Apache HTTP Server
From KevinWiki
(Difference between revisions)
| Line 108: | Line 108: | ||
</VirtualHost> | </VirtualHost> | ||
</div> | </div> | ||
| + | |||
| + | |||
| + | -Many virtual hosts with http & https, | ||
| + | NameVirtualHost *:80 | ||
| + | NameVirtualHost *:443 | ||
| + | <VirtualHost *:443> | ||
| + | ServerAdmin kevin@yoursite.com | ||
| + | |||
| + | SSLEngine on | ||
| + | |||
| + | SSLOptions +StrictRequire | ||
| + | |||
| + | SSLCertificateFile /etc/ssl/certs/server.crt | ||
| + | SSLCertificateKeyFile /etc/ssl/private/server.key | ||
| + | |||
| + | DocumentRoot /var/www/ | ||
| + | ServerName yoursite.com | ||
| + | <Directory /> | ||
| + | Options FollowSymLinks | ||
| + | AllowOverride None | ||
| + | </Directory> | ||
| + | <Directory /var/www/> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride None | ||
| + | Order allow,deny | ||
| + | allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
| + | <Directory "/usr/lib/cgi-bin"> | ||
| + | AllowOverride None | ||
| + | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
| + | Order allow,deny | ||
| + | Allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ErrorLog /var/log/apache2/error.log | ||
| + | |||
| + | # Possible values include: debug, info, notice, warn, error, crit, | ||
| + | # alert, emerg. | ||
| + | LogLevel warn | ||
| + | |||
| + | CustomLog /var/log/apache2/access.log combined | ||
| + | ServerSignature On | ||
| + | |||
| + | Alias /doc/ "/usr/share/doc/" | ||
| + | <Directory "/usr/share/doc/"> | ||
| + | Options Indexes MultiViews FollowSymLinks | ||
| + | AllowOverride None | ||
| + | Order deny,allow | ||
| + | Deny from all | ||
| + | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
| + | </Directory> | ||
| + | |||
| + | </VirtualHost> | ||
| + | |||
| + | |||
| + | <VirtualHost *:80> | ||
| + | ServerAdmin kevin@yoursite.com | ||
| + | |||
| + | DocumentRoot /var/www/ | ||
| + | ServerName yoursite.com | ||
| + | <Directory /> | ||
| + | Options FollowSymLinks | ||
| + | AllowOverride None | ||
| + | </Directory> | ||
| + | <Directory /var/www/> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride None | ||
| + | Order allow,deny | ||
| + | allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
| + | <Directory "/usr/lib/cgi-bin"> | ||
| + | AllowOverride None | ||
| + | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
| + | Order allow,deny | ||
| + | Allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ErrorLog /var/log/apache2/error.log | ||
| + | |||
| + | # Possible values include: debug, info, notice, warn, error, crit, | ||
| + | # alert, emerg. | ||
| + | LogLevel warn | ||
| + | |||
| + | CustomLog /var/log/apache2/access.log combined | ||
| + | ServerSignature On | ||
| + | |||
| + | Alias /doc/ "/usr/share/doc/" | ||
| + | <Directory "/usr/share/doc/"> | ||
| + | Options Indexes MultiViews FollowSymLinks | ||
| + | AllowOverride None | ||
| + | Order deny,allow | ||
| + | Deny from all | ||
| + | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
| + | </Directory> | ||
| + | |||
| + | </VirtualHost> | ||
| + | |||
| + | #<VirtualHost *:80> | ||
| + | # ServerAdmin kevin@yoursite.com | ||
| + | # | ||
| + | # DocumentRoot /home/kevin/public_html | ||
| + | # ServerName kevin.yoursite.com | ||
| + | # ErrorLog /home/kevin/logs/error_log | ||
| + | # TransferLog /home/kevin/logs/access_log | ||
| + | #</VirtualHost> | ||
| + | |||
| + | <VirtualHost *:80> | ||
| + | ServerAdmin kevin@yoursite.com | ||
| + | |||
| + | DocumentRoot /var/www/blog | ||
| + | ServerName blog.yoursite.com | ||
| + | </VirtualHost> | ||
| + | -<code>NameVirtualHost *:443</code> is not necessary if there is only one virtual host using 443 port. | ||
| + | |||
Revision as of 14:48, 7 November 2008
Contents |
Apache HTTP Server
Modules
UserDir
UserDir module allows users on the server have a web site in their home directory.
