Apache¶
# list the first read config file. Show the current mpm, and mod_status
apachectl -V
# restart
systemctl restart apache2
# reload
service apache2 reload
# enable modules
a2enmod [rewrite] [ssl] ...
# show modules
apache2ctl -M
# test configuration
apachectl configtest
# enable site
a2ensite <site>
# disable site
a2dissite <site>
Generate a self-signed SSL certificate:
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/site.key -out /etc/apache2/ssl/site.crt
chmod 600 /etc/apache2/ssl/*
Apache Prefork MPM¶
Apache PHP CGI mode¶
default.conf
:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
#<Directory />
# Options FollowSymLinks
# AllowOverride All
#</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
AddHandler cgi-handler .php
Action cgi-handler /cgi-bin/php-cgi
</Directory>
ScriptAlias /cgi-bin/ /opt/php5.2/bin/
<Directory "/opt/php5.2/bin/">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Apache PHP module mode¶
default.conf
:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
DirectoryIndex index.php
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Security Apache¶
- ModSecurity
- mod_evasive
- Fail2ban