{"id":145,"date":"2019-06-02T23:23:40","date_gmt":"2019-06-02T22:23:40","guid":{"rendered":"https:\/\/blog.inplico.uk\/?p=145"},"modified":"2022-10-27T23:27:33","modified_gmt":"2022-10-27T22:27:33","slug":"apache-2","status":"publish","type":"post","link":"https:\/\/blog.inplico.uk\/?p=145","title":{"rendered":"Apache 2"},"content":{"rendered":"<p>If you haven\u2019t got apache installed already then just install it using <strong>apt-get install apache2<\/strong>. Once it is installed, make sure that it works by pointing a browser to the FQDN of your server. If all is well then it will bring up the debian apache2 default page.\u00a0 If it does not work and you are behind a router, make sure that you have port 80 open and that dns is resolving properly.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>SSL<\/strong><\/p>\n<p>As this is a mailserver that will operate over the internet we need to make it secure so we will have to create a certificate. To create a simple certificate simply paste the following line into your bash shell (even if you are using certbot you are advised to start off with this configuration so that you have a fallback if letsencrypt stops providing free certificates)<\/p>\n<pre class=\"lang:sh decode:true\">#openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out \/etc\/ssl\/certs\/mailserver.pem -keyout \/etc\/ssl\/private\/mailserver.key<\/pre>\n<p>You will be asked for several pieces of information. Enter whatever you like. The only important field is the \u201cCommon Name\u201d that must contain the fully-qualified host name that you want your server to be known on the internet. Fully-qualified means host + domain.<\/p>\n<p>Make sure that the secret key is only accessible by the \u2018root\u2019 user:<\/p>\n<pre class=\"lang:sh decode:true\">#chmod go= \/etc\/ssl\/private\/mailserver.key<\/pre>\n<p>You can now find your certificates in \/etc\/ssl\/private\/<\/p>\n<p>Again, if you are behind a nat or firewall you will have to open port 443 if not open already.<\/p>\n<p>Now edit the file <strong>\/etc\/apache2\/sites-available\/default-ssl.conf<\/strong>. Change these two lines to make Apache use the key and certificate you created earlier:<\/p>\n<pre class=\"lang:sh highlight:0 decode:true\">SSLCertificateFile \/etc\/ssl\/certs\/mailserver.pem\r\nSSLCertificateKeyFile \/etc\/ssl\/private\/mailserver.key<\/pre>\n<p>Enable the SSL encryption module:<\/p>\n<pre class=\"lang:sh decode:true\">#a2enmod ssl<\/pre>\n<p>Enable the virtual host for HTTPS:<\/p>\n<pre class=\"lang:sh decode:true\">#a2ensite default-ssl<\/pre>\n<p>Reload the Apache:<\/p>\n<pre class=\"lang:sh decode:true\">#service apache2 reload<\/pre>\n<p>you should now be able to navigate to a secure page<\/p>\n<pre class=\"lang:sh highlight:0 decode:true\">https:\/\/fqdn.suffix<\/pre>\n<p>If all is well then you will probably get a warning asking you if you want to add an exception because your certificate has not been signed by an authorised certificate authority. As it is your own certificate, it is perfectly safe to do this.<\/p>\n<p>You are going to be logging in to this server via the web browser so you want to make sure that you do not inadvertently circumvent your own security by typing http rather than https, to do this you need to redirect traffic in your 000-default.conf file.<\/p>\n<pre class=\"lang:sh decode:true