Configuration
-Check if the module is available in the directory /etc/apache2/mods-available/
-Open the conf file, /etc/apache2/mods-available/userdir.conf.
$ gksudo gedit /etc/apache2/mods-available/userdir.conf &
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
UserDir disabled
UserDir enabled username
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
</IfModule>
-Enable the module.
$ cd cd /etc/apache2/mods-enabled/ $ sudo ln -s ../mods-available/userdir.load userdir.load $ sudo ln -s ../mods-available/userdir.conf userdir.conf
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart
References
http://httpd.apache.org/docs/2.0/en/mod/mod_userdir.html
Virtual Hosts
-make a copy of the default virtual host configuration to have your own.
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite
-e.g. Ubuntu Linux 8.04 Hardy
NameVirtualHost *
<VirtualHost *>
ServerAdmin kevin@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *> ServerAdmin kevin@localhost DocumentRoot /home/kevin/public_html ServerName kevin.kevin-home ErrorLog /home/kevin/logs/error_log TransferLog /home/kevin/logs/access_log </VirtualHost>
-Many virtual hosts with http & https,
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin kevin@yoursite.com
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
DocumentRoot /var/www/
ServerName yoursite.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin kevin@yoursite.com
DocumentRoot /var/www/
ServerName yoursite.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
#<VirtualHost *:80>
# ServerAdmin kevin@yoursite.com
#
# DocumentRoot /home/kevin/public_html
# ServerName kevin.yoursite.com
# ErrorLog /home/kevin/logs/error_log
# TransferLog /home/kevin/logs/access_log
#</VirtualHost>
<VirtualHost *:80>
ServerAdmin kevin@yoursite.com
DocumentRoot /var/www/blog
ServerName blog.yoursite.com
</VirtualHost>
-NameVirtualHost *:443 is not necessary if there is only one virtual host using 443 port.
-Ubuntu Linux 8.10 Intrepid
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
-Add the following lines after SSL setup
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
Enable .htaccess
-Change AllowOverride None
e.g) <Directory /> Options FollowSymLinks AllowOverride None </Directory>
to
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
-make changes as you wish then disable the default one and enable yours.
$ sudo a2dissite default && sudo a2ensite mysite
Using SSL
Generating a Certificate Signing Request (CSR)
Generate A Key for the CSR
-To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:
$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .......................++++++ .++++++ e is 65537 (0x10001) Enter pass phrase for server.key:your passphrase Verifying - Enter pass phrase for server.key:your confirm passphrase
-To See the details of the RSA private key.
$ openssl rsa -noout -text -in server.key
Remove Passphrase from Key File
If there is a problem with starting apache when the computer is booted, remove passphrase from the key file can be used to solve it. -Make backup file first
$ cp server.key server.key.original
-Remove the encryption from the RSA private key.
$ openssl rsa -in server.key.original -out server.key
-Make sure the server.key file is only readable by root:
$ chmod 400 server.key
Create the CSR
-To create the CSR, run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key:your passphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Country State or Province Name (full name) [Some-State]:State Locality Name (eg, city) []:City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Organizational Unit Name (eg, section) []:Section Common Name (eg, YOUR name) []:Your Name Email Address []:email@address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:(e.g. a74mf94ns62kjdf8e) An optional company name []:
-To see the details of this CSR
$ openssl req -noout -text -in server.csr
Creating a Self-Signed Certificate
-To create the self-signed certificate, run the following command at a terminal prompt:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=**/ST=***/L=******/O=**********/OU=******/CN=*********/emailAddress=*********** Getting Private key Enter pass phrase for server.key:your passphrase
-To see the details of this certificate
$ openssl x509 -noout -text -in server.crt
Installing the Certificate
$ sudo cp server.crt /etc/ssl/certs/ $ sudo cp server.key /etc/ssl/private/
Enable Module SSL
$ sudo a2enmod ssl Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
$ sudo /etc/init.d/apache2 force-reload * Reloading web server config apache2 [ OK ]
Edit Site Enabled
-Add the following in the VirtualHost section under the DocumentRoot
SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
So it should look like:
<VirtualHost *>
ServerAdmin blade2@localhost
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
...blah blah
</VirtualHost>
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart * Restarting web server apache2Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server blade2-home:443 (RSA) Enter pass phrase: type your passphrase OK: Pass Phrase Dialog successful.
Reference
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
http://www.apache-ssl.org/httpd.conf.example
