Server Installation/Apache: Unterschied zwischen den Versionen
Aus Opennet
(Die Seite wurde neu angelegt: „{| class="wikitable sortable" ! Protokoll !! Host !! VHost/Path !! Service !! Bemerkung |- | HTTPS | www | *opennet-initiative.de/transfer | WebDAV | Umziehen?…“) |
Leo (Diskussion | Beiträge) (Anmerkung graphen Umzug) |
||
(38 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 2: | Zeile 2: | ||
! Protokoll !! Host !! VHost/Path !! Service !! Bemerkung | ! Protokoll !! Host !! VHost/Path !! Service !! Bemerkung | ||
|- | |- | ||
− | + | | HTTP(S) | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | | HTTP | + | |
| www | | www | ||
| www.opennet-initiative.de/ | | www.opennet-initiative.de/ | ||
− | | Redirect wiki | + | | Redirect -> wiki |
− | | | + | | OK. |
|- | |- | ||
− | | HTTP | + | | HTTP(S) |
| www | | www | ||
| www.opennet-initiative.de/download | | www.opennet-initiative.de/download | ||
| Download | | Download | ||
− | | OK. | + | | Umgezogen (hikaru). Weiterer Umzug nach ruri - downloads.<on> |
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | www.opennet-initiative.de/gallery/ | ||
+ | | Gallery Rewrite | ||
+ | | Umzug auf neue Software? | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | www.opennet-initiative.de/graphen/ | ||
+ | | Graph Rewrite | ||
+ | | Umzug graph.<on>? Nutzung von Munin (Daten länger vorhalten bei Unerreichbarkeit? - siehe cronjob auf howmei) URLs im MediaWiki Plugin und neuen Karte anpassen. | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | olsr.opennet-initiative.de | ||
+ | | SSID Rewrite | ||
+ | | Gelöscht. Erledigt. | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | www.opennet-initiative.de/forum | ||
+ | | Forum Rewrite | ||
+ | | Gelöscht. Erledigt. | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | wiki | ||
+ | | wiki.opennet-initiative.de/wiki/ | ||
+ | | MediaWiki Rewrite | ||
+ | | OK - Datenmigration offen | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | www.opennet-initiative.de/freifunk/ | ||
+ | | Freifunk API | ||
+ | | Umgezogen (jun). Erledigt. | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | list.opennet-initiative.de | ||
+ | | Mailman Rewrite | ||
+ | | ''Umzug Mailserver'' | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | mail.opennet-initiative.de/mail | ||
+ | | ?? | ||
+ | | ''Umzug Mailserver'' | ||
+ | |- | ||
+ | | HTTP(S) | ||
+ | | www | ||
+ | | mail.opennet-initiative.de/service | ||
+ | | ?? | ||
+ | | ''Umzug Mailserver'' | ||
|} | |} | ||
+ | |||
+ | === Werkzeuge === | ||
+ | |||
+ | * ''apachectl configcheck'' - Überprüfung der Konfiguration (sinnvoll vor dem Neustart vom Apache Dienst) | ||
+ | |||
+ | === Default Config === | ||
+ | |||
+ | * /etc/apache2/ports.conf | ||
+ | Listen 80 | ||
+ | <IfModule mod_ssl.c> | ||
+ | Listen 443 | ||
+ | </IfModule> | ||
+ | <IfModule mod_gnutls.c> | ||
+ | Listen 443 | ||
+ | </IfModule> | ||
+ | |||
+ | * /etc/apache2/conf-enabled/security.conf | ||
+ | ServerTokens Prod | ||
+ | ServerSignature Off | ||
+ | TraceEnable Off | ||
+ | |||
+ | * /etc/apache2/mods-enabled/ssl.conf | ||
+ | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | ||
+ | SSLHonorCipherOrder on | ||
+ | SSLStrictSNIVHostCheck on | ||
+ | |||
+ | * /etc/apache2/sites-enabled/000-default | ||
+ | <VirtualHost *:80> | ||
+ | ServerAdmin admin@opennet-initiative.de | ||
+ | DocumentRoot /var/www | ||
+ | <Directory /> | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | </Directory> | ||
+ | <Directory /var/www/> | ||
+ | Options Indexes FollowSymLinks MultiViews | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | allow from all | ||
+ | </Directory> | ||
+ | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
+ | LogLevel warn | ||
+ | CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
+ | </VirtualHost> | ||
+ | |||
+ | * /etc/apache2/sites-enabled/001-default-ssl | ||
+ | <IfModule mod_ssl.c> | ||
+ | <VirtualHost _default_:443> | ||
+ | ServerAdmin admin@opennet-initiative.de | ||
+ | DocumentRoot /var/www | ||
+ | <Directory /> | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | </Directory> | ||
+ | <Directory /var/www/> | ||
+ | Options Indexes FollowSymLinks MultiViews | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | allow from all | ||
+ | </Directory> | ||
+ | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
+ | # Possible values include: debug, info, notice, warn, error, crit, | ||
+ | # alert, emerg. | ||
+ | LogLevel warn | ||
+ | CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/ssl/<servername>.opennet-initiative.de_certchain.crt | ||
