Noer IT

Brugerværktøjer

Webstedsværktøjer

Sti: proxmox_server_setup webserver_with_apache_php
gammel revision gendannet (2021/01/12 21:33)
webserver_with_apache_php

Apache & PHP

Add Ondrej repos for Apache & PHP 

add-apt-repository ppa:ondrej/apache2
add-apt-repository ppa:ondrej/php

Install Apache & PHP 

apt install apache2 libapache2-mod-fcgid php7.4-cli php7.4-curl php7.4-gd php7.4-intl php7.4-mbstring php7.4-opcache php7.4-soap php7.4-xmlrpc php7.4-common php7.4-fpm php7.4-imap php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-zip

Enable some modules 

a2enmod proxy_fcgi setenvif md headers http2 ssl

IonCube

Download & install IonCube https://www.ioncube.com/loaders.php 

wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar -C /usr/local -xf ioncube_loaders_lin_x86-64.tar.gz

Create file /etc/php/7.4/mods-available/ioncube.ini with content: 

zend_extension = /usr/local/ioncube/ioncube_loader_lin_7.4.so

Create links to this file 

ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/fpm/conf.d/00-ioncube.ini
ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/cli/conf.d/00-ioncube.ini

PHP Configuration

Create web home directory with tmp, logs and html

Create file /etc/php/7.4/fpm/pool.d/hostinggl.conf 

[user_hostinggl]
listen = "/run/php/hostinggl.sock"
listen.owner = "www-data"
listen.group = "hostinggl"
listen.mode = 0660
user = "hostinggl"
group = "hostinggl"
pm = ondemand
pm.max_children = 25
pm.process_idle_timeout = 15
slowlog = "/home/hostinggl/logs/php-fpm.slow.log"
php_admin_value[error_log] = "/home/hostinggl/logs/php.error.log"
php_admin_flag[log_errors] = on
php_admin_value[sys_temp_dir] = "/home/hostinggl/tmp"
php_admin_value[upload_tmp_dir] = "/home/hostinggl/tmp"
php_admin_value[max_input_vars] = 10000
php_value[session.save_handler] = files
php_value[session.save_path] = "/home/hostinggl/tmp"
env[TMPDIR] = "/home/hostinggl/tmp"
catch_workers_output = yes

Apache Configuration

Add these 2 lines to /etc/apache2/mods-enabled/ssl.conf 

# Set the location of the SSL OCSP Stapling Cache
 SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Add /etc/apache2/options-ssl-apache.conf with content: 

# Baseline setting to Include for SSL sites

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire

# Add vhost name to log entries:
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
#LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

# HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY

# OCSP
SSLUseStapling on
SSLStaplingResponseMaxAge 1800
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off




Example of config file for a host



<VirtualHost *:80>
  ServerName hosting.gl
  ServerAlias www.hosting.gl
  DocumentRoot /srv/vhost/hosting.gl/html
  ServerAdmin webmaster@hosting.gl
  UseCanonicalName On
  CustomLog /var/log/apache2/hosting.gl.log combined

  <Directory /srv/vhost/hosting.gl/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  <IfModule proxy_fcgi_module>
    <FilesMatch \.(phtml|php[0-9]*)$>
      SetHandler proxy:unix:/run/php/hostinggl.sock|fcgi://hosting.gl
    </FilesMatch>
  </IfModule> 
</VirtualHost>

MDomain hosting.gl

<VirtualHost *:443>
  ServerName hosting.gl
  ServerAlias www.hosting.gl
  DocumentRoot /srv/vhost/hosting.gl/html
  ServerAdmin webmaster@hosting.gl
  UseCanonicalName On
  CustomLog /var/log/apache2/hosting.gl-ssl.log combined

  <Directory /srv/vhost/hosting.gl/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  <IfModule mod_ssl.c>
    Include /etc/apache2/options-ssl-apache.conf
  </IfModule>

  <IfModule proxy_fcgi_module>
    <FilesMatch \.(phtml|php[0-9]*)$>
      SetHandler proxy:unix:/run/php/hostinggl.sock|fcgi://hosting.gl
    </FilesMatch>
  </IfModule>

  <IfModule headers_module>
    RequestHeader set X-HTTPS 1
  </IfModule>
</VirtualHost>







                    
                                    


                
webserver_with_apache_php.txt · Sidst ændret: 2026/05/28 23:38 af 216.73.216.233


                            


            


            
            

                
Sideværktøjer

                

                    
                

            

        


        



    
Med mindre andet angivet, vil indhold på denne wiki blive udgivet under følgende licens: CC Attribution-Share Alike 4.0 International

    

        CC Attribution-Share Alike 4.0 International        Donate
        Powered by PHP
        Valid HTML5
        Valid CSS
        Driven by DokuWiki