apt-get install apache2 apache2-doc libapache2-mod-perl2 libapache2-mod-php5 \
php5 php5-ldap php-pear
If you need PHP to be able to connect to a MySQL-database, you also need php5-mysql.
apt-get install php5-mysql
The documentation on how to install the MySQL-server itself is available at the Hannibal database server section.
If you want to enable (a2enmod) or disable (a2dismod) extra modules in your webserver, run eg.
a2enmod php5 a2dismod rewrite
If you want to enable SSL/TLS, then run:
a2enmod ssl
Add port 443 to /etc/apache2/ports.conf
Listen 80 Listen 443
The certificate authority section in the Hannibal documentation describes howto create certificates. Create them now and make sure that their names and paths correspond to the names in your Apache2 configuration files.
If you installed php5-mysql edit /etc/php5/apache2/php.ini to make sure the mysql-extension is enabled:
... extension=mysql.so ...
Create a configuration file for your new site, eg. /etc/apache2/sites-available/yoursite
# HTTPS stuff
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutexSSLMutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# cgi-bin configuration for mailgraph
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin/>
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</IfModule>
# https virtual host declaration
<VirtualHost 192.168.1.20:443>
DocumentRoot /usr/share/squirrelmail
ServerName mail.example.com
ServerAdmin postmaster@example.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/hannibalcert.pem
SSLCertificateKeyFile /etc/apache2/ssl/hannibalkey.pem
SSLCACertificateFile /etc/apache2/ssl/cacert.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Enable your new site and remove the default site by runnig:
a2ensite yoursite a2dissite 000-default
Test if your configuration is valid:
apache2ctl configtest
Restart the webserver
/etc/init.d/apache2 restart
Another option is to use the apache-server for more than one website by using CNAMEs. Therefore leave the file /etc/apache2/sites-available/default in place. For all extra websites, create a CNAME and per website a file like: /etc/apache2/sites-available/yoursite001
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName yoursite001.example.com
ServerAlias yoursite001
DocumentRoot /var/www/yoursite001
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName yoursite002.example.com
ServerAlias yoursite002
DocumentRoot /var/www/yoursite002
</VirtualHost>
...
Enable them (ie. create the symlink) with:
a2ensite yoursite001 a2ensite yoursite002 ...
apt-get install apache apache-common apache-doc libapache-mod-ssl libapache-mod-ssl-doc \
libapache-mod-perl libapache-auth-ldap php4 php4-ldap php4-pear
If you need PHP to be able to connect to a MySQL-database, you might also want:
apt-get install php4-mysql
Check /etc/apache/modules.conf for these lines
.... LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so LoadModule php4_module /usr/lib/apache/1.3/libphp4.so LoadModule auth_ldap_module /usr/lib/apache/1.3/auth_ldap.so ....
Example of a secured directory; authorization required with a LDAP backend
....
<Directory /var/www/vip>
Options Indexes FollowSymlinks Multiviews
AuthType Basic
AuthName "Access to SecureDir"
AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
AuthLDAPStartTLS on
AllowOverride AuthConfig
require valid-user
</Directory>
....
Example of a secured virtual host, accessable via HTTPS. The HTTPS configuration is included.
....
Listen 192.168.1.20:80
Listen 192.168.1.20:443
....
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
....
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutexSSLMutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apachessl.log
SSLLogLevel info
</IfModule>
....
<VirtualHost 192.168.1.20:443>
DocumentRoot /var/www/
ServerName web.intra.example.com
ServerAdmin postmaster@intra.example.com
<Directory /var/www/>
Options Indexes FollowSymlinks Multiviews
AuthType Basic
AuthName "Hannibal Service Centre"
AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
AuthLDAPStartTLS on
AllowOverride AuthConfig
require valid-user
</Directory>
ErrorLog /var/log/mailerror.log
CustomLog /var/log/mailaccess.log common
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/webservercert.pem
SSLCertificateKeyFile /etc/apache/ssl.key/webserverkey.pem
SSLCACertificateFile /etc/apache/ssl.crt/cacert.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
....
The certificate authority section in the Hannibal documentation describes howto create certificates. Create them now and copy the certificates to /etc/apache/ssl.crt. The private key goes to /etc/apache/ssl.key. Make sure that their names correspond to the names in httpd.conf.
If you installed php4-mysql edit /etc/php/apache/php.ini and make sure the mysql-extension is enabled:
... extension=mysql.so ...
Test if your httpd.conf is valid:
apachectl configtest
Restart the webserver
/etc/init.d/apache restart