|
|
| (13 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| {{Box File|/etc/portage/package.unmask| | | This Apache setup explains how to configure Apache 2.4 with the mpm-itk worker so we can have different users for our virtual hosts. Further we want to have a few SSL based virtual hosts on one IP for which we NEED a wildcard certificate if we want to support legacy operating system clients (Windows XP) which don't support SNI and some other SSL sites on different IP adresses, each with their own virtualhost and certificate. |
| | |
| | == Virtual hosting - HTTP == |
| | |
| | == Virtual hosting - SSL/SNI == |
| | First we disable the SSL_DEFAULT_VHOST if it's enabled by removing -D SSL_DEFAULT_VHOST from /etc/conf.d/apache2. |
| | {{File|/etc/conf.d/apache2| |
| <pre> | | <pre> |
| dev-libs/apr
| | -APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE" |
| dev-libs/apr-util
| | +APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D LANGUAGE" |
| net-www/apache
| |
| </pre> | | </pre> |
| }} | | }} |
|
| |
|
| | == HTTP2 support == |
|
| |
|
| {{Box File|/etc/portage/package.use| | | {{File|/etc/conf.d/apache2| |
| <pre> | | <pre> |
| dev-db/phpmyadmin vhosts
| | APACHE2_OPTS="[...] -D HTTP2" |
| dev-lang/php -xpm apache2 bzip2 mysql iconv unicode
| |
| net-www/apache apache2 threads mpm-peruser
| |
| </pre> | | </pre> |
| }} | | }} |
|
| |
|
| | == PHP Support == |
|
| |
|
| {{Codeline|# emerge apache php phpmyadmin}}
| | via [[PHP-FPM]]. |
|
| |
|
| {{Box File|/createvirtualhost.sh| | | {{File|/etc/conf.d/apache2| |
| <pre> | | <pre> |
| #!/bin/bash
| | APACHE2_OPTS="[...] -D PROXY -D FCGID" |
| | |
| #Usage: createvirtualhost <virtualhostname> <username> (scp)
| |
| #Example with scp login: createvirtualhost www.domain.com domain scp
| |
| #Example without scp login: createvirtualhost subdomain.domain.com subdomain
| |
| | |
| if [ "$3" = "scp" ] && [ ! -e /usr/sbin/scponlyc ]; then
| |
| echo -e You set the scponly options but scponly is not installed on your system. Installing it now...
| |
| emerge -a scponly
| |
| emerge -a --config =net-misc/scponly-4.6-r1
| |
| fi
| |
| | |
| htdocsuser=$(cat /etc/group | grep -c htdocs)
| |
| | |
| if [ $htdocsuser == 0 ]; then
| |
| echo -e Adding virtualhost group:
| |
| groupadd htdocs
| |
| else
| |
| echo -e Virualhost group htdocs exists - Good!
| |
| fi
| |
| | |
| echo -e Virtualhostname is: \ \ "$1"
| |
| echo -e Username for this virtual host is:\ "$2"
| |
| | |
| echo -e Adding virtualhost user:
| |
| if [ "$3" = "scp" ]; then
| |
| useradd -m -d /var/www/$1 -k /home/scponly -g htdocs -s /usr/sbin/scponlyc $2
| |
| else
| |
| useradd -m -d /var/www/$1 -k "" -g htdocs -s /bin/false $2
| |
| fi
| |
| | |
| echo -e Populating virtualhost directory:
| |
| mkdir -p /var/www/$1/cgi-bin /var/www/$1/error /var/www/$1/htdocs /var/www/$1/icons /var/www/$1/sessions /var/www/$1/tmp
| |
| if [ "$3" = "scp" ]; then
| |
| rmdir /var/www/$1/incoming
| |
| fi
| |
| | |
| echo -e Setting up virtualhost root path permissions:
| |
| chown root:root /var/www/$1
| |
| | |
| echo -e Setting up virtualhost user permissions:
| |
| chown -R $2:htdocs /var/www/$1/cgi-bin /var/www/$1/error /var/www/$1/htdocs /var/www/$1/icons /var/www/$1/sessions /var/www/$1/tmp
| |
| chmod -R 700 /var/www/$1/cgi-bin /var/www/$1/error /var/www/$1/htdocs /var/www/$1/icons /var/www/$1/sessions /var/www/$1/tmp
| |
| | |
| if [ "$3" = "scp" ]; then
| |
| echo -e Setting up the scponly environment:
| |
| echo root:x:0:0:root:/root:/bin/false > /var/www/$1/etc/passwd
| |
| cat /etc/passwd | grep $1 >> /var/www/$1/etc/passwd
| |
| echo root:x:0:root > /var/www/$1/etc/group
| |
| cat /etc/group | grep htdocs >> /var/www/$1/etc/group
| |
| fi
| |
| | |
| if [ "$3" = "scp" ]; then
| |
| echo -e Setting up scponly readonly permissions:
| |
| chown -R root:root /var/www/$1/bin /var/www/$1/dev /var/www/$1/etc /var/www/$1/lib /var/www/$1/usr
| |
| | |
