apt-get install apache2 apache2-doc apache2-utils
Perl
apt-get install libapache2-mod-perl2
Python
apt-get install libapache2-mod-python
PHP5
apt-get install php5 libapache2-mod-php5 php-pear php5-xcache
PHP
apt-get install php libapache2-mod-php php-mcrypt php-mysql
Enable module
a2enmod <module>
Disable module
a2dismod <module>
For SSL, copy the following into “mods-available/ssl.conf”
SSLHonorCipherOrder on SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'
ports.conf
Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
apache.conf
KeepAlive Off
For SSL, add the follow to your vHost config
Redirect to https:// - insert in virtualhost:80
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Add virtualhost:433 with the same basic attributes as :80. Add the following
SSLEngine On SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem #SSLProtocol TLSv1.2 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 <Location /> SSLRequireSSL On SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire </Location>
Enable Site
a2ensite lunetikk.de.conf
Disable Site
a2dissite lunetikk.de.conf
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin [email protected] ServerName lunetikk.de ServerAlias www.lunetikk.de lunetikk.de ServerPath / DocumentRoot /var/www/lunetikk # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/lunetikk.de_error.log CustomLog ${APACHE_LOG_DIR}/lunetikk.de_access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] <Location /> </Location> <Directory /> Options FollowSymLinks AllowOverride none Require all granted DirectoryIndex index.html </Directory> </VirtualHost> <VirtualHost *:443> ServerAdmin [email protected] ServerName lunetikk.de ServerAlias www.lunetikk.de lunetikk.de ServerPath / DocumentRoot /var/www/lunetikk ErrorLog ${APACHE_LOG_DIR}/lunetikk.de_error_ssl.log CustomLog ${APACHE_LOG_DIR}/lunetikk.de_access_ssl.log combined <Directory /> Options FollowSymLinks Indexes Includes ExecCGI AllowOverride none Require all granted DirectoryIndex index.html </Directory> SSLEngine On SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem #SSLProtocol TLSv1.2 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 <Location /> SSLRequireSSL On SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire </Location> </VirtualHost>