Apache2 SSL PHP5 MySQL5

From Wiki

Jump to: navigation, search

Contents

Install

apt-get install apache2 libapache2-mod-php5 mysql-server php5-mysql
/etc/init.d/apache2 restart
#I found that I had to restart apache once more to get php to work.

phpinfo test

vi /var/www/phpinfo.php
//Add in the following:
<?php phpinfo(); ?>

//Browse to: http://ipaddress/phpinfo.php

If the phpinfo.php file does not show
/etc/init.d/apache2 restart

Default SSL Setup

a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart
/usr/share/doc/apache2.2-common/README.Debian.gz

//Browse to: https://ipaddress/phpinfo.php

Custom SSL Cert Setup

mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.key -nodes -out hostcert.pem
chmod 600 *

vi /etc/apache2/sites-enabled/default-ssl
//update the following:
SSLCertificateFile    /etc/apache2/ssl/hostcert.pem
SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key

Debian SSL Cert Setup

The above config is my way of creating a SSL cert for apache using openssl. Debian squeeze has a make-ssl-cert utility.

See: /usr/share/doc/apache2.2-common/README.Debian.gz

Vhost Setup including SSL

This config sets up multiple vhosts, and allows https access to each vhost. If you use the default-ssl setup with debian squeeze you may get the error:

[warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Fri Apr 08 15:02:33 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Config Change

vi /etc/apache2/ports.conf
//Add-in the following above Listen 443
NameVirtualHost *:443

Update Default vhosts

I prefer to tidy up the vhosts a little, calling vhost configs 01-sitexz, 02-sitexy. Note: the 01-sitexz, because it is listed first, ordered by filename, is the default vhost for the server. I.E. if you browse to the http://ipaddress you'll get the 01-sitexz vhost.

cd /etc/apache2/sites-available
cat default-ssl >> default
mv default 01-default
vi /etc/apache2/sites-enabled/01-default
//change <VirtualHost _default_:443>
//to
<VirtualHost *:443>
 
rm /etc/apache2/sites-enabled/*
a2ensite 01-default
//all a2ensite does is to create a symlink from sites-available into sites-enabled

Create second test vhost with ssl

vi /etc/apache2/sites-available/02-test
<VirtualHost *:80>
       ServerAdmin test@burkesys.com
       ServerName test.burkesys.com
       DocumentRoot /var/www/test
       CustomLog /var/log/apache2/access.log combined
       ErrorLog /var/log/apache2/error.log
       Loglevel warn
       <Directory />
               Options FollowSymLinks MultiViews
               AllowOverride None
       </Directory>
</VirtualHost>
<VirtualHost *:443>
       ServerAdmin test@burkesys.com
       ServerName test.burkesys.com
       DocumentRoot /var/www/test
       CustomLog /var/log/apache2/access.log combined
       ErrorLog /var/log/apache2/error.log
       Loglevel warn
       <Directory />
               Options FollowSymLinks MultiViews
               AllowOverride None
       </Directory>

       SSLEngine on
       SSLCertificateFile    /etc/apache2/ssl/hostcert.pem
       SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key
       <FilesMatch "\.(cgi|shtml|phtml|php)$">
               SSLOptions +StdEnvVars
       </FilesMatch>
       <Directory /usr/lib/cgi-bin>
               SSLOptions +StdEnvVars
       </Directory>
       BrowserMatch "MSIE [2-6]" \
               nokeepalive ssl-unclean-shutdown \
               downgrade-1.0 force-response-1.0
       # MSIE 7 and newer should be able to use keepalive
       BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
a2ensite 02-test
/etc/init.d/apache2 restart

Test

Browse to: http://ipaddress , https://ipaddress , http://test.server.com , https://test.server.com

You will have to accept the SSL cert warning, however all vhosts should show up correct.

Personal tools