| echo -e Setting scponly user password:
| |
| passwd $2
| |
| fi
| |
| | |
| #Virtual host template
| |
| # Options Indexes FollowSymlinks replaced with None
| |
| | |
| echo "Processor $2 htdocs
| |
| <VirtualHost *:80>
| |
| | |
| DocumentRoot \"/var/www/$1/htdocs\"
| |
| ServerName $1
| |
| DirectoryIndex index.htm index.html index.php
| |
| | |
| <IfModule mpm_peruser_module>
| |
| ServerEnvironment $2 htdocs
| |
| </IfModule>
| |
| | |
| <Directory \"/var/www/$1/htdocs\">
| |
| Options None
| |
| AllowOverride None
| |
| Order allow,deny
| |
| Allow from all
| |
| </Directory>
| |
| | |
| php_admin_value open_basedir /var/www/$1:/usr/bin:/usr/share/php
| |
| php_admin_value upload_tmp_dir /var/www/$1/tmp
| |
| php_admin_value session.save_path /var/www/$1/sessions
| |
| | |
| # Example phpmyadmin:
| |
| # Alias / /var/www/subdomain.domain.de/htdocs/phpmyadmin/
| |
| | |
| </VirtualHost>" > /etc/apache2/vhosts.d/$1.conf
| |
| </pre> | | </pre> |
| }} | | }} |
|
| |
|
| | | {{File|/etc/apache2/vhosts.d/subdomain.example.com.conf| |
| {{Box Code|webapp-config| | |
| <pre> | | <pre> |
| install:
| | [...] |
| emerge phpmyadmin
| | </Directory> |
| install in verzeichnis phpmyadmin
| |
| webapp-config -I -h subdomain.test-domain.de -d phpmyadmin phpmyadmin 2.8.2.1
| |
| install direkt in webroot
| |
| webapp-config -I -h subdomain.test-domain.de phpmyadmin 2.8.2.1
| |
| mysql -u root -p < /usr/share/webapps/phpmyadmin/2.8.2/sqlscripts/mysql/2.8.2_create.sql
| |
| <root passwort>
| |
|
| |
|
| upgrade:
| | # PHP-FPM |
| emerge phpmyadmin
| | <FilesMatch "\.(php|php5|phtml)$"> |
| webapp-config -U -h subdomain.test-domain.de -d phpmyadmin phpmyadmin 2.8.2.2
| | SetHandler "proxy:unix:/run/php-fpm-domain.example.com.sock|fcgi://localhost" |
| bzw
| | </FilesMatch> |
| webapp-config -U -h subdomain.test-domain.de phpmyadmin 2.8.2.2
| |
| CONFIG_PROTECT="/var/www/subdomain.test-domain.de/htdocs/phpmyadmin//libraries" etc-update
| |
| neue config löschen oder updaten und erneut
| |
| mysql -u root -p < /usr/share/webapps/phpmyadmin/2.8.2.2/sqlscripts/mysql/2.8.2.2_create.sql
| |
| ausführen
| |
| emerge -C phpmyadmin-alt
| |
|
| |
|
| uninstall:
| | SSLEngine On |
| webapp-config -C -h subdomain.test-domain.de -d phpmyadmin
| | [...] |
| bzw.
| |
| webapp-config -C -h subdomain.test-domain.de phpmyadmin
| |
| | |
| | |
| | |
| Webserver domain.de:
| |
| webapp-config -I -h phpmyadmin.domain.de -d phpmyadmin phpmyadmin 2.8.2.2
| |
| update:
| |
| emerge phpmyadmin
| |
| webapp-config -U -h phpmyadmin.domain.de -d phpmyadmin phpmyadmin 2.8.2.4
| |
| CONFIG_PROTECT="/var/www/phpmyadmin.domain.de/htdocs/phpmyadmin//libraries" etc-update
| |
| 1
| |
| 2
| |
| y
| |
| emerge -C phpmyadmin-<oldversion>
| |
| </pre> | | </pre> |
| }} | | }} |
|
| |
| [[Kategorie:Software]]
| |
This Apache setup explains how to configure Apache 2.4 with the mpm-itk worker so we can have different users for our virtual hosts. Further we want to have a few SSL based virtual hosts on one IP for which we NEED a wildcard certificate if we want to support legacy operating system clients (Windows XP) which don't support SNI and some other SSL sites on different IP adresses, each with their own virtualhost and certificate.
Virtual hosting - HTTP
Virtual hosting - SSL/SNI
First we disable the SSL_DEFAULT_VHOST if it's enabled by removing -D SSL_DEFAULT_VHOST from /etc/conf.d/apache2.
File: /etc/conf.d/apache2
-APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"
+APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D LANGUAGE"
HTTP2 support
File: /etc/conf.d/apache2
APACHE2_OPTS="[...] -D HTTP2"
PHP Support
via PHP-FPM.
File: /etc/conf.d/apache2
APACHE2_OPTS="[...] -D PROXY -D FCGID"
File: /etc/apache2/vhosts.d/subdomain.example.com.conf
[...]
</Directory>
# PHP-FPM
<FilesMatch "\.(php|php5|phtml)$">
SetHandler "proxy:unix:/run/php-fpm-domain.example.com.sock|fcgi://localhost"
</FilesMatch>
SSLEngine On
[...]