Nethence Newdoc Olddoc Lab Your IP BBDock  


Warning: those guides are mostly obsolete, please have a look at the new documentation.

UnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigs

Setting up Apache 2.4 with SSL
 
http://pbraun.nethence.com/unix/www/apache2.html
http://pbraun.nethence.com/unix/databases/mysql.html
 
Setting up Apache 2.4 on Ubuntu Server 14 LTS
First, define the FQDN in /etc/hosts at first place, before the short name,
cd /etc/
vi hosts
ip fqdn short
 
Fetch your ssl certs,
cd /etc/apache2/
scp -r storage:/path/to/ssl/ .
 
Proceed,
apt install apache2
rm -f /var/www/html/index.html
touch /var/www/html/robots.txt
touch /var/www/html/favicon.ico
cd /etc/
cp -Rp apache2/ apache2.dist/
cd /etc/apache2/sites-enabled/
ln -s ../sites-available/default-ssl.conf
cd ../sites-available/
cp 000-default.conf 000-default.conf.dist
cp default-ssl.conf default-ssl.conf.dist
vi 000-default.conf
<VirtualHost *:80>
ServerAdmin abuse@domain.tld
DocumentRoot /var/www/html
 
Redirect / https://ADDRESS/
 
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
vi default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cert.pem 
SSLCertificateKeyFile /etc/apache2/ssl/cert.priv.nopass.pem 
 
ServerAdmin abuse@domain.tld
DocumentRoot /var/www/html
 
ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
 
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
 
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
apply,
/etc/init.d/apache2 restart
 
Minimal setup with SSL and virtual hosts
Here's a minimal httpd.conf with FreeBSD paths (fix /usr/local paths for other systems),
ServerName bsd.example.net
ServerRoot "/usr/local"
DirectoryIndex index.html index.php
User nobody
Group nobody
TypesConfig etc/apache24/mime.types
Listen *:443
LogFormat "%h %l %u %t \"%r\" >s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
ErrorLog /var/log/apache24/error.log
CustomLog /var/log/apache24/access.log combined
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/etc/apache24/ssl/cert.crt
SSLCertificateKeyFile /usr/local/etc/apache24/ssl/cert.key
Redirect / http://pbraun.example.net/
LogLevel warn
ErrorLog /var/log/apache24/error-ssl.log
CustomLog /var/log/apache24/access-ssl.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/etc/apache24/ssl/cert.crt
SSLCertificateKeyFile /usr/local/etc/apache24/ssl/cert.key
ServerName mail.example.net
DocumentRoot /data/www.apache/mail.example.net
LogLevel warn
ErrorLog /var/log/apache24/mail.error-ssl.log
CustomLog /var/log/apache24/mail.access-ssl.log combined
<Directory /data/www.apache/mail.example.net>
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Include etc/apache24/modules.conf
with modules.conf,
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
LoadModule dir_module libexec/apache24/mod_dir.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule php5_module libexec/apache24/libphp5.so
 
Testing PHP
Check that php is working fine,
  cd /var/www/vhosts/local.example.apache/
cat > hello.php <<EOF9
<?php echo 'Hello world'; ?>
EOF9
cat > info.php << EOF
<?php phpinfo(); ?>
EOF
cat > error.php <<EOF9
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
include("hello.php");
?>
EOF9
Note. if you also need to be informed of the strict php coding standards use 'E_ALL|E_STRICT' (see php.ini comments)
 
Enabling CGI
Enable CGI,
<Directory "/path/to/www.example.com">
  Options +ExecCGI
  AddHandler cgi-script .cgi .pl
</Directory>
 
Redirect
For any redirect :
- for folder destinations, add the trailing slash (otherwise you may have e.g. example.netfilename.html)
e.g.,
<VirtualHost *:80>
ServerName example.net
Redirect / http: //www.example.net/
</VirtualHost>
 
For multiple redirects :
- the trailing slash url should be first
- the root dir should be at last
e.g.,
<VirtualHost *:80>
ServerName www.example.net
Redirect /dir/ http: //alt.example.net/dir/file.html
Redirect /dir http: //alt.example.net/dir/file.html
Redirect / http: //alt.example.net/
</VirtualHost>
 
Directory index
In case directory indexing is disabled (enabled by default...), you might want to force it,
  <Directory "/path/to/">
Options +Indexes
  </Directory>
 
Basic authentication
Inside apache's or virtualhost's configuration,
<Location /exampledir>
  AuthType basic
  AuthName "private area"
  AuthUserFile /etc/httpd/passwd.example
  Require valid-user
</Location>
Note. it's also possible to use ".htaccess" for that. In that case, without the "Location" tag.
 
Create the password file,
cd /etc/httpd
htpasswd -h
htpasswd -c /etc/httpd/passwd.example username
chown apache:apache passwd.example
chmod 400 passwd.example
 
IP/hostname restrictions
Secure some folders,
<Directory "/var/www/html/ldap">
order allow,deny
allow from 10.1.1.10
</Directory>
 
404 and development error tracking
The user should get a custom 404 page,
ServerName...
ErrorDocument 404 http: //pbraun.nethence.com/
Note the trailing slash.
 
On server side, track the 404s down,
grep 404 /var/log/httpd/*errors* | grep -v favicon.ico | grep -v robots.txt
 
Eventually provide those errors to the web designers and programmers :
- fix the log file perms to let the Apache daemon read them,
chgrp apache /var/log/httpd/example_error.log
chmod g+r /var/log/httpd/example_error.log
- make a PHP or CGI script to print those file in a web page
 
Misc
.htaccess tips and tricks : http://corz.org/serv/tricks/htaccess.php
 
To allow dotfiles in directory listings, remove .??* from the IndexIgnore directive.
 

(obsolete, see the new doc)