Installing and Configuring Apache with PHP and MySQL on Debian Jessie

Let's update the repositories and upgrade the system

aptitude update && aptitude dist-upgrade -y

Now let's install the Apache, MySQL and PHP

aptitude install mysql-server mysql-client apache2 php5 php5-mysql php5-imap php5-gd php5-mcrypt \
 php5-json php5-xmlrpc php5-dev php5-common libapache2-mod-php5 php-pear php5-intl php5-curl -y

Note: Needs to set up the MySQL root password

Now let's disable de default virtual host

a2dissite 000-default.conf

Now let's disable the cgi support

a2disconf serve-cgi-bin.conf

Now let's disable the other-vhosts access file

a2disconf other-vhosts-access-log.conf

Now let's create a new virtual host

vim /etc/apache2/sites-available/www.douglasqsantos.com.br.conf
#/etc/apache2/sites-available/www.douglasqsantos.com.br
<VirtualHost *:80>
        ServerAdmin webmaster@douglasqsantos.com.br
        ServerName www.douglasqsantos.com.br
        DocumentRoot "/var/www/www.douglasqsantos.com.br"
     <Directory "/var/www/www.douglasqsantos.com.br">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
     </Directory>
     <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        php_flag expose_php Off
        php_flag allow_url_fopen Off
        php_flag allow_url_include Off
        php_flag magic_quotes_gpc Off
        php_flag register_globals Off
        php_flag disable_functions show_source
        php_flag disable_functions system
        php_flag disable_functions shell_exec
        php_flag disable_functions passthru
        php_flag disable_functions exec
        php_flag disable_functions popen
        php_flag disable_functions proc_open
        php_flag disable_functions symlink
     </IfModule>
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/www.douglasqsantos.com.br-access.log combined
        ErrorLog ${APACHE_LOG_DIR}/www.douglasqsantos.com.br-error.log
        ServerSignature Off
        ## Enable the follow line to enable apache work with CGI
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

Now we need to enable the new virtual host

a2ensite www.douglasqsantos.com.br.conf

Now let's create the document root

mkdir -p /var/www/www.douglasqsantos.com.br

Now we need to create the index file like this

echo "<?php phpinfo(); ?>" > /var/www/www.douglasqsantos.com.br/index.php

Now we need to change the permissions

chown -R www-data:www-data /var/www/www.douglasqsantos.com.br

Now we need to restart the Apache Server

/etc/init.d/apache2 restart

Now let's run a test accessing http://ip_server

Configuring HTTPS

Let's create the directory to store the certificate files

mkdir -p /etc/ssl/apache

Now let's access the directory

cd /etc/ssl/apache

Now we need to create the certificate key file

openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
....................++++++
...........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: password
Verifying - Enter pass phrase for server.key: password

Now we need to create the certificate sign request

openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: password
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Parana
Locality Name (eg, city) []:Curitiba
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Douglas
Organizational Unit Name (eg, section) []:Douglas
Common Name (eg, YOUR name) []:www.douglasqsantos.com.br
Email Address []:douglas.q.santos@gmail.com
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Douglas

Now let's sign our certificate file

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=BR/ST=Parana/L=Curitiba/O=Douglas/OU=Douglas/CN=www.douglasqsantos.com.br/emailAddress=douglas.q.santos@gmail.com
Getting Private key
Enter pass phrase for server.key: password

Now we need to change the certificate's files permission

chmod 0400 server.*
cp server.key server.key.orig

Now we need to remove the password from the certificate, otherwise every time the apache server start we will need to put the password

openssl rsa -in server.key.orig -out server.key
Enter pass phrase for server.key.orig: password
writing RSA key

Let's change the permission of certificate files

chmod 0400 /etc/ssl/apache/* 

Now we need to configure the VirtualHost

vim /etc/apache2/sites-available/www.douglasqsantos.com.br.conf
#/etc/apache2/sites-available/www.douglasqsantos.com.br
<VirtualHost *:443>
        ServerAdmin webmaster@douglasqsantos.com.br
        ServerName www.douglasqsantos.com.br
        DocumentRoot "/var/www/www.douglasqsantos.com.br"
     <Directory "/var/www/www.douglasqsantos.com.br">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
     </Directory>
     <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        php_flag expose_php Off
        php_flag allow_url_fopen Off
        php_flag allow_url_include Off
        php_flag magic_quotes_gpc Off
        php_flag register_globals Off
        php_flag disable_functions show_source
        php_flag disable_functions system
        php_flag disable_functions shell_exec
        php_flag disable_functions passthru
        php_flag disable_functions exec
        php_flag disable_functions popen
        php_flag disable_functions proc_open
        php_flag disable_functions symlink
     </IfModule>
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/www.douglasqsantos.com.br-access.log combined
        ErrorLog ${APACHE_LOG_DIR}/www.douglasqsantos.com.br-error.log
        ServerSignature Off
        ## Enable the follow line to enable apache work with CGI
        #Include conf-available/serve-cgi-bin.conf
        ## Enabling the SSL
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile "/etc/ssl/apache/server.crt"
        SSLCertificateKeyFile "/etc/ssl/apache/server.key"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
        BrowserMatch ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
</VirtualHost>

Now we need to enable the ssl modules

a2enmod ssl

Now let's restart the apache server

/etc/init.d/apache2 restart

Now we can run a test accessing https://ip_server

References