The Perfect Setup - Ubuntu 6.10 Server (Edgy Eft) - Page 6

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2006-10-26 20:59. ::

14 Apache/PHP5

Now we install Apache:

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert

Next we install PHP5:

apt-get install autoconf automake1.4 autotools-dev libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php-pear php5-ldap php5-mhash php5-mysql php5-mysqli php5-snmp php5-sqlite php5-xmlrpc php5-xsl php5-imap php5-mcrypt php5-pspell

You will be asked the following question:

Continue installing libc-client without Maildir support? <-- Yes

Next we edit /etc/apache2/apache2.conf

vi /etc/apache2/apache2.conf

and change DirectoryIndex to

[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml
[...]

Edit /etc/apache2/ports.conf and add Listen 443:

vi /etc/apache2/ports.conf

Listen 80
Listen 443

Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Reload the Apache configuration:

/etc/init.d/apache2 force-reload

 

14.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

vi /etc/mime.types

[...]
#application/x-httpd-php                                phtml pht php
#application/x-httpd-php-source                        phps
#application/x-httpd-php3                        php3
#application/x-httpd-php3-preprocessed                php3p
#application/x-httpd-php4                        php4
[...]

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

vi /etc/apache2/mods-enabled/php5.conf

<IfModule mod_php5.c>
#  AddType application/x-httpd-php .php .phtml .php3
#  AddType application/x-httpd-php-source .phps
</IfModule>

Then restart Apache:

/etc/init.d/apache2 restart

 

15 Proftpd

In order to install Proftpd, run

apt-get install proftpd proftpd-common ucf

You will be asked a question:

Run proftpd from inetd or standalone? <-- standalone

For security reasons you can add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd/proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig):

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Then restart Proftpd:

/etc/init.d/proftpd restart

If you see a message like this:

- IPv6 getaddrinfo 'server1.example.com' error: Name or service not known

you can ignore it as we don't need IPv6.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by gfiorito (registered user) on Tue, 2007-05-15 14:31.

You can also edit your /etc/hosts file and add/modify ipv6 lines like this:

::1     ip6-localhost ip6-loopback server1 server1.example.com

bye

Giuseppe

Submitted by jcpp (registered user) on Sat, 2007-09-29 21:17.
Setting your server name on 127.0.0.1 IS BAD! This address is made for loopback ONLY.
 
In order to make your proftpd start without messing up your system, you can add a single line :
DefaultAddress 192.168.0.1
(with the appropriate address) to your proftpd.conf

Submitted by Morons (registered user) on Mon, 2007-01-29 13:31.

System Changes / Package changes caused proftpd-common proftpd

root@beta:/etc/postfix/ssl# apt-get install proftpd proftpd-common ucf

Reading package lists... Done Building dependency tree Reading state information... Done Package proftpd-common is a virtual package provided by: proftpd 1.3.0-9ubuntu0.1 You should explicitly select one to install. E: Package proftpd-common has no installation candidate

root@beta:/etc/postfix/ssl# apt-get install proftpd ucf Works perfectly so far

Submitted by xenlab (registered user) on Thu, 2006-11-02 11:32.
I think an excelent addition to this part of the tutorial, would be to generate the default SSL Cert for Apache, so that it *can* listen on 443.
Submitted by sseitz (registered user) on Fri, 2007-05-18 21:42.

Just to get this additional information on this page:

 # HOST="my.apache.hostname.example.org"

# openssl genrsa -out $HOST.key

# openssl req -new -key $HOST.key -out $HOST.csr

# openssl x509 -req -days 368 -in $HOST.csr -signkey $HOST.key -out $HOST.cert

 # mv $HOST.key /etc/ssl/private/

# chmod 0400 /etc/ssl/private/$HOST.key

#mv $HOST.cert /etc/ssl/certs/

 

Following goes into the apache SSL vhost configuration:

SSLEngine On
SSLProtocol +all
SSLCiphersuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificatefile /etc/ssl/certs/my.apache.hostname.example.org.cert
SSLCertificatekeyfile /etc/ssl/private/my.apache.hostname.example.org.key
Submitted by loyeyoung (registered user) on Mon, 2007-04-09 19:57.

While xenlab make a reasonable point that SSL instructions would be useful in this How-To, it should be noted that the SSL Certificate is automatically set up during the ISPConfig setup. If you are setting up ISPConfig as suggested by the author, you needn't worry about the SSL Certificate at this stage.

Loye Young
www.IYCC.net
Laredo, Texas