Apache HTTP Server
From KevinWiki
Contents |
Apache HTTP Server
Modules
UserDir
UserDir module allows users on the server have a web site in their home directory.
Configuration
-Check if the module is available in the directory /etc/apache2/mods-available/
-Open the conf file, /etc/apache2/mods-available/userdir.conf.
$ gksudo gedit /etc/apache2/mods-available/userdir.conf &
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
UserDir disabled
UserDir enabled username
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
</IfModule>
-Enable the module.
$ cd cd /etc/apache2/mods-enabled/ $ sudo ln -s ../mods-available/userdir.load userdir.load $ sudo ln -s ../mods-available/userdir.conf userdir.conf
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart
References
http://httpd.apache.org/docs/2.0/en/mod/mod_userdir.html
Virtual Hosts
-make a copy of the default virtual host configuration to have your own.
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite
-e.g.
NameVirtualHost *
<VirtualHost *>
ServerAdmin kevin@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *> ServerAdmin kevin@localhost DocumentRoot /home/kevin/public_html ServerName kevin.kevin-home ErrorLog /home/kevin/logs/error_log TransferLog /home/kevin/logs/access_log </VirtualHost>
Enable .htaccess
-Change AllowOverride None
e.g) <Directory /> Options FollowSymLinks AllowOverride None </Directory>
to
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
-make changes as you wish then disable the default one and enable yours.
$ sudo a2dissite default && sudo a2ensite mysite
Using SSL
Generating a Certificate Signing Request (CSR)
Generate A Key for the CSR
-To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:
$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .......................++++++ .++++++ e is 65537 (0x10001) Enter pass phrase for server.key:your passphrase Verifying - Enter pass phrase for server.key:your confirm passphrase
-To See the details of the RSA private key.
$ openssl rsa -noout -text -in server.key
Remove Passphrase from Key File
If there is a problem with starting apache when the computer is booted, remove passphrase from the key file can be used to solve it. -Make backup file first
$ cp server.key server.key.original
-Remove the encryption from the RSA private key.
$ openssl rsa -in server.key.original -out server.key
-Make sure the server.key file is only readable by root:
$ chmod 400 server.key
Create the CSR
-To create the CSR, run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key:your passphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:Country State or Province Name (full name) [Some-State]:State Locality Name (eg, city) []:City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Organizational Unit Name (eg, section) []:Section Common Name (eg, YOUR name) []:Your Name Email Address []:email@address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:(e.g. a74mf94ns62kjdf8e) An optional company name []:
-To see the details of this CSR
$ openssl req -noout -text -in server.csr
Creating a Self-Signed Certificate
-To create the self-signed certificate, run the following command at a terminal prompt:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=**/ST=***/L=******/O=**********/OU=******/CN=*********/emailAddress=*********** Getting Private key Enter pass phrase for server.key:your passphrase
-To see the details of this certificate
$ openssl x509 -noout -text -in server.crt
Installing the Certificate
$ sudo cp server.crt /etc/ssl/certs/ $ sudo cp server.key /etc/ssl/private/
Enable Module SSL
$ sudo a2enmod ssl Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
$ sudo /etc/init.d/apache2 force-reload * Reloading web server config apache2 [ OK ]
Edit Site Enabled
-Add the following in the VirtualHost section under the DocumentRoot
SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
So it should look like:
<VirtualHost *>
ServerAdmin blade2@localhost
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
...blah blah
</VirtualHost>
-Restart the Apache server
$ sudo /etc/init.d/apache2 restart * Restarting web server apache2Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server blade2-home:443 (RSA) Enter pass phrase: type your passphrase OK: Pass Phrase Dialog successful.
Reference
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html
http://www.apache-ssl.org/httpd.conf.example
