Noer IT

Brugerværktøjer

Webstedsværktøjer

Sti: webserver_with_apache_php
webserver_with_apache_php

Forskelle

Dette viser forskellene mellem den valgte og den nuværende udgave af dokumentet. Gul er linjer der findes i den gamle udgave, og grøn er linjer der findes i den nuværende.

Link til denne sammenlinings vising

Begge sider forrige revision Forrige revision
Næste revision 		Forrige revision
webserver_with_apache_php [2021/01/12 20:33]
noer 		webserver_with_apache_php [2021/01/12 22:47] (nuværende)
noer
Linje 13: Linje 13:
 Enable some modules Enable some modules
 <code> <code>
-a2enmod proxy_fcgi setenvif md+a2enmod proxy_fcgi setenvif rewrite md headers http2 ssl
 </code> </code>
  
Linje 20: Linje 20:
 <code> <code>
 wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
 +tar -C /usr/local -xf ioncube_loaders_lin_x86-64.tar.gz
 </code> </code>
- 
-Copy content to ''/usr/local/'' 
  
 Create file ''/etc/php/7.4/mods-available/ioncube.ini'' with content: Create file ''/etc/php/7.4/mods-available/ioncube.ini'' with content:
Linje 34: Linje 33:
 ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/cli/conf.d/00-ioncube.ini ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/cli/conf.d/00-ioncube.ini
 </code> </code>
 +
 +
 +=== PHP Configuration ===
 +Create web home directory with ''tmp'', ''logs'' and ''html''
 +
 +Create file ''/etc/php/7.4/fpm/pool.d/hostinggl.conf''
 +<code>
 +[user_hostinggl]
 +listen = "/run/php/hostinggl.sock"
 +listen.owner = "www-data"
 +listen.group = "hostinggl"
 +listen.mode = 0660
 +user = "hostinggl"
 +group = "hostinggl"
 +pm = ondemand
 +pm.max_children = 25
 +pm.process_idle_timeout = 15
 +slowlog = "/home/hostinggl/logs/php-fpm.slow.log"
 +php_admin_value[error_log] = "/home/hostinggl/logs/php.error.log"
 +php_admin_flag[log_errors] = on
 +php_admin_value[sys_temp_dir] = "/home/hostinggl/tmp"
 +php_admin_value[upload_tmp_dir] = "/home/hostinggl/tmp"
 +php_admin_value[max_input_vars] = 10000
 +php_value[session.save_handler] = files
 +php_value[session.save_path] = "/home/hostinggl/tmp"
 +env[TMPDIR] = "/home/hostinggl/tmp"
 +catch_workers_output = yes
 +</code>
 +
 +
 +=== Apache Configuration ===
 +Add these 2 lines to ''/etc/apache2/mods-enabled/ssl.conf''
 +<code>
 +# Set the location of the SSL OCSP Stapling Cache
 + SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
 +</code>
 +
 +Add ''/etc/apache2/options-ssl-apache.conf'' with content:
 +<code>
 +# Baseline setting to Include for SSL sites
 +
 +SSLEngine on
 +
 +# Intermediate configuration, tweak to your needs
 +SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 +SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 +SSLHonorCipherOrder     on
 +SSLCompression          off
 +
 +SSLOptions +StrictRequire
 +
 +# Add vhost name to log entries:
 +#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
 +#LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
 +
 +#CustomLog /var/log/apache2/access.log vhost_combined
 +#LogLevel warn
 +#ErrorLog /var/log/apache2/error.log
 +
 +# Always ensure Cookies have "Secure" set (JAH 2012/1)
 +#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
 +
 +# HSTS
 +Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 +Header always set X-Frame-Options DENY
 +
 +# OCSP
 +SSLUseStapling on
 +SSLStaplingResponseMaxAge 1800
 +SSLStaplingResponderTimeout 5
 +SSLStaplingReturnResponderErrors off
 +</code>
 +
 +<code>
 +</code>
 +
  
  
Linje 41: Linje 116:
   ServerName hosting.gl   ServerName hosting.gl
   ServerAlias www.hosting.gl   ServerAlias www.hosting.gl
-  DocumentRoot /srv/vhost/hosting.gl+  DocumentRoot /srv/vhost/hosting.gl/html
   ServerAdmin webmaster@hosting.gl   ServerAdmin webmaster@hosting.gl
   UseCanonicalName On   UseCanonicalName On
Linje 64: Linje 139:
   ServerName hosting.gl   ServerName hosting.gl
   ServerAlias www.hosting.gl   ServerAlias www.hosting.gl
-  DocumentRoot /srv/vhost/hosting.gl+  DocumentRoot /srv/vhost/hosting.gl/html
   ServerAdmin webmaster@hosting.gl   ServerAdmin webmaster@hosting.gl
   UseCanonicalName On   UseCanonicalName On
Linje 74: Linje 149:
     Require all granted     Require all granted
   </Directory>   </Directory>
- 
-  Header always set X-Frame-Options DENY 
  
   <IfModule mod_ssl.c>   <IfModule mod_ssl.c>
webserver_with_apache_php.1610483618.txt.gz · Sidst ændret: 2021/01/12 20:33 af noer

Sideværktøjer

Med mindre andet angivet, vil indhold på denne wiki blive udgivet under følgende licens: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki