Apache 2
Requirements
You should have setup a MySQL database before going through this tutorial.
I also recommend you to: Setup SSL infrastructure and create a server certificate Setup LDAP
Contents
Installation
Apache 2
This will install web server + PHP + Perl + all required libraries.
Apache2 core
apt-get install apache2 apache2-mpm-prefork apache2-utils ssl-certAdditional libraries
apt-get install libapache2-mod-fcgid libruby libapache2-mod-rubyDoc
apt-get install apache2-docPerl
apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc
PHP 5
Core
apt-get install libapache2-mod-php5 php5 php5-commonModule PHP5
apt-get install php5-curl php5-dev php5-gd php-pear php5-imagick php5-imap php5-mcrypt
apt-get install php5-memcache php5-mhash php5-mysql php5-snmp php5-xmlrpc php5-xcache php5-curl php5-xslAdditional libs
apt-get install php5-cli php5-cgi php-pear php-auth php5-mcrypt mcryptImage Magick
apt-get install php5-imagick imagemagick
Firewall
You have to open the following ports:
- Port 80 = HTTP
- Port 443 = HTTPS
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 443 -j ACCEPTRestart the firewall
/etc/init.d/firewall restart
PHP 5
Edit config file:
vim /etc/php5/apache2/php.iniAdd / uncomment the following lines in Dynamic extensions area (~ line 865)
- extension=mysql.so
- extension=gd.so
Apache 2 configuration # Multi-threading
MPM prefork
This manage processes
- Max clients = nb of max simultaneous requests that the server can handle
- Server limit = max nb of process that the server can handle
- Start servers = nb of process to create on server start
- Min / Max spare servers = nb of min / max process listening for incoming request
- Max request per child = nb of requests that each process can execute
vim /etc/apache2/apache2.confLet default values; put a limit to MaxRequestsPerChild at 100 000
MPM worker
This manage threads. Threads are executed within a specific process. All process’ threads share the same context and global variables.
vim /etc/apache2/apache2.confLet default values; put a limit to MaxRequestsPerChild at 10 000
Apache 2 configuration # Virtual host
Preparation
Initialize configuration
cd /etc/apache2/sites-available/
cp default myServerCreate target directory
mkdir -p /var/www/myServerPrepare the log files
mkdir -p /var/log/apache2/myServer
touch /var/log/apache2/myServer/access.log
touch /var/log/apache2/myServer/error.log
chmod -R 660 /var/log/apache2/myServer/*
chown -R www-data:www-data /var/log/apache2/myServer/*
Configuration
Init configuration
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/myServer
Edit configuration
vim /etc/apache2/sites-available/myServer
To begin the virtual host, write the following lines:
→ Adjust the settings to your own configuration
<VirtualHost 192.168.0.100:80> → Choose the best options for your needs
<VirtualHost *:80>
ServerName myServer
ServerAlias www.myServer *.myServer
ServerAdmin webmaster@domain
# Logs settings
LogLevel Warn
CustomLog {APACHE_LOG_DIR}/myServer/access.log combined
ErrorLog {APACHE_LOG_DIR}/myServer/error.log
# Root folder properties
DocumentRoot /var/www/myServer
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/myServer />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
# Scripts CGI
# [ required for PHP 5 ]
ScriptAlias /cgi-bin/ /var/www/cgi-bin
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Activation of a Virtual Host
To activate a Virtual Host, just type
a2ensite myServerThen, restart your web server
/etc/init.d/apache2 restart
Apache 2 configuration # SSL Virtual host
Create SSL certificate
First of all, you need to create a server certificate. Cf. SSL dedicated document → Create a new server certificate >> TODO : link to SSL page
Enable SSL module
Create symlinks for server certificate
ln -s /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
ln -s /srv/ssl/private/ myServer.nopass.key /etc/apache2/webServer.keyActivate the SSL module
a2enmod ssl
Prepare virtual host
Create virtual host folder
mkdir -p /var/www/myServer-ssl
cp /var/www/index.html /var/www/myServer-ssl
chown -R www-data:www-data /var/www/myServer-ssl
Prepare the log files
mkdir -p /var/log/apache2/myServer-ssl
touch /var/log/apache2/myServer-ssl/error.log
touch /var/log/apache2/myServer-ssl/access.log
chmod 660 /var/log/apache2/*
chown root:www-data /var/log/apache2/*
Virtual host declaration
Init configuration
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/myServer-sslEdit configuration
vim /etc/apache2/sites-available/myServer-sslThen, you will need to edit the Virtual Host configuration file:
vim /etc/apache2/sites-availables/virtualHostName!! Adjust the settings to your own configuration
# Secure web server
<VirtualHost _default_:443>
<VirtualHost 192.168.0.100:443> → Choose the best options for your needs
<VirtualHost *:443>
ServerName myServer
ServerAlias www.myServer *.myServer
ServerAdmin webmaster@domain
# Logs settings
LogLevel Warn
CustomLog {APACHE_LOG_DIR}/myServer-ssl/access.log combined
ErrorLog {APACHE_LOG_DIR}/myServer-ssl/error.log
# Root folder properties
DocumentRoot /var/www/myServer-ssl
# Enable SSL
SSLEngine On
SSLCertificateFile /etc/apache2/webServer.pem
SSLCertificateKeyFile /etc/apache2/webServer.key
# Root directory properties
<Directory /var/www/ssl />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
##########################
# ALIAS AND REDIRECTIONS #
##########################
</VirtualHost>Enable site
a2ensite myServer-sslRestart the web server
/etc/init.d/apache2 restartAccept auto-signed certificate
Go to https://myServer/certs/ Cf SSL document to get installation details
