====== Apache_2_&_SSL_-_PHP4_-_MySQL_4.1 ======
=====Installing Apache2, PHP4 and MySQL=====
Installing Apache, PHP and MySQL is very simple - if the following steps are adhered to.
1. Install MySQL:
apt-get install mysql-server mysql-client libmysqlclient12-dev
Not sure about requiring libmysqlclient12-dev, but will check out.
2. Install Apache2 (see http://www.debianhelp.co.uk/apache2.htm):
apt-get install apache2
apt-get install libapache2-mod-php4 php4-cli php4-common php4-cgi
apt-get install php4-mysql
You will also have to symlink mods_available/php.* to /mods_enabled/php.*
cd /etc/apache2/mods_enabled
ln -s /etc/apache2/mods_available/php4.conf php4.conf
=====Apache2 SSL & Virtual Hosting=====
Apache SSL should be installed already with Previous Packages
Look and see if ssl.conf and ssl.load are in /etc/apache2/mods-available
Symlink them into mods-enabled:
chdir /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/ssl.conf ssl.conf
Edit /etc/apache2/ports.conf and Add in:
Listen 443
Restart Apache and that Should be it working. To use SSL - it must be added into the Vhosts in sites-enabled
Two main lines to add for SSL Engine:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
To make the SSL Cert - Apache has a built-in tool :-)
chdir to /etc/apache2/ssl and run
apache2-ssl-certificate
apache2-ssl-certificate -days 365 //generate for 365 days
This tool is no longer in Debian Etch ;-( Here is how instead:
openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
cat hostkey.pem >> hostcert.pem
mv hostcert.pem apache.pem
**Onto Configing Vhosts
**
1. Default Apache:
NameVirtualHost kartbuilding.net:80
//insert code as Normal
NameVirtualHost kartbuilding.net:443
//insert code as Normal; same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
2. Vhost #1 - www.kartbuilding.net
//same as normal
//as Normal same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
3. Vhost #2 - misc.kartbuilding.net
//same as normal
//as Normal same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Main Config got from HAL!
Info on Apache + SSL: http://mattl.co.uk/apache2subversiondebianhowto.html
=====Apache2 SSL Cert Generation=====
To make the SSL Cert - Apache has a built-in tool :-)
chdir to /etc/apache2/ssl and run
apache2-ssl-certificate --force -days x
More Info about Vhosts and Multiple Domain Names at:
http://mathforum.org/~sasha/tech/apachevhosts.html
===== Server Side Includes (ssi) =====
a2enmod include
//thats it. No htaccess file should be needed.
Quick Test Example:
index.shtml:
Main Page
navbar.shtml:
nav
Files called .shtml are by default parsed. A htaccess file can be used if you want the server to parse html files.
http://httpd.apache.org/docs/2.2/howto/ssi.html
====== Apache Auth using MySQL on Debian Lenny ======
apt-get install libapache2-mod-auth-mysql
a2enmod auth_mysql
To use, place the following in a vhost:
ServerAdmin root@server
ServerName svn.server.com
AuthBasicAuthoritative Off
AuthUserFile /dev/null
#The above lines are required, otherwise there will be an error in apaches error log.
AuthType Basic
AuthName "Repository"
AuthType Basic
AuthMySQL_Host localhost
AuthMySQL_User redmine
AuthMySQL_Password password
AuthMySQL_DB redmine
AuthMySQL_Empty_Passwords off
AuthMySQL_Password_Table users
AuthMySQL_Username_Field login
AuthMySQL_Password_Field hashed_password
AuthMySQL_Encryption_Types SHA1Sum
AuthzSVNAccessFile /var/svn/conf/authz
Require valid-user
Satisfy Any
ErrorLog /var/log/apache2/svn/error.log
LogLevel debug
CustomLog /var/log/apache2/svn/access.log combined
The above vhost can be chmod'd 600 and chown'd as root. Apache starts off with root, and thats when it reads in the vhost. This is because you want the mysql password kept secure. You could also create a readonly mysql user (with only select privs) and use that in the vhost. -- better still.
Note the above config was specifically for authing a svn vhost off a redmine database. The "AuthMySQL_Encryption_Types SHA1Sum" was required. This line has other options such as md5 etc.