This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
computing:apachesurvival [2018/05/06 03:35] – created oemb1905 | computing:apachesurvival [2024/02/20 23:00] (current) – oemb1905 | ||
---|---|---|---|
Line 3: | Line 3: | ||
* **Jonathan Haack** | * **Jonathan Haack** | ||
* **Haack' | * **Haack' | ||
- | * **netcmnd@jonathanhaack.com** | + | * **webmaster@haacksnetworking.org** |
------------------------------------------- | ------------------------------------------- | ||
- | // | + | // |
------------------------------------------- | ------------------------------------------- | ||
+ | This tutorial is for users of Debian GNU/Linux to set up a LAMP stack, TLS encryption, and a web-server which can serve two or more websites using apache' | ||
+ | sudo apt install apache2 php mariadb-server | ||
+ | sudo mkdir -p / | ||
+ | sudo mkdir -p / | ||
+ | sudo chown -R $USER:$USER / | ||
+ | sudo chown -R $USER:$USER / | ||
+ | sudo chmod 755 /var/www | ||
+ | |||
+ | Later, when you change one or both of these sites to a content management system (CMS), you will need to adjust ownership/ | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Make sure to repeat the above steps for site2.com. | ||
+ | | ||
+ | sudo cp / | ||
+ | sudo nano / | ||
+ | < | ||
+ | ServerAdmin name@site1.com | ||
+ | ServerName site1.com | ||
+ | ServerAlias www.site1.com | ||
+ | DocumentRoot / | ||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | </ | ||
+ | | ||
+ | Make sure to repeat the steps above for the second virtual host site2.com.conf. | ||
+ | | ||
+ | sudo a2ensite site1.com.conf | ||
+ | sudo a2ensite site2.com.conf | ||
+ | sudo cp -r / | ||
+ | sudo rm -r / | ||
+ | sudo a2dissite 000-default.conf | ||
+ | | ||
+ | Now, in order for the server to correctly identify itself in headers, for example, when WP or another CMS sends an email to a user to restore their account, you need to adjust your host and domain name in the hosts file. if you prefer put some local dns entries in /etc/hosts | ||
+ | | ||
+ | sudo nano /etc/hosts | ||
+ | | ||
+ | Append something like this to the bottom: | ||
+ | | ||
+ | xxx.xxx.xxx.xxx site1.com site1 | ||
+ | |||
+ | Make sure to do this for each domain. | ||
+ | |||
+ | sudo apache2ctl configtest | ||
+ | sudo systemctl restart apache2.service | ||
+ | |||
+ | Visit site1.com and site2.com and debug. | ||
+ | |||
+ | sudo openssl req -x509 -nodes -days 7305 -newkey rsa:2048 -keyout / | ||
+ | | ||
+ | Repeat this for site2.com and make sure to answer the question about your FQDN correctly. | ||
+ | |||
+ | Configure the TLS virtual hosts for each domain previously configured above. | ||
+ | |||
+ | sudo cp / | ||
+ | sudo cp / | ||
+ | |||
+ | Open the first TLS virtual host configuration file: | ||
+ | |||
+ | sudo nano / | ||
+ | < | ||
+ | < | ||
+ | ServerAdmin name@site1.com | ||
+ | ServerName site1.com | ||
+ | DocumentRoot / | ||
+ | </ | ||
+ | BrowserMatch "MSIE [2-6]" \ | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Repeat the steps above for the site2.com-ssl.conf virtual host. If you want to enter some modules, then do so after the " | ||
+ | | ||
+ | sudo a2enmod ssl | ||
+ | sudo a2enmod headers | ||
+ | sudo apache2ctl configtest | ||
+ | sudo a2ensite site1.com-ssl.conf | ||
+ | sudo a2ensite site2.com-ssl.conf | ||
+ | | ||
+ | Visit both sites using Firefox, and ensure they resolve - if not, check each step and debug. | ||
+ | |||
+ | sudo apt install certbot letsencrypt python3-certbot-apache | ||
+ | sudo certbot --authenticator standalone --installer apache -d site1.com --pre-hook " | ||
+ | |||
+ | When LE prompts you, make sure to specify to " | ||
+ | |||
+ | sudo systemctl restart apache2 | ||
+ | | ||
+ | Let's Encrypt expires often, so you likely want a cron job to update everything for you when/if needed: | ||
+ | | ||
+ | sudo crontab -e | ||
+ | 30 2 * * 1 / | ||
+ | sudo systemctl restart cron.service | ||
+ | sudo systemctl restart apache2 | ||
+ | |||
+ | If this is a public IP on a VPS and you are new to GNU/Linux, then you should set up a firewall as a precaution. | ||
+ | | ||
+ | sudo apt install ufw | ||
+ | sudo ufw allow 22 | ||
+ | sudo ufw allow 80 | ||
+ | sudo ufw allow 443 | ||
+ | sudo ufw enable | ||
+ | | ||
+ | If you are comfortable with GNU/Linux and know how to check '' | ||
+ | |||
+ | sudo touch / | ||
+ | sudo chmod 750 / | ||
+ | sudo chown $USER:$USER / | ||
+ | sudo nano / | ||
+ | | ||
+ | Ok, now that we created the script file and made it executable, paste in the contents below but adjust them to your needs: | ||
+ | |||
+ | #!/bin/sh | ||
+ | #functions | ||
+ | RESTART="/ | ||
+ | SERVICE=" | ||
+ | LOGFILE="/ | ||
+ | #check for the word dead in the service output from systemctl | ||
+ | if | ||
+ | systemctl status apache2.service | grep dead | ||
+ | then | ||
+ | echo " | ||
+ | $RESTART >> $LOGFILE | ||
+ | mail -s " | ||
+ | else | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | Alright, no point in making an apache monitoring script unless it runs automatically, | ||
+ | |||
+ | sudo crontab -e | ||
+ | * * * * * /bin/bash / | ||
+ | sudo systemctl restart cron | ||
+ | |||
+ | Also, log files can build up quickly, so adjust logrotate so that you don't use up precious storage recklessly! | ||
+ | |||
+ | sudo nano / | ||
+ | / | ||
+ | daily | ||
+ | rotate 10 | ||
+ | delaycompress | ||
+ | compress | ||
+ | notifempty | ||
+ | missingok | ||
+ | size 100000k | ||
+ | } | ||
+ | |||
+ | Awesome! | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | This tutorial is a designated " | ||
+ | |||
+ | --- // |