Apache HTTP Server
From KevinWiki
m |
|||
Line 52: | Line 52: | ||
-e.g. | -e.g. | ||
+ | Ubuntu Linux 8.04 Hardy | ||
NameVirtualHost * | NameVirtualHost * | ||
Line 107: | Line 108: | ||
</VirtualHost> | </VirtualHost> | ||
</div> | </div> | ||
+ | |||
+ | |||
+ | -Ubuntu Linux 8.10 Intrepid | ||
+ | <VirtualHost *:80> | ||
+ | ServerAdmin webmaster@localhost | ||
+ | |||
+ | DocumentRoot /var/www/ | ||
+ | |||
+ | <Directory /> | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | </Directory> | ||
+ | <Directory /var/www/> | ||
+ | Options Indexes FollowSymLinks MultiViews | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | allow from all | ||
+ | </Directory> | ||
+ | |||
+ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
+ | <Directory "/usr/lib/cgi-bin"> | ||
+ | AllowOverride None | ||
+ | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </Directory> | ||
+ | |||
+ | ErrorLog /var/log/apache2/error.log | ||
+ | |||
+ | # Possible values include: debug, info, notice, warn, error, crit, | ||
+ | # alert, emerg. | ||
+ | LogLevel warn | ||
+ | |||
+ | CustomLog /var/log/apache2/access.log combined | ||
+ | |||
+ | Alias /doc/ "/usr/share/doc/" | ||
+ | <Directory "/usr/share/doc/"> | ||
+ | Options Indexes MultiViews FollowSymLinks | ||
+ | AllowOverride None | ||
+ | Order deny,allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
+ | </Directory> | ||
+ | |||
+ | </VirtualHost> | ||
+ | |||
+ | |||
+ | -Add the following lines after SSL setup | ||
+ | <VirtualHost *:443> | ||
+ | ServerAdmin webmaster@localhost | ||
+ | |||
+ | DocumentRoot /var/www/ | ||
+ | |||
+ | SSLEngine on | ||
+ | |||
+ | SSLOptions +StrictRequire | ||
+ | |||
+ | SSLCertificateFile /etc/ssl/certs/server.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/private/server.key | ||
+ | |||
+ | <Directory /> | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | </Directory> | ||
+ | <Directory /var/www/> | ||
+ | Options Indexes FollowSymLinks MultiViews | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | allow from all | ||
+ | </Directory> | ||
+ | |||
+ | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | ||
+ | <Directory "/usr/lib/cgi-bin"> | ||
+ | AllowOverride None | ||
+ | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </Directory> | ||
+ | |||
+ | ErrorLog /var/log/apache2/error.log | ||
+ | |||
+ | # Possible values include: debug, info, notice, warn, error, crit, | ||
+ | # alert, emerg. | ||
+ | LogLevel warn | ||
+ | |||
+ | CustomLog /var/log/apache2/access.log combined | ||
+ | |||
+ | Alias /doc/ "/usr/share/doc/" | ||
+ | <Directory "/usr/share/doc/"> | ||
+ | Options Indexes MultiViews FollowSymLinks | ||
+ | AllowOverride None | ||
+ | Order deny,allow | ||
+ | Deny from all | ||
+ | Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||
+ | </Directory> | ||
+ | |||
+ | </VirtualHost> | ||
+ | |||
+ | |||
+ | |||
+ | |||
==Enable .htaccess== | ==Enable .htaccess== |
Revision as of 08:22, 7 November 2008
Contents |
Apache HTTP Server
Modules
UserDir
UserDir module allows users on the server have a web site in their home directory.
Configuration
-Check if the module is available in the directory /etc/apache2/mods-available/
-Open the conf file, /etc/apache2/mods-available/userdir.conf
.
$ gksudo gedit /etc/apache2/mods-available/userdir.conf &
<IfModule mod_userdir.c> UserDir public_html UserDir disabled root UserDir disabled UserDir enabled username <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec </Directory> </IfModule>
-Enable the module.
$ cd cd /etc/apache2/mods-enabled/ $ sudo ln -s ../mods-available/userdir.load userdir.load $ sudo ln -s ../mods-available/userdir.conf userdir.conf
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart
References
http://httpd.apache.org/docs/2.0/en/mod/mod_userdir.html
Virtual Hosts
-make a copy of the default virtual host configuration to have your own.
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite
-e.g. Ubuntu Linux 8.04 Hardy
NameVirtualHost * <VirtualHost *> ServerAdmin kevin@localhost DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
<VirtualHost *> ServerAdmin kevin@localhost DocumentRoot /home/kevin/public_html ServerName kevin.kevin-home ErrorLog /home/kevin/logs/error_log TransferLog /home/kevin/logs/access_log </VirtualHost>
-Ubuntu Linux 8.10 Intrepid
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
-Add the following lines after SSL setup
<VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/ SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
Enable .htaccess
-Change AllowOverride None
e.g) <Directory /> Options FollowSymLinks AllowOverride None </Directory>
to
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
-make changes as you wish then disable the default one and enable yours.
$ sudo a2dissite default && sudo a2ensite mysite
Using SSL
Generating a Certificate Signing Request (CSR)
Generate A Key for the CSR
-To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:
$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .......................++++++ .++++++ e is 65537 (0x10001) Enter pass phrase for server.key:your passphrase Verifying - Enter pass phrase for server.key:your confirm passphrase
-To See the details of the RSA private key.
$ openssl rsa -noout -text -in server.key
Remove Passphrase from Key File
If there is a problem with starting apache when the computer is booted, remove passphrase from the key file can be used to solve it. -Make backup file first
$ cp server.key server.key.original
-Remove the encryption from the RSA private key.
$ openssl rsa -in server.key.original -out server.key
-Make sure the server.key file is only readable by root:
$ chmod 400 server.key
Create the CSR
-To create the CSR, run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key:your passphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Country State or Province Name (full name) [Some-State]:State Locality Name (eg, city) []:City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Organizational Unit Name (eg, section) []:Section Common Name (eg, YOUR name) []:Your Name Email Address []:email@address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:(e.g. a74mf94ns62kjdf8e) An optional company name []:
-To see the details of this CSR
$ openssl req -noout -text -in server.csr
Creating a Self-Signed Certificate
-To create the self-signed certificate, run the following command at a terminal prompt:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=**/ST=***/L=******/O=**********/OU=******/CN=*********/emailAddress=*********** Getting Private key Enter pass phrase for server.key:your passphrase
-To see the details of this certificate
$ openssl x509 -noout -text -in server.crt
Installing the Certificate
$ sudo cp server.crt /etc/ssl/certs/ $ sudo cp server.key /etc/ssl/private/
Enable Module SSL
$ sudo a2enmod ssl Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
$ sudo /etc/init.d/apache2 force-reload * Reloading web server config apache2 [ OK ]
Edit Site Enabled
-Add the following in the VirtualHost section under the DocumentRoot
SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
So it should look like:
<VirtualHost *> ServerAdmin blade2@localhost SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key ...blah blah </VirtualHost>
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart * Restarting web server apache2Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server blade2-home:443 (RSA) Enter pass phrase: type your passphrase OK: Pass Phrase Dialog successful.
Reference
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
http://www.apache-ssl.org/httpd.conf.example