User Tools

Site Tools


hannibal:apache

Apache 2.2.x

Installation

apt-get install apache2 apache2-doc libapache2-mod-perl2 libapache2-mod-php5 \
                php5 php5-ldap php-pear

If you need PHP to be able to connect to a MySQL-database, you also need php5-mysql.

apt-get install php5-mysql

The documentation on how to install the MySQL-server itself is available at the Hannibal database server section.

Configuration

If you want to enable (a2enmod) or disable (a2dismod) extra modules in your webserver, run eg.

a2enmod php5
a2dismod rewrite

If you want to enable SSL/TLS, then run:

a2enmod ssl

Add port 443 to /etc/apache2/ports.conf

Listen 80
Listen 443

The certificate authority section in the Hannibal documentation describes howto create certificates. Create them now and make sure that their names and paths correspond to the names in your Apache2 configuration files.

If you installed php5-mysql edit /etc/php5/apache2/php.ini to make sure the mysql-extension is enabled:

...
extension=mysql.so
... 

Create a configuration file for your new site, eg. /etc/apache2/sites-available/yoursite

# HTTPS stuff

<IfModule mod_ssl.c>
 AddType application/x-x509-ca-cert .crt
 AddType application/x-pkcs7-crl    .crl
</IfModule>

<IfModule mod_ssl.c>
 SSLPassPhraseDialog  builtin
 SSLSessionCache dbm:/var/run/ssl_scache
 SSLSessionCacheTimeout  300
 SSLMutex file:/var/run/ssl_mutexSSLMutex
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
</IfModule>

# cgi-bin configuration for mailgraph

<IfModule mod_alias.c>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory /usr/lib/cgi-bin/>
        AllowOverride None
        Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
</IfModule>

# https virtual host declaration

<VirtualHost 192.168.1.20:443>
  DocumentRoot /usr/share/squirrelmail
  ServerName mail.example.com
  ServerAdmin postmaster@example.com
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/hannibalcert.pem
  SSLCertificateKeyFile /etc/apache2/ssl/hannibalkey.pem
  SSLCACertificateFile /etc/apache2/ssl/cacert.pem
  SetEnvIf User-Agent ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
</VirtualHost>

Enable your new site and remove the default site by runnig:

a2ensite yoursite
a2dissite 000-default

Test if your configuration is valid:

apache2ctl configtest

Restart the webserver

/etc/init.d/apache2 restart

Name based virtual hosts

Another option is to use the apache-server for more than one website by using CNAMEs. Therefore leave the file /etc/apache2/sites-available/default in place. For all extra websites, create a CNAME and per website a file like: /etc/apache2/sites-available/yoursite001

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName yoursite001.example.com
        ServerAlias yoursite001
        DocumentRoot /var/www/yoursite001
</VirtualHost>
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName yoursite002.example.com
        ServerAlias yoursite002
        DocumentRoot /var/www/yoursite002
</VirtualHost>
...

Enable them (ie. create the symlink) with:

a2ensite yoursite001
a2ensite yoursite002
...

Apache 1.3.x

Installation

apt-get install apache apache-common apache-doc libapache-mod-ssl libapache-mod-ssl-doc \
                libapache-mod-perl libapache-auth-ldap php4 php4-ldap php4-pear

If you need PHP to be able to connect to a MySQL-database, you might also want:

apt-get install php4-mysql

Configuration

Check /etc/apache/modules.conf for these lines

....
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
LoadModule auth_ldap_module /usr/lib/apache/1.3/auth_ldap.so
....

Example of a secured directory; authorization required with a LDAP backend

....
<Directory /var/www/vip>
    Options Indexes FollowSymlinks Multiviews
    AuthType Basic
    AuthName "Access to SecureDir"
    AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
    AuthLDAPStartTLS on
    AllowOverride AuthConfig
    require valid-user
</Directory>
....

Example of a secured virtual host, accessable via HTTPS. The HTTPS configuration is included.

....
Listen 192.168.1.20:80
Listen 192.168.1.20:443
....
<IfModule mod_ssl.c>
 AddType application/x-x509-ca-cert .crt
 AddType application/x-pkcs7-crl    .crl
</IfModule>
....
<IfModule mod_ssl.c>
 SSLPassPhraseDialog  builtin
 SSLSessionCache dbm:/var/run/ssl_scache
 SSLSessionCacheTimeout  300
 SSLMutex file:/var/run/ssl_mutexSSLMutex
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 SSLLog /var/log/apachessl.log
 SSLLogLevel info
</IfModule>
....
<VirtualHost 192.168.1.20:443>
  DocumentRoot /var/www/
  ServerName web.intra.example.com
  ServerAdmin postmaster@intra.example.com
  <Directory /var/www/>
    Options Indexes FollowSymlinks Multiviews
    AuthType Basic
    AuthName "Hannibal Service Centre"
    AuthLDAPURL ldap://ldap.intra.example.com/ou=People,dc=intra,dc=example,dc=com?uid?sub
    AuthLDAPStartTLS on
    AllowOverride AuthConfig
    require valid-user
  </Directory>
  ErrorLog /var/log/mailerror.log
  CustomLog /var/log/mailaccess.log common
  SSLEngine on
  SSLCertificateFile /etc/apache/ssl.crt/webservercert.pem
  SSLCertificateKeyFile /etc/apache/ssl.key/webserverkey.pem
  SSLCACertificateFile /etc/apache/ssl.crt/cacert.pem
  SetEnvIf User-Agent ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
</VirtualHost>
....

The certificate authority section in the Hannibal documentation describes howto create certificates. Create them now and copy the certificates to /etc/apache/ssl.crt. The private key goes to /etc/apache/ssl.key. Make sure that their names correspond to the names in httpd.conf.

If you installed php4-mysql edit /etc/php/apache/php.ini and make sure the mysql-extension is enabled:

...
extension=mysql.so
... 

Test if your httpd.conf is valid:

apachectl configtest

Restart the webserver

/etc/init.d/apache restart
hannibal/apache.txt · Last modified: 2008/06/26 07:41 by Olivier Brugman