Linux Server Details

User Tools

Site Tools

Trace:
apache2_ssl_php5_mysql5

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
apache2_ssl_php5_mysql5 [2022/07/19 20:52] – created 85.134.209.200apache2_ssl_php5_mysql5 [2022/07/24 16:41] (current) admin
Line 1: Line 1:
-====== Apache2_SSL_PHP5_MySQL5 ======+===== Apache2_SSL_PHP5_MySQL5 =====
  
-====== Install ======+==== Install ==== 
 +<code>
  apt-get install apache2 libapache2-mod-php5 mysql-server php5-mysql  apt-get install apache2 libapache2-mod-php5 mysql-server php5-mysql
  /etc/init.d/apache2 restart  /etc/init.d/apache2 restart
  #I found that I had to restart apache once more to get php to work.  #I found that I had to restart apache once more to get php to work.
 +</code>
  
-===== phpinfo test =====+==== phpinfo test ==== 
 +<code>
  vi /var/www/phpinfo.php  vi /var/www/phpinfo.php
- <nowiki>//</nowiki>Add in the following:+ #Add in the following:
  <?php phpinfo(); ?>  <?php phpinfo(); ?>
 +</code>
  
-<nowiki>//</nowiki>Browse to: +Browse to: http://ipaddress/phpinfo.php
-http://ipaddress/phpinfo.php+
  
 === If the phpinfo.php file does not show === === If the phpinfo.php file does not show ===
 +<code>
  /etc/init.d/apache2 restart  /etc/init.d/apache2 restart
 +</code>
  
 ====== Default SSL Setup ====== ====== Default SSL Setup ======
 +<code>
  a2enmod ssl  a2enmod ssl
  a2ensite default-ssl  a2ensite default-ssl
  /etc/init.d/apache2 restart  /etc/init.d/apache2 restart
  /usr/share/doc/apache2.2-common/README.Debian.gz  /usr/share/doc/apache2.2-common/README.Debian.gz
 +</code>
  
-<nowiki>//</nowiki>Browse to: +Browse to: https://ipaddress/phpinfo.php
-https://ipaddress/phpinfo.php+
  
-===== Custom SSL Cert Setup =====+==== Custom SSL Cert Setup ==== 
 +<code>
  mkdir /etc/apache2/ssl  mkdir /etc/apache2/ssl
  cd /etc/apache2/ssl  cd /etc/apache2/ssl
Line 33: Line 40:
    
  vi /etc/apache2/sites-enabled/default-ssl  vi /etc/apache2/sites-enabled/default-ssl
- <nowiki>//</nowiki>update the following:+ #update the following:
  SSLCertificateFile    /etc/apache2/ssl/hostcert.pem  SSLCertificateFile    /etc/apache2/ssl/hostcert.pem
  SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key  SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key
- +</code> 
-===== Debian SSL Cert Setup =====+==== Debian SSL Cert Setup ====
 The above config is my way of creating a SSL cert for apache using openssl. Debian squeeze has a make-ssl-cert utility. The above config is my way of creating a SSL cert for apache using openssl. Debian squeeze has a make-ssl-cert utility.
  
 See: /usr/share/doc/apache2.2-common/README.Debian.gz See: /usr/share/doc/apache2.2-common/README.Debian.gz
  
-====== Vhost Setup including SSL ======+===== Vhost Setup including SSL =====
 This config sets up multiple vhosts, and allows https access to each vhost. If you use the default-ssl setup with debian squeeze you may get the error: This config sets up multiple vhosts, and allows https access to each vhost. If you use the default-ssl setup with debian squeeze you may get the error:
  [[warn]] _default_ VirtualHost overlap on port 443, the first has precedence  [[warn]] _default_ VirtualHost overlap on port 443, the first has precedence
   ... waiting [[Fri|Apr 08 15:02:33 2011]] [warn] _default_ VirtualHost overlap on port 443, the first has precedence   ... waiting [[Fri|Apr 08 15:02:33 2011]] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
  
