Monday, April 5, 2010
Ubuntu, LAMP, SSL, CGI and password protection
I'll setup a minimal install of Ubuntu 9.10, Apache webserver, MySQL database and make it PHP compatible. I'll be using a self signed SSL certificate, create a Virtual Host and password protect the space. I'll also make the Virual Host ready to run CGI scripts.
1. Install LAMP environment:
Login as "root"
change memory_limit = 16M to memory_limit = 32M
From another PC type http://yourserverip/info.php in your browser and you should see some nice info about your PHP installation. After we've seen this page, we know PHP works and "info.php" can be removed:
#NameVirtualHost *:80
#Listen 80
2. Configure a SSL and CGI ready Virtual Host:
Change ServerAdmin webmaster@localhost to ServerAdmin youremail@address
Add ServerName www.mydomain.com:443 under ServerAdmin line
Change DocumentRoot /var/www to DocumentRoot /var/www/www.mydomain.com/public_html
Change AllowOverride None to AllowOverride AuthConfig
Change <Directory /var/www/> to <Directory /var/www/www.mydomain.com/>
Change AllowOverride None to AllowOverride AuthConfig
Change ScriptAlias to ScriptAlias /cgi-bin/ /var/www/www.mydomain.com/cgi-bin/
Change <Directory "/usr/lib/cgi-bin"> to <Directory "/var/www/www.mydomain.com/cgi-bin">
Change ErrorLog /var/www/www.mydomain.com/logs/error.log
Change CustomLog to CustomLog /var/www/www.mydomain.com/logs/ssl_access.log combined
Change, under </FilesMatch>, <Directory /usr/lib/cgi-bin> to <Directory /var/www/www.mydomain.com/cgi-bin>
3. Create my own self-signed certificate:
The following will create a self-signed certificate and private key file in one file:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
to
SSLCertificateFile /etc/ssl/certs/www.mydomain.com.pem
and
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
to
SSLCertificateKeyFile /etc/ssl/private/www.mydomain.com.key
4. Password protect the Virtual host:
NOTE: To add more usernames and passwords to the same file you must:
htpasswd -s .htpasswd anotherusername
The .htaccess file must exist in the directory that you want to protect:
AuthUserFile /var/www/www.mydomain.com/.htpasswd
AuthType Basic
AuthName "Enter Login Details"
Require valid-user
1. Install LAMP environment:
Login as "root"
apt-get update
apt-get install mysql-server mysql-client apache2 ssl-cert php5 libapache2-mod-php5 php5-mysql php5-mcrypt php5-memcache php5-snmp php5-xmlrpc php5-xsl php5-suhosin apache2-suexec libapache2-mod-ruby libapache2-mod-perl2 libapache2-mod-python python-mysqldbecho "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
echo "<?php phpinfo(); ?>" > /var/www/info.php
nano /etc/php5/apache2/php.inichange memory_limit = 16M to memory_limit = 32M
/etc/init.d/apache2 restartFrom another PC type http://yourserverip/info.php in your browser and you should see some nice info about your PHP installation. After we've seen this page, we know PHP works and "info.php" can be removed:
rm -rf /var/www/info.phpnano /etc/apache2/ports.conf#NameVirtualHost *:80
#Listen 80
2. Configure a SSL and CGI ready Virtual Host:
a2enmod ssl
/etc/init.d/apache2 restart
mkdir -p /var/www/www.mydomain.com/public_html
mkdir /var/www/www.mydomain.com/cgi-bin
mkdir /var/www/www.mydomain.com/logs
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/www.mydomain.com
nano /etc/apache2/sites-available/www.mydomain.comChange ServerAdmin webmaster@localhost to ServerAdmin youremail@address
Add ServerName www.mydomain.com:443 under ServerAdmin line
Change DocumentRoot /var/www to DocumentRoot /var/www/www.mydomain.com/public_html
Change AllowOverride None to AllowOverride AuthConfig
Change <Directory /var/www/> to <Directory /var/www/www.mydomain.com/>
Change AllowOverride None to AllowOverride AuthConfig
Change ScriptAlias to ScriptAlias /cgi-bin/ /var/www/www.mydomain.com/cgi-bin/
Change <Directory "/usr/lib/cgi-bin"> to <Directory "/var/www/www.mydomain.com/cgi-bin">
Change ErrorLog /var/www/www.mydomain.com/logs/error.log
Change CustomLog to CustomLog /var/www/www.mydomain.com/logs/ssl_access.log combined
Change, under </FilesMatch>, <Directory /usr/lib/cgi-bin> to <Directory /var/www/www.mydomain.com/cgi-bin>
a2dissite default-ssl
a2ensite www.mydomain.com
/etc/init.d/apache2 restart3. Create my own self-signed certificate:
The following will create a self-signed certificate and private key file in one file:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/www.mydomain.com.crt
cat /etc/ssl/private/www.mydomain.com.crtnano /etc/ssl/private/www.mydomain.com.keynano /etc/ssl/certs/www.mydomain.com.pemrm -f /etc/ssl/private/www.mydomain.com.crt
nano /etc/apache2/sites-available/www.mydomain.comSSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
to
SSLCertificateFile /etc/ssl/certs/www.mydomain.com.pem
and
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
to
SSLCertificateKeyFile /etc/ssl/private/www.mydomain.com.key
/etc/init.d/apache2 restart
> /var/www/index.html4. Password protect the Virtual host:
cd /var/www/www.mydomain.comhtpasswd -c -s .htpasswd yourusernameNOTE: To add more usernames and passwords to the same file you must:
htpasswd -s .htpasswd anotherusername
The .htaccess file must exist in the directory that you want to protect:
nano /var/www/www.mydomain.com/public_html/.htaccessAuthUserFile /var/www/www.mydomain.com/.htpasswd
AuthType Basic
AuthName "Enter Login Details"
Require valid-user
/etc/init.d/apache2 restart
