======Apache 2.2.x======
=====Installation=====
apt-get install apache2 apache2-doc libapache2-mod-perl2 libapache2-mod-php5 \
php5 php5-ldap php-pear
If you need PHP to be able to connect to a MySQL-database, you also need php5-mysql.
apt-get install php5-mysql
The documentation on how to install the MySQL-server itself is available at [[hannibal:mysqlserver|the Hannibal database server section]].
=====Configuration=====
If you want to enable (a2enmod) or disable (a2dismod) extra modules in your webserver, run eg.
a2enmod php5
a2dismod rewrite
If you want to enable SSL/TLS, then run:
a2enmod ssl
Add port 443 to /etc/apache2/ports.conf
Listen 80
Listen 443
The [[hannibal:ca|certificate authority section]] in the Hannibal documentation describes howto create certificates. Create them now and make sure that their names and paths correspond to the names in your Apache2 configuration files.
If you installed php5-mysql edit /etc/php5/apache2/php.ini to make sure the mysql-extension is enabled:
...
extension=mysql.so
...
Create a configuration file for your new site, eg. /etc/apache2/sites-available/yoursite
# HTTPS stuff
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutexSSLMutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# cgi-bin configuration for mailgraph
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
# https virtual host declaration
DocumentRoot /usr/share/squirrelmail
ServerName mail.example.com
ServerAdmin postmaster@example.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/hannibalcert.pem
SSLCertificateKeyFile /etc/apache2/ssl/hannibalkey.pem
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Enable your new site and remove the default site by runnig:
a2ensite yoursite
a2dissite 000-default
Test if your configuration is valid:
apache2ctl configtest
Restart the webserver
/etc/init.d/apache2 restart
====Name based virtual hosts====
Another option is to use the apache-server for more than one website by using CNAMEs. Therefore leave the file /etc/apache2/sites-available/default in place. For all extra websites, create a CNAME and per website a file like:
/etc/apache2/sites-available/yoursite001
ServerAdmin webmaster@localhost
ServerName yoursite001.example.com
ServerAlias yoursite001
DocumentRoot /var/www/yoursite001
ServerAdmin webmaster@localhost
ServerName yoursite002.example.com
ServerAlias yoursite002
DocumentRoot /var/www/yoursite002
...
Enable them (ie. create the symlink) with:
a2ensite yoursite001
a2ensite yoursite002
...
======Apache 1.3.x======
=====Installation=====
apt-get install apache apache-common apache-doc libapache-mod-ssl libapache-mod-ssl-doc \
libapache-mod-perl libapache-auth-ldap php4 php4-ldap php4-pear
If you need PHP to be able to connect to a MySQL-database, you might also want:
apt-get install php4-mysql
=====Configuration=====
Check /etc/apache/modules.conf for these lines
....
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
LoadModule auth_ldap_module /usr/lib/apache/1.3/auth_ldap.so
....
Example of a secured directory; authorization required with a LDAP backend
....
Options Indexes FollowSymlinks Multiviews
AuthType Basic
AuthName "Access to SecureDir"
AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
AuthLDAPStartTLS on
AllowOverride AuthConfig
require valid-user
....
Example of a secured virtual host, accessable via HTTPS.
The HTTPS configuration is included.
....
Listen 192.168.1.20:80
Listen 192.168.1.20:443
....
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
....
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutexSSLMutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apachessl.log
SSLLogLevel info
....
DocumentRoot /var/www/
ServerName web.intra.example.com
ServerAdmin postmaster@intra.example.com
Options Indexes FollowSymlinks Multiviews
AuthType Basic
AuthName "Hannibal Service Centre"
AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
AuthLDAPStartTLS on
AllowOverride AuthConfig
require valid-user
ErrorLog /var/log/mailerror.log
CustomLog /var/log/mailaccess.log common
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/webservercert.pem
SSLCertificateKeyFile /etc/apache/ssl.key/webserverkey.pem
SSLCACertificateFile /etc/apache/ssl.crt/cacert.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
....
The [[hannibal:ca|certificate authority section]] in the Hannibal documentation describes howto create certificates. Create them now and copy the certificates to /etc/apache/ssl.crt. The private key goes to /etc/apache/ssl.key. Make sure that their names correspond to the names in httpd.conf.
If you installed php4-mysql edit /etc/php/apache/php.ini and make sure the mysql-extension is enabled:
...
extension=mysql.so
...
Test if your httpd.conf is valid:
apachectl configtest
Restart the webserver
/etc/init.d/apache restart