Differences

This shows you the differences between two versions of the page.

Link to this comparison view

installing_and_configuring_apache_with_php_and_mysql_on_debian_jessie_en [2017/09/05 12:18] (current)
Line 1: Line 1:
 +====== Installing and Configuring Apache with PHP and MySQL on Debian Jessie ======
 +
 +Let's update the repositories and upgrade the system
 +<sxh bash>
 +aptitude update && aptitude dist-upgrade -y
 +</​sxh>​
 +
 +Now let's install the Apache, <​nowiki>​MySQL</​nowiki>​ and PHP
 +<sxh bash>
 +aptitude install mysql-server mysql-client apache2 php5 php5-mysql php5-imap php5-gd php5-mcrypt \
 + ​php5-json php5-xmlrpc php5-dev php5-common libapache2-mod-php5 php-pear php5-intl php5-curl -y
 +</​sxh>​
 +
 +** Note:** Needs to set up the <​nowiki>​MySQL</​nowiki>​ root password
 +
 +Now let's disable de default virtual host
 +<sxh bash>
 +a2dissite 000-default.conf
 +</​sxh>​
 +
 +Now let's disable the cgi support ​
 +<sxh bash>
 +a2disconf serve-cgi-bin.conf
 +</​sxh>​
 +
 +Now let's disable the other-vhosts access file
 +<sxh bash>
 +a2disconf other-vhosts-access-log.conf
 +</​sxh>​
 +
 +Now let's create a new virtual host
 +<sxh apache>
 +vim /​etc/​apache2/​sites-available/​www.douglasqsantos.com.br.conf
 +#/​etc/​apache2/​sites-available/​www.douglasqsantos.com.br
 +<​VirtualHost *:80>
 +        ServerAdmin webmaster@douglasqsantos.com.br
 +        ServerName www.douglasqsantos.com.br
 +        DocumentRoot "/​var/​www/​www.douglasqsantos.com.br"​
 +     <​Directory "/​var/​www/​www.douglasqsantos.com.br">​
 +        Options -Indexes +FollowSymLinks
 +        AllowOverride None
 +        Require all granted
 +     </​Directory>​
 +     <​IfModule mod_php5.c>​
 +        AddType application/​x-httpd-php .php
 +        php_flag expose_php Off
 +        php_flag allow_url_fopen Off
 +        php_flag allow_url_include Off
 +        php_flag magic_quotes_gpc Off
 +        php_flag register_globals Off
 +        php_flag disable_functions show_source
 +        php_flag disable_functions system
 +        php_flag disable_functions shell_exec
 +        php_flag disable_functions passthru
 +        php_flag disable_functions exec
 +        php_flag disable_functions popen
 +        php_flag disable_functions proc_open
 +        php_flag disable_functions symlink
 +     </​IfModule>​
 +        LogLevel warn
 +        CustomLog ${APACHE_LOG_DIR}/​www.douglasqsantos.com.br-access.log combined
 +        ErrorLog ${APACHE_LOG_DIR}/​www.douglasqsantos.com.br-error.log
 +        ServerSignature Off
 +        ## Enable the follow line to enable apache work with CGI
 +        #Include conf-available/​serve-cgi-bin.conf
 +</​VirtualHost>​
 +</​sxh>​
 +
 +Now we need to enable the new virtual host
 +<sxh bash>
 +a2ensite www.douglasqsantos.com.br.conf
 +</​sxh>​
 +
 +Now let's create the document root
 +<sxh bash>
 +mkdir -p /​var/​www/​www.douglasqsantos.com.br
 +</​sxh>​
 +
 +Now we need to create the index file like this
 +<sxh bash>
 +echo "<?​php phpinfo(); ?>" > /​var/​www/​www.douglasqsantos.com.br/​index.php
 +</​sxh>​
 +
 +Now we need to change the permissions
 +<sxh bash>
 +chown -R www-data:​www-data /​var/​www/​www.douglasqsantos.com.br
 +</​sxh>​
 +
 +Now we need to restart the Apache Server
 +<sxh bash>
 +/​etc/​init.d/​apache2 restart
 +</​sxh>​
 +
 +Now let's run a test accessing http://​ip_server
 +
 +====== Configuring HTTPS ======
 +
 +Let's create the directory to store the certificate files
 +
 +<sxh bash>
 +mkdir -p /​etc/​ssl/​apache
 +</​sxh>​
 +
 +Now let's access the directory
 +<sxh bash>
 +cd /​etc/​ssl/​apache
 +</​sxh>​
 +
 +Now we need to create the certificate key file
 +<sxh bash>
 +openssl genrsa -des3 -out server.key 1024
 +Generating RSA private key, 1024 bit long modulus
 +....................++++++
 +...........++++++
 +e is 65537 (0x10001)
 +Enter pass phrase for server.key: password
 +Verifying - Enter pass phrase for server.key: password
 +</​sxh>​
 +
 +Now we need to create the certificate sign request
 +<sxh bash>
 +openssl req -new -key server.key -out server.csr
 +Enter pass phrase for server.key: password
 +You are about to be asked to enter information that will be incorporated
 +into your certificate request.
 +What you are about to enter is what is called a Distinguished Name or a DN.
