown -R www-data:www-data /var/www/myServer-ssl


Prepare the log files

mkdir -p /var/log/apache2/myServer-ssl
touch /var/log/apache2/myServer-ssl/error.log
touch /var/log/apache2/myServer-ssl/access.log
chmod 660 /var/log/apache2/*
chown root:www-data /var/log/apache2/*


Virtual host declaration

Init configuration

cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/myServer-ssl

Edit configuration

vim /etc/apache2/sites-available/myServer-ssl

Then, you will need to edit the Virtual Host configuration file:

vim /etc/apache2/sites-availables/virtualHostName

!! Adjust the settings to your own configuration

# Secure web server
<VirtualHost _default_:443>
<VirtualHost 192.168.0.100:443>		   → Choose the best options for your needs
<VirtualHost *:443>

	ServerName		myServer
	ServerAlias		www.myServer *.myServer
	ServerAdmin		webmaster@domain
	
	# Logs settings
	LogLevel		Warn
	CustomLog		{APACHE_LOG_DIR}/myServer-ssl/access.log combined
	ErrorLog		{APACHE_LOG_DIR}/myServer-ssl/error.log

	# Root folder properties
	DocumentRoot	/var/www/myServer-ssl

        # Enable SSL
        SSLEngine               	On
        SSLCertificateFile      	/etc/apache2/webServer.pem
        SSLCertificateKeyFile   	/etc/apache2/webServer.key

        # Root directory properties
        <Directory /var/www/ssl />
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
        </Directory>

        ##########################
        # ALIAS AND REDIRECTIONS #
        ##########################

</VirtualHost>

Enable site

a2ensite myServer-ssl

Restart the web server

/etc/init.d/apache2 restart

Accept auto-signed certificate

Go to https://myServer/certs/ Cf SSL document to get installation details


Apache 2 configuration # Redirect HTTP to HTTPS

The safer way to redirect HTTP to HTTPS is use to adjust the virtual host configuration.

Edit configuration

vim /etc/apache2/sites-available/myServer

Make it looks like:

<VirtualHost *:80>
	ServerAdmin guillaume@qin-diaz.com

	ServerName dev.daxiongmao.eu
	ServerAlias *.dev.daxiongmao.eu dev.qin-diaz.com www.dev.qin-diaz.com

	### LOG ###
	ErrorLog ${APACHE_LOG_DIR}/daxiongmao/error.log
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/daxiongmao/access.log combined
	
	## Redirect all traffic to HTTPS website
	redirect permanent / https://myServer/
	
	## No need of a document root anymore as everything is redirect
	
</VirtualHost>

You can remove:

  • Document root
  • CGI url
  • All the alias

Restart your server

service apache2 restart


Apache 2 # redirections using mod_proxy

Thanks to Julien Rialland for his insight regarding this part!


Principle

The proxy module allow you to redirect remote user to a specific server that can be host on a different machine or port through a clear URL.


Current limits

Some application are not available from outside…

For security reasons [default URL is not allowed]