-===== Config Change =====+==== Config Change ==== 
 +<code>
  vi /etc/apache2/ports.conf  vi /etc/apache2/ports.conf
- <nowiki>//</nowiki>Add-in the following above Listen 443+ #Add-in the following above Listen 443
  NameVirtualHost *:443  NameVirtualHost *:443
 +</code>
  
-===== Update Default vhosts =====+==== Update Default vhosts ====
 I prefer to tidy up the vhosts a little, calling vhost configs 01-sitexz, 02-sitexy. Note: the 01-sitexz, because it is listed first, ordered by filename, is the default vhost for the server. I.E. if you browse to the http://ipaddress you'll get the 01-sitexz vhost. I prefer to tidy up the vhosts a little, calling vhost configs 01-sitexz, 02-sitexy. Note: the 01-sitexz, because it is listed first, ordered by filename, is the default vhost for the server. I.E. if you browse to the http://ipaddress you'll get the 01-sitexz vhost.
  
 +<code>
  cd /etc/apache2/sites-available  cd /etc/apache2/sites-available
  cat default-ssl >> default  cat default-ssl >> default
  mv default 01-default  mv default 01-default
  vi /etc/apache2/sites-enabled/01-default  vi /etc/apache2/sites-enabled/01-default
- <nowiki>//</nowiki>change <VirtualHost _default_:443> + #change <VirtualHost _default_:443> 
- <nowiki>//</nowiki>to+ #to
  <VirtualHost *:443>  <VirtualHost *:443>
      
  rm /etc/apache2/sites-enabled/*  rm /etc/apache2/sites-enabled/*
  a2ensite 01-default  a2ensite 01-default
- <nowiki>//</nowiki>all a2ensite does is to create a symlink from sites-available into sites-enabled+ #all a2ensite does is to create a symlink from sites-available into sites-enabled 
 +</code>
  
-===== Create second test vhost with ssl =====+==== Create second test vhost with ssl ==== 
 +<code>
  vi /etc/apache2/sites-available/02-test  vi /etc/apache2/sites-available/02-test
  <VirtualHost *:80>  <VirtualHost *:80>
Line 111: Line 123:
  a2ensite 02-test  a2ensite 02-test
  /etc/init.d/apache2 restart  /etc/init.d/apache2 restart
 +</code>
  
-===== Test =====+==== Test ====
 Browse to: http://ipaddress , https://ipaddress , http://test.server.com , https://test.server.com Browse to: http://ipaddress , https://ipaddress , http://test.server.com , https://test.server.com
  
 You will have to accept the SSL cert warning, however all vhosts should show up correct. You will have to accept the SSL cert warning, however all vhosts should show up correct.
 +
 +
 +===== Sample vhost config with Proxy =====
 +<code>
 +<VirtualHost *:80>
 +        ProxyRequests Off
 +        ProxyPreserveHost On
 +        ProxyPass / http://192.168.1.3:80/
 +        ProxyPassReverse / http://192.168.1.3:80/
 +        ServerName www.tom.me
 +        ServerAlias *tom.me
 +        CustomLog /var/log/apache2/access_tom.log combined
 +        ErrorLog /var/log/apache2/error_tom.log
 +</VirtualHost>
 +<VirtualHost *:443>
 +        ProxyRequests Off
 +        ProxyPreserveHost On
 +        ProxyPass / https://192.168.1.3:443/
 +        ProxyPassReverse / https://192.168.1.3:443/
 +        ServerName www.tom.me
 +        ServerAlias *tom.me
 +        CustomLog /var/log/apache2/access_tom.log combined
 +        ErrorLog /var/log/apache2/error_tom.log
 +
 +        SSLProxyEngine On
 +        SSLEngine on
 +        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
 +        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 +        BrowserMatch "MSIE [2-6]" \
 +                nokeepalive ssl-unclean-shutdown \
 +                downgrade-1.0 force-response-1.0
 +        # MSIE 7 and newer should be able to use keepalive
 +        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 +</VirtualHost>
 +
 +
 +</code>
apache2_ssl_php5_mysql5.1658260369.txt.gz · Last modified: 2022/07/19 21:13 (external edit)