+ | SSLCertificateKeyFile /etc/ssl/private/<servername>.opennet-initiative.de.key | ||
+ | <FilesMatch "\.(cgi|shtml|phtml|php)$"> | ||
+ | SSLOptions +StdEnvVars | ||
+ | </FilesMatch> | ||
+ | <Directory /usr/lib/cgi-bin> | ||
+ | SSLOptions +StdEnvVars | ||
+ | </Directory> | ||
+ | BrowserMatch "MSIE [2-6]" \ | ||
+ | nokeepalive ssl-unclean-shutdown \ | ||
+ | downgrade-1.0 force-response-1.0 | ||
+ | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | ||
+ | </VirtualHost> | ||
+ | </IfModule> | ||
+ | |||
+ | === HTTP/2 === | ||
+ | |||
+ | * Modul Apache HTTP/2 aktivieren: | ||
+ | a2enmod http2 | ||
+ | * Protokoll für HTTP/S Site aktivieren: | ||
+ | <VirtualHost *:80> | ||
+ | Protocols h2 h2c http/1.1 | ||
+ | ... | ||
+ | <VirtualHost *:443> | ||
+ | Protocols h2 h2c http/1.1 | ||
+ | ... | ||
+ | * Apache neu starten: | ||
+ | systemctl restart apache2 | ||
+ | * Kontrolle: | ||
+ | curl -vso /dev/null --http2 https://<site> | ||
+ | ... | ||
+ | * Using HTTP2, server supports multi-use | ||
+ | * Connection state changed (HTTP/2 confirmed) | ||
+ | * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 | ||
+ | * Using Stream ID: 1 (easy handle 0x7ffa00805200) | ||
+ | > GET / HTTP/2 | ||
+ | ... | ||
+ | * PHP Unterstützung bei Umstellung mpm-prefork nach mpm-event (Stand Debian Stretch): | ||
+ | apt install libapache2-mod-fcgid php7.0-fpm | ||
+ | a2dismod php7.0 | ||
+ | a2dismod mpm_prefork | ||
+ | a2enmod mpm_event | ||
+ | a2enmod actions fcgid proxy_fcgi alias setenvif | ||
+ | a2enconf php7.0-fpm | ||
+ | systemctl reload apache2 | ||
[[Kategorie:Server]] | [[Kategorie:Server]] |
Aktuelle Version vom 7. März 2021, 17:04 Uhr
Protokoll | Host | VHost/Path | Service | Bemerkung |
---|---|---|---|---|
HTTP(S) | www | www.opennet-initiative.de/ | Redirect -> wiki | OK. |
HTTP(S) | www | www.opennet-initiative.de/download | Download | Umgezogen (hikaru). Weiterer Umzug nach ruri - downloads.<on> |
HTTP(S) | www | www.opennet-initiative.de/gallery/ | Gallery Rewrite | Umzug auf neue Software? |
HTTP(S) | www | www.opennet-initiative.de/graphen/ | Graph Rewrite | Umzug graph.<on>? Nutzung von Munin (Daten länger vorhalten bei Unerreichbarkeit? - siehe cronjob auf howmei) URLs im MediaWiki Plugin und neuen Karte anpassen. |
HTTP(S) | www | olsr.opennet-initiative.de | SSID Rewrite | Gelöscht. Erledigt. |
HTTP(S) | www | www.opennet-initiative.de/forum | Forum Rewrite | Gelöscht. Erledigt. |
HTTP(S) | wiki | wiki.opennet-initiative.de/wiki/ | MediaWiki Rewrite | OK - Datenmigration offen |
HTTP(S) | www | www.opennet-initiative.de/freifunk/ | Freifunk API | Umgezogen (jun). Erledigt. |
HTTP(S) | www | list.opennet-initiative.de | Mailman Rewrite | Umzug Mailserver |
HTTP(S) | www | mail.opennet-initiative.de/mail | ?? | Umzug Mailserver |
HTTP(S) | www | mail.opennet-initiative.de/service | ?? | Umzug Mailserver |
[Bearbeiten] Werkzeuge
- apachectl configcheck - Überprüfung der Konfiguration (sinnvoll vor dem Neustart vom Apache Dienst)
[Bearbeiten] Default Config
- /etc/apache2/ports.conf
Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
- /etc/apache2/conf-enabled/security.conf
ServerTokens Prod ServerSignature Off TraceEnable Off
- /etc/apache2/mods-enabled/ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLStrictSNIVHostCheck on
- /etc/apache2/sites-enabled/000-default
<VirtualHost *:80> ServerAdmin admin@opennet-initiative.de DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
- /etc/apache2/sites-enabled/001-default-ssl
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@opennet-initiative.de DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/<servername>.opennet-initiative.de_certchain.crt SSLCertificateKeyFile /etc/ssl/private/<servername>.opennet-initiative.de.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
[Bearbeiten] HTTP/2
- Modul Apache HTTP/2 aktivieren:
a2enmod http2
- Protokoll für HTTP/S Site aktivieren:
<VirtualHost *:80> Protocols h2 h2c http/1.1 ... <VirtualHost *:443> Protocols h2 h2c http/1.1 ...
- Apache neu starten:
systemctl restart apache2
- Kontrolle:
curl -vso /dev/null --http2 https://<site> ... * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7ffa00805200) > GET / HTTP/2 ...
- PHP Unterstützung bei Umstellung mpm-prefork nach mpm-event (Stand Debian Stretch):
apt install libapache2-mod-fcgid php7.0-fpm a2dismod php7.0 a2dismod mpm_prefork a2enmod mpm_event a2enmod actions fcgid proxy_fcgi alias setenvif a2enconf php7.0-fpm systemctl reload apache2