Apache 2 & SSL - PHP4 - MySQL 4.1

From Wiki

Contents 1 Installing Apache2, PHP4 and MySQL 2 Apache2 SSL & Virtual Hosting 3 Apache2 SSL Cert Generation 4 Server Side Includes (ssi) 5 Apache Auth using MySQL on Debian Lenny

Installing Apache2, PHP4 and MySQL

Installing Apache, PHP and MySQL is very simple - if the following steps are adhered to.

1. Install MySQL:

apt-get install mysql-server mysql-client libmysqlclient12-dev
Not sure about requiring libmysqlclient12-dev, but will check out.

2. Install Apache2 (see http://www.debianhelp.co.uk/apache2.htm):

apt-get install apache2
apt-get install libapache2-mod-php4 php4-cli php4-common php4-cgi
apt-get install php4-mysql

You will also have to symlink mods_available/php.* to /mods_enabled/php.*

cd /etc/apache2/mods_enabled
ln -s /etc/apache2/mods_available/php4.conf php4.conf

Apache2 SSL & Virtual Hosting

Apache SSL should be installed already with Previous Packages
Look and see if ssl.conf and ssl.load are in /etc/apache2/mods-available
Symlink them into mods-enabled:

chdir /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/ssl.conf ssl.conf

Edit /etc/apache2/ports.conf and Add in:

Listen 443

Restart Apache and that Should be it working. To use SSL - it must be added into the Vhosts in sites-enabled
Two main lines to add for SSL Engine:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

To make the SSL Cert - Apache has a built-in tool :-)

chdir to /etc/apache2/ssl and run
apache2-ssl-certificate
apache2-ssl-certificate -days 365  //generate for 365 days

This tool is no longer in Debian Etch ;-( Here is how instead:

openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.pem -nodes -out hostcert.pem
cat hostkey.pem >> hostcert.pem
mv hostcert.pem apache.pem

Onto Configing Vhosts
1. Default Apache:

NameVirtualHost kartbuilding.net:80
<VirtualHost kartbuilding.net:80>
//insert code as Normal
</VirtualHost>

NameVirtualHost kartbuilding.net:443
<VirtualHost kartbuilding.net:443>
//insert code as Normal; same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

2. Vhost #1 - www.kartbuilding.net

<VirtualHost www.kartbuilding.net:80>
//same as normal
</VirtualHost>

<VirtualHost www.kartbuilding.net:443>
//as Normal same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

3. Vhost #2 - misc.kartbuilding.net

<VirtualHost misc.kartbuilding.net:80>
//same as normal
</VirtualHost>
<VirtualHost misc.kartbuilding.net:443>
//as Normal same as above
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Main Config got from HAL!
Info on Apache + SSL: http://mattl.co.uk/apache2subversiondebianhowto.html

Apache2 SSL Cert Generation

To make the SSL Cert - Apache has a built-in tool :-)

chdir to /etc/apache2/ssl and run
apache2-ssl-certificate --force -days x

More Info about Vhosts and Multiple Domain Names at:
http://mathforum.org/~sasha/tech/apachevhosts.html

Server Side Includes (ssi)

a2enmod include
//thats it. No htaccess file should be needed.

Quick Test Example:

index.shtml:
Main Page
<!–-#include virtual="navbar.shtml" -->

navbar.shtml:
nav

Files called .shtml are by default parsed. A htaccess file can be used if you want the server to parse html files.

http://httpd.apache.org/docs/2.2/howto/ssi.html

Apache Auth using MySQL on Debian Lenny

apt-get install libapache2-mod-auth-mysql
a2enmod auth_mysql

To use, place the following in a vhost:

<VirtualHost *:80>
       ServerAdmin root@server
       ServerName svn.server.com

       <Location />
		AuthBasicAuthoritative Off
		AuthUserFile /dev/null
		#The above lines are required, otherwise there will be an error in apaches error log.

		AuthType Basic
		AuthName "Repository"
		AuthType Basic
		AuthMySQL_Host localhost
		AuthMySQL_User redmine
		AuthMySQL_Password password
		AuthMySQL_DB redmine
		AuthMySQL_Empty_Passwords off
		AuthMySQL_Password_Table users
		AuthMySQL_Username_Field login
		AuthMySQL_Password_Field hashed_password
		AuthMySQL_Encryption_Types SHA1Sum

	        AuthzSVNAccessFile /var/svn/conf/authz
        	Require valid-user
	        Satisfy Any

       </Location>
       ErrorLog /var/log/apache2/svn/error.log
       LogLevel debug
       CustomLog /var/log/apache2/svn/access.log combined
</VirtualHost>

The above vhost can be chmod'd 600 and chown'd as root. Apache starts off with root, and thats when it reads in the vhost. This is because you want the mysql password kept secure. You could also create a readonly mysql user (with only select privs) and use that in the vhost. -- better still. Note the above config was specifically for authing a svn vhost off a redmine database. The "AuthMySQL_Encryption_Types SHA1Sum" was required. This line has other options such as md5 etc.