Site Tools


linux:ubuntu:apache2

Apache2

Installation

Apache2 with utils

apt-get install apache2 apache2-doc apache2-utils

Modules

Perl

apt-get install libapache2-mod-perl2

Python

apt-get install libapache2-mod-python

PHP5

apt-get install php5 libapache2-mod-php5 php-pear php5-xcache

PHP

apt-get install php libapache2-mod-php php-mcrypt php-mysql

Enable module

a2enmod <module>

Disable module

a2dismod <module>

Configuration

Basic configuration

For SSL, copy the following into “mods-available/ssl.conf”

SSLHonorCipherOrder on
SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'

ports.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

apache.conf

KeepAlive Off

vHosts

For SSL, add the follow to your vHost config

Redirect to https:// - insert in virtualhost:80

        RewriteEngine   On
        RewriteCond     %{HTTPS} !=on
        RewriteRule     ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Add virtualhost:433 with the same basic attributes as :80. Add the following

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem

        #SSLProtocol TLSv1.2
        SSLProtocol All -SSLv2 -SSLv3 -TLSv1

<Location />
        SSLRequireSSL On
        SSLVerifyClient optional
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +StrictRequire
</Location>

Enable Site

a2ensite lunetikk.de.conf

Disable Site

a2dissite lunetikk.de.conf

vHost example

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin [email protected]
        ServerName lunetikk.de
        ServerAlias www.lunetikk.de lunetikk.de
        ServerPath /

        DocumentRoot /var/www/lunetikk

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/lunetikk.de_error.log
        CustomLog ${APACHE_LOG_DIR}/lunetikk.de_access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        RewriteEngine   On
        RewriteCond     %{HTTPS} !=on
        RewriteRule     ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]


<Location />
</Location>

<Directory />
        Options FollowSymLinks
        AllowOverride none
        Require all granted
        DirectoryIndex index.html
</Directory>

</VirtualHost>

<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName lunetikk.de
        ServerAlias www.lunetikk.de lunetikk.de

        ServerPath /
        DocumentRoot /var/www/lunetikk

        ErrorLog ${APACHE_LOG_DIR}/lunetikk.de_error_ssl.log
        CustomLog ${APACHE_LOG_DIR}/lunetikk.de_access_ssl.log combined


<Directory />
        Options FollowSymLinks Indexes Includes ExecCGI
        AllowOverride none
        Require all granted
        DirectoryIndex index.html
</Directory>

        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem

        #SSLProtocol TLSv1.2
        SSLProtocol All -SSLv2 -SSLv3 -TLSv1

<Location />
        SSLRequireSSL On
        SSLVerifyClient optional
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +StrictRequire
</Location>

</VirtualHost>

linux/ubuntu/apache2.txt · Last modified: 2020/01/13 21:25 by lunetikk