Xen2006/Ubuntu/ApachePHPSSL
From nformation
This section details installing Apache2 + PHP4 + ssl and various configuration instructions.
Contents |
Install packages
Apache2 + PHP4 + SSL
apt-get -y install apache2 apache2-common apache2-mpm-prefork apache2-utils libapache2-mod-auth-pam libapache2-mod-chroot libapache2-mod-php4 php4 php4-common php4-mysql
That's a long line but it should do it for you...
SSL
This section is all about getting SSL up and running.
Add SSL
Here's what we need to do in order to get SSL working.
We'll start by making a self signed key. We can swap a proper signed key in to replace it later.
# apache2-ssl-certificate
Answer the questions.
Make a SSL configuration file
First we're going to want to enable the rewrite module so we can force things to be SSL only.
# a2enmod rewrite
You'll want to make a new configuration file for the ssl host.
# vi /etc/apache2/sites-available/ssl
And paste this in:
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/
<Directory />
# Turn on password checking from /etc/passwd
AuthPAM_Enabled on
AuthType Basic
AuthName "PAM"
require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
You may also want to change some other things in these files (like the administrator's email address so that people can contact you if they have problems.)
Turn SSL config on
Make apache listen to the ssl port.
# echo "Listen 443" >> /etc/apache2/ports.conf
Enable SSL server modules
# a2enmod ssl
Enable SSL site
# a2ensite ssl
Disable non-ssl access
We want to gracefully disable non-ssl access.
Update the default host config
Backup your old default configuration
# mv /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
Now you'll want to update the default host configuration file:
# vi /etc/apache2/sites-available/default
Where you'll want to make it say this:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster@localhost
# Force things over to SSL
<LocationMatch "^/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
DocumentRoot /var/www/non-ssl
# Start by locking everything up.
<Directory />
Order Deny,Allow
Deny from all
AllowOverride None
</Directory>
# Allow actions for web root
<Directory /var/www/non-ssl>
Order Deny,Allow
Allow from all
Options FollowSymLinks
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
Setup default document root
Make the directory
# mkdir /var/www/non-ssl
Make an index.php file that does a redirect:
# vi /var/www/non-ssl/index.php
and make it say this :
<?php
$h = $_SERVER['SERVER_NAME'];
header("Location: https://$h/");
?>
Restart Apache
To restart apache to see if our new settings took :
# /etc/init.d/apache2 restart