 +There are quite a few fields but you can leave some blank
 +For some fields there will be a default value,
 +If you enter '​.',​ the field will be left blank.
 +-----
 +Country Name (2 letter code) [AU]:BR
 +State or Province Name (full name) [Some-State]:​Parana
 +Locality Name (eg, city) []:Curitiba
 +Organization Name (eg, company) [Internet Widgits Pty Ltd]:​Douglas
 +Organizational Unit Name (eg, section) []:Douglas
 +Common Name (eg, YOUR name) []:​www.douglasqsantos.com.br
 +Email Address []:​douglas.q.santos@gmail.com
 + 
 +Please enter the following '​extra'​ attributes
 +to be sent with your certificate request
 +A challenge password []:
 +An optional company name []:Douglas
 +</​sxh>​
 +
 +Now let's sign our certificate file
 +<sxh bash>
 +openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
 +Signature ok
 +subject=/​C=BR/​ST=Parana/​L=Curitiba/​O=Douglas/​OU=Douglas/​CN=www.douglasqsantos.com.br/​emailAddress=douglas.q.santos@gmail.com
 +Getting Private key
 +Enter pass phrase for server.key: password
 +</​sxh>​
 +
 +Now we need to change the certificate'​s files permission
 +<sxh bash>
 +chmod 0400 server.*
 +cp server.key server.key.orig
 +</​sxh>​
 +
 +Now we need to remove the password from the certificate,​ otherwise every time the apache server start we will need to put the password
 +<sxh bash>
 +openssl rsa -in server.key.orig -out server.key
 +Enter pass phrase for server.key.orig:​ password
 +writing RSA key
 +</​sxh>​
 +
 +Let's change the permission of certificate files
 +<sxh bash>
 +chmod 0400 /​etc/​ssl/​apache/​* ​
 +</​sxh>​
 +
 +Now we need to configure the <​nowiki>​VirtualHost</​nowiki>​
 +<sxh apache>
 +vim /​etc/​apache2/​sites-available/​www.douglasqsantos.com.br.conf
 +#/​etc/​apache2/​sites-available/​www.douglasqsantos.com.br
 +<​VirtualHost *:443>
 +        ServerAdmin webmaster@douglasqsantos.com.br
 +        ServerName www.douglasqsantos.com.br
 +        DocumentRoot "/​var/​www/​www.douglasqsantos.com.br"​
 +     <​Directory "/​var/​www/​www.douglasqsantos.com.br">​
 +        Options -Indexes +FollowSymLinks
 +        AllowOverride None
 +        Require all granted
 +     </​Directory>​
 +     <​IfModule mod_php5.c>​
 +        AddType application/​x-httpd-php .php
 +        php_flag expose_php Off
 +        php_flag allow_url_fopen Off
 +        php_flag allow_url_include Off
 +        php_flag magic_quotes_gpc Off
 +        php_flag register_globals Off
 +        php_flag disable_functions show_source
 +        php_flag disable_functions system
 +        php_flag disable_functions shell_exec
 +        php_flag disable_functions passthru
 +        php_flag disable_functions exec
 +        php_flag disable_functions popen
 +        php_flag disable_functions proc_open
 +        php_flag disable_functions symlink
 +     </​IfModule>​
 +        LogLevel warn
 +        CustomLog ${APACHE_LOG_DIR}/​www.douglasqsantos.com.br-access.log combined
 +        ErrorLog ${APACHE_LOG_DIR}/​www.douglasqsantos.com.br-error.log
 +        ServerSignature Off
 +        ## Enable the follow line to enable apache work with CGI
 +        #Include conf-available/​serve-cgi-bin.conf
 +        ## Enabling the SSL
 +        SSLEngine on
 +        SSLCipherSuite ALL:​!ADH:​!EXPORT56:​RC4+RSA:​+HIGH:​+MEDIUM:​+LOW:​+SSLv2:​+EXP:​+eNULL
 +        SSLCertificateFile "/​etc/​ssl/​apache/​server.crt"​
 +        SSLCertificateKeyFile "/​etc/​ssl/​apache/​server.key"​
 +    <​FilesMatch "​\.(cgi|shtml|phtml|php)$">​
 +        SSLOptions +StdEnvVars
 +    </​FilesMatch>​
 +        BrowserMatch "​.*MSIE.*"​ \
 +        nokeepalive ssl-unclean-shutdown \
 +        downgrade-1.0 force-response-1.0
 +</​VirtualHost>​
 +</​sxh>​
 +
 +Now we need to enable the ssl modules
 +<sxh bash>
 +a2enmod ssl
 +</​sxh>​
 +
 +Now let's restart the apache server
 +<sxh bash>
 +/​etc/​init.d/​apache2 restart
 +</​sxh>​
 +
 +Now we can run a test accessing https://​ip_server
 +
 +====== References ======
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​mod/​
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​mod/​core.html
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​ssl/​
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​howto/​auth.html
 +  - http://​httpd.apache.org/​docs/​2.4/​en/​mod/​mod_authz_core.html#​require