Apache HTTP Server

From KevinWiki

(Difference between revisions)
Jump to: navigation, search
m
Line 52: Line 52:
-e.g.
-e.g.
 +
Ubuntu Linux 8.04 Hardy
  NameVirtualHost *
  NameVirtualHost *
   
   
Line 107: Line 108:
  </VirtualHost>
  </VirtualHost>
  </div>
  </div>
 +
 +
 +
-Ubuntu Linux 8.10 Intrepid
 +
<VirtualHost *:80>
 +
    ServerAdmin webmaster@localhost
 +
   
 +
    DocumentRoot /var/www/
 +
 +
    <Directory />
 +
        Options FollowSymLinks
 +
        AllowOverride None
 +
    </Directory>
 +
    <Directory /var/www/>
 +
        Options Indexes FollowSymLinks MultiViews
 +
        AllowOverride None
 +
        Order allow,deny
 +
        allow from all
 +
    </Directory>
 +
 +
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 +
    <Directory "/usr/lib/cgi-bin">
 +
        AllowOverride None
 +
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 +
        Order allow,deny
 +
        Allow from all
 +
    </Directory>
 +
 +
    ErrorLog /var/log/apache2/error.log
 +
 +
    # Possible values include: debug, info, notice, warn, error, crit,
 +
    # alert, emerg.
 +
    LogLevel warn
 +
 +
    CustomLog /var/log/apache2/access.log combined
 +
 +
    Alias /doc/ "/usr/share/doc/"
 +
    <Directory "/usr/share/doc/">
 +
        Options Indexes MultiViews FollowSymLinks
 +
        AllowOverride None
 +
        Order deny,allow
 +
        Deny from all
 +
        Allow from 127.0.0.0/255.0.0.0 ::1/128
 +
    </Directory>
 +
 +
</VirtualHost>
 +
 +
 +
-Add the following lines after SSL setup
 +
<VirtualHost *:443>
 +
    ServerAdmin webmaster@localhost
 +
   
 +
    DocumentRoot /var/www/
 +
 +
    SSLEngine on
 +
 +
    SSLOptions +StrictRequire
 +
 +
    SSLCertificateFile /etc/ssl/certs/server.crt
 +
    SSLCertificateKeyFile /etc/ssl/private/server.key
 +
 +
    <Directory />
 +
        Options FollowSymLinks
 +
        AllowOverride None
 +
    </Directory>
 +
    <Directory /var/www/>
 +
        Options Indexes FollowSymLinks MultiViews
 +
        AllowOverride None
 +
        Order allow,deny
 +
        allow from all
 +
    </Directory>
 +
 +
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 +
    <Directory "/usr/lib/cgi-bin">
 +
        AllowOverride None
 +
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 +
        Order allow,deny
 +
        Allow from all
 +
    </Directory>
 +
 +
    ErrorLog /var/log/apache2/error.log
 +
 +
    # Possible values include: debug, info, notice, warn, error, crit,
 +
    # alert, emerg.
 +
    LogLevel warn
 +
 +
    CustomLog /var/log/apache2/access.log combined
 +
 +
    Alias /doc/ "/usr/share/doc/"
 +
    <Directory "/usr/share/doc/">
 +
        Options Indexes MultiViews FollowSymLinks
 +
        AllowOverride None
 +
        Order deny,allow
 +
        Deny from all
 +
        Allow from 127.0.0.0/255.0.0.0 ::1/128
 +
    </Directory>
 +
 +
</VirtualHost>
 +
 +
 +
 +
==Enable .htaccess==
==Enable .htaccess==

Revision as of 08:22, 7 November 2008


Contents

Apache HTTP Server

Modules

UserDir

UserDir module allows users on the server have a web site in their home directory.

Configuration

-Check if the module is available in the directory /etc/apache2/mods-available/

-Open the conf file, /etc/apache2/mods-available/userdir.conf.

$ gksudo gedit /etc/apache2/mods-available/userdir.conf & 
<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
        UserDir disabled
        UserDir enabled username

        <Directory /home/*/public_html>
                AllowOverride FileInfo AuthConfig Limit
                Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
        </Directory>
</IfModule>

-Enable the module.

$ cd cd /etc/apache2/mods-enabled/ 
$ sudo ln -s ../mods-available/userdir.load userdir.load 
$ sudo ln -s ../mods-available/userdir.conf userdir.conf 

-Restart the Apache server

$ sudo /etc/init.d/apache2 restart 


References

http://httpd.apache.org/docs/2.0/en/mod/mod_userdir.html


Virtual Hosts

-make a copy of the default virtual host configuration to have your own.

$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite 

-e.g. Ubuntu Linux 8.04 Hardy

NameVirtualHost *

<VirtualHost *>
	ServerAdmin kevin@localhost
	
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/access.log combined
	ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost *>
	ServerAdmin kevin@localhost
	
	DocumentRoot /home/kevin/public_html
	ServerName kevin.kevin-home
	ErrorLog /home/kevin/logs/error_log
	TransferLog /home/kevin/logs/access_log
</VirtualHost>


-Ubuntu Linux 8.10 Intrepid

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    
    DocumentRoot /var/www/

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>


-Add the following lines after SSL setup

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    
    DocumentRoot /var/www/

    SSLEngine on

    SSLOptions +StrictRequire

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>



Enable .htaccess

-Change AllowOverride None

e.g)
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>

to

	<Directory />
		Options FollowSymLinks
		AllowOverride All
	</Directory>


-make changes as you wish then disable the default one and enable yours.

$ sudo a2dissite default && sudo a2ensite mysite 


Using SSL

Generating a Certificate Signing Request (CSR)

Generate A Key for the CSR

-To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

$ openssl genrsa -des3 -out server.key 1024 

Generating RSA private key, 1024 bit long modulus
.......................++++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:your passphrase
Verifying - Enter pass phrase for server.key:your confirm passphrase


-To See the details of the RSA private key.

$ openssl rsa -noout -text -in server.key


Remove Passphrase from Key File

If there is a problem with starting apache when the computer is booted, remove passphrase from the key file can be used to solve it. -Make backup file first

$ cp server.key server.key.original

-Remove the encryption from the RSA private key.

$ openssl rsa -in server.key.original -out server.key

-Make sure the server.key file is only readable by root:

$ chmod 400 server.key

Create the CSR

-To create the CSR, run the following command at a terminal prompt:

$ openssl req -new -key server.key -out server.csr 

Enter pass phrase for server.key:your passphrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:Country
State or Province Name (full name) [Some-State]:State
Locality Name (eg, city) []:City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company
Organizational Unit Name (eg, section) []:Section
Common Name (eg, YOUR name) []:Your Name
Email Address []:email@address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(e.g. a74mf94ns62kjdf8e)
An optional company name []:

-To see the details of this CSR

$ openssl req -noout -text -in server.csr


Creating a Self-Signed Certificate

-To create the self-signed certificate, run the following command at a terminal prompt:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 

Signature ok
subject=/C=**/ST=***/L=******/O=**********/OU=******/CN=*********/emailAddress=***********
Getting Private key
Enter pass phrase for server.key:your passphrase

-To see the details of this certificate

$ openssl x509 -noout -text -in server.crt


Installing the Certificate

$ sudo cp server.crt /etc/ssl/certs/ 
$ sudo cp server.key /etc/ssl/private/ 


Enable Module SSL

$ sudo a2enmod ssl 
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
$ sudo /etc/init.d/apache2 force-reload 
 * Reloading web server config apache2                                                                                                                                                        [ OK ]


Edit Site Enabled

-Add the following in the VirtualHost section under the DocumentRoot

	SSLEngine on

	SSLOptions +StrictRequire

	SSLCertificateFile /etc/ssl/certs/server.crt
	SSLCertificateKeyFile /etc/ssl/private/server.key

So it should look like:

<VirtualHost *>
	ServerAdmin blade2@localhost
	
	SSLEngine on

	SSLOptions +StrictRequire

	SSLCertificateFile /etc/ssl/certs/server.crt
	SSLCertificateKeyFile /etc/ssl/private/server.key


        ...blah blah	

</VirtualHost>


-Restart the Apache server

$ sudo /etc/init.d/apache2 restart 
 * Restarting web server apache2Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server blade2-home:443 (RSA)
Enter pass phrase: type your passphrase

OK: Pass Phrase Dialog successful.


Reference

https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html

http://www.apache-ssl.org/

http://www.apache-ssl.org/httpd.conf.example

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

http://en.wikipedia.org/wiki/Https

Personal tools