===== Apache2_SSL_PHP5_MySQL5 =====

==== Install ====
<code>
 apt-get install apache2 libapache2-mod-php5 mysql-server php5-mysql
 /etc/init.d/apache2 restart
 #I found that I had to restart apache once more to get php to work.
</code>

==== phpinfo test ====
<code>
 vi /var/www/phpinfo.php
 #Add in the following:
 <?php phpinfo(); ?>
</code>

Browse to: http://ipaddress/phpinfo.php

=== If the phpinfo.php file does not show ===
<code>
 /etc/init.d/apache2 restart
</code>

====== Default SSL Setup ======
<code>
 a2enmod ssl
 a2ensite default-ssl
 /etc/init.d/apache2 restart
 /usr/share/doc/apache2.2-common/README.Debian.gz
</code>

Browse to: https://ipaddress/phpinfo.php

==== Custom SSL Cert Setup ====
<code>
 mkdir /etc/apache2/ssl
 cd /etc/apache2/ssl
 openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.key -nodes -out hostcert.pem
 chmod 600 *
 
 vi /etc/apache2/sites-enabled/default-ssl
 #update the following:
 SSLCertificateFile    /etc/apache2/ssl/hostcert.pem
 SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key
</code>
==== Debian SSL Cert Setup ====
The above config is my way of creating a SSL cert for apache using openssl. Debian squeeze has a make-ssl-cert utility.

See: /usr/share/doc/apache2.2-common/README.Debian.gz

===== Vhost Setup including SSL =====
This config sets up multiple vhosts, and allows https access to each vhost. If you use the default-ssl setup with debian squeeze you may get the error:
 [[warn]] _default_ VirtualHost overlap on port 443, the first has precedence
  ... waiting [[Fri|Apr 08 15:02:33 2011]] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

==== Config Change ====
<code>
 vi /etc/apache2/ports.conf
 #Add-in the following above Listen 443
 NameVirtualHost *:443
</code>

==== Update Default vhosts ====
I prefer to tidy up the vhosts a little, calling vhost configs 01-sitexz, 02-sitexy. Note: the 01-sitexz, because it is listed first, ordered by filename, is the default vhost for the server. I.E. if you browse to the http://ipaddress you'll get the 01-sitexz vhost.

<code>
 cd /etc/apache2/sites-available
 cat default-ssl >> default
 mv default 01-default
 vi /etc/apache2/sites-enabled/01-default
 #change <VirtualHost _default_:443>
 #to
 <VirtualHost *:443>
  
 rm /etc/apache2/sites-enabled/*
 a2ensite 01-default
 #all a2ensite does is to create a symlink from sites-available into sites-enabled
</code>

==== Create second test vhost with ssl ====
<code>
 vi /etc/apache2/sites-available/02-test
 <VirtualHost *:80>
        ServerAdmin test@burkesys.com
        ServerName test.burkesys.com
        DocumentRoot /var/www/test
        CustomLog /var/log/apache2/access.log combined
        ErrorLog /var/log/apache2/error.log
        Loglevel warn
        <Directory />
                Options FollowSymLinks MultiViews
                AllowOverride None
        </Directory>
 </VirtualHost>
 <VirtualHost *:443>
        ServerAdmin test@burkesys.com
        ServerName test.burkesys.com
        DocumentRoot /var/www/test
        CustomLog /var/log/apache2/access.log combined
        ErrorLog /var/log/apache2/error.log
        Loglevel warn
        <Directory />
                Options FollowSymLinks MultiViews
                AllowOverride None
        </Directory>
 
        SSLEngine on
        SSLCertificateFile    /etc/apache2/ssl/hostcert.pem
        SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [[2-6]]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [[17-9]]" ssl-unclean-shutdown
 </VirtualHost>

 a2ensite 02-test
 /etc/init.d/apache2 restart
</code>

==== Test ====
Browse to: http://ipaddress , https://ipaddress , http://test.server.com , https://test.server.com

You will have to accept the SSL cert warning, however all vhosts should show up correct.


===== Sample vhost config with Proxy =====
<code>
<VirtualHost *:80>
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://192.168.1.3:80/
        ProxyPassReverse / http://192.168.1.3:80/
        ServerName www.tom.me
        ServerAlias *tom.me
        CustomLog /var/log/apache2/access_tom.log combined
        ErrorLog /var/log/apache2/error_tom.log
</VirtualHost>
<VirtualHost *:443>
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://192.168.1.3:443/
        ProxyPassReverse / https://192.168.1.3:443/
        ServerName www.tom.me
        ServerAlias *tom.me
        CustomLog /var/log/apache2/access_tom.log combined
        ErrorLog /var/log/apache2/error_tom.log

        SSLProxyEngine On
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>


</code>