[article_overview]
Apache virtual domains on Debian Lenny
Virtual domains allows one ip to host multiple domains
Software to install:
apache
ssl certs
php
[/article_overview]
Install apache
1
|
aptitude install apache2
|
Install php5 and some useful modules
1
2
3
|
aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-gd php5-imagick \
php5-mcrypt php5-mhash php5-mysql php5-sqlite php5-xmlrpc php-apc php5-cli \
php5-imap php5-pspell php5-tidy
|
Debian is configured to install apache modules and sites in a modular fashion
files in [strong]mods-enabled/[/strong] and [strong]sites-enabled/[/strong] are actually symlinks to files in [strong]mods-available/[/strong] and [strong]sites-available/[/strong]
to manage the symlinks, use:
*a2enmod - enable a module
*a2dismod - disable a module
*a2ensite - enable a site
*a2dissite - disable a site
Create the directories for web files/logs and assign permissions
www-data is the default Debian apache user
1
2
3
4
5
|
mkdir /home/domains/<domain>.com/www/
mkdir /home/domains/<domain>.com/www/htdoc
mkdir /home/domains/<domain>.com/www/log
chown www-data:www-data /home/domains/<domain>.com/www/log
chown www-data:www-data /home/domains/<domain>.com/www/htdoc
|
Allow ssl
1
|
vi /etc/apache2/ports.conf
|
Replace the wildcard * with your real ip and uncomment the lines with the ssl port 443
1
2
3
4
5
|
NameVirtualHost <ip>:80
Listen 80
NameVirtualHost <ip>:443
Listen 443
|
To get https, install the gnutls modules and enable it
1
2
3
|
aptitude install libapache2-mod-gnutls
a2enmod gnutls
|
To create a virtual website
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
vi /etc/apache2/sites-available/<domains>.com
<VirtualHost <ip>:443>
ServerName <domain>.com:443
ServerAlias *.<domain>.com
UseCanonicalName Off
ServerAdmin webmaster@localhost
DocumentRoot /home/domains/<domain>/www/
<Directory /home/domains/<domain>/www/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog /home/domains/<domain>/log/www/access.log combined
ErrorLog /home/domains/<domain>/log/www/error.log
GnuTLSEnable on
GnuTLSCertificateFile /etc/ssl/certs/apache2.pem
GnuTLSKeyFile /etc/ssl/private/apache2.pem
GnuTLSPriorities NORMAL
</VirtualHost>
<VirtualHost <ip>:80>
ServerName <domain>.com:80
ServerAlias *.<domain>.com
UseCanonicalName Off
ServerAdmin webmaster@localhost
DocumentRoot /home/domains/<domain>/www/
<Directory /home/domains/<domain>/www/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog /home/domains/<domain>/log/www/access.log combined
ErrorLog /home/domains/<domain>/log/www/error.log
</VirtualHost>
|
Enable the domain
Restart apache
1
|
/etc/init.d/apache2 restart
|
Test that php is installed
1
|
vi /home/domains/<domain>/www/test.php
|
Add the following
1
2
3
|
<?php
phpinfo();
?>
|
Access the page via your domain
http://<domain>/test.php
If everything went well, you should be able to access your domain
If you want unique ssl certificates per domain
1
2
3
4
5
|
mkdir /home/domains/<domain>.com/ssl
mkdir /home/domains/<domain>.com/ssl/private
mkdir /home/domains/<domain>.com/ssl/certs
vi /etc/apache2/sites-available/<domains>.com
|
Update
1
2
3
4
|
GnuTLSEnable on
GnuTLSCertificateFile /home/domains/<domain>.com/ssl/certs/apache2.pem
GnuTLSKeyFile /home/domains/<domain>.com/ssl/private/apache2.pem
GnuTLSPriorities NORMAL
|
Now create ssl certificates for use
1
2
3
4
5
6
7
8
9
10
11
12
|
openssl req -new -x509 -days 3650 -nodes -out /home/domains/<domain>/ssl/certs/apache2.pem -keyout /home/domains/<domain>/ssl/private/apache2.pem
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <space>
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:*.<domain>.com
Email Address []:
chmod o= /home/domains/<domain>/ssl/private/apache2.pem
chown www-data:www-data /home/domains/<domain>.com/ssl/certs/apache2.pem
|
Restart apache
1
|
/etc/init.d/apache2 restart
|
Rotate domain apache logs
1
|
vi /etc/logrotate.d/apache2
|
Append to the list of logs the domain logs
1
2
|
"/var/log/apache/*log" "/home/domains/*/www/log/*log" {
}
|
the asterick (*) will catch all directories (domains) under /home/domains/
Optimize apache
Override some of the default apache config
1
|
vi /etc/apache2/httpd.conf
|
Update
1
2
3
4
5
6
7
8
9
|
HostnameLookups Off
<IfModule mpm_prefork_module>
StartServers 15
MinSpareServers 10
MaxSpareServers 20
ServerLimit 512
MaxClients 512
MaxRequestsPerChild 0
</IfModule>
|
Some mild security
1
2
3
4
5
6
7
8
9
10
|
vi /etc/apache2/conf.d/security
#ServerTokens Minimal
ServerTokens Prod
ServerSignature Off
#ServerSignature On
TraceEnable Off
#TraceEnable On
|
Update default domain so errors go there instead of the first virtual domain
1
|
vi /etc/apache2/sites-available/default
|
Update, replace * with <ip>
Restart apache
1
|
/etc/init.d/apache2 restart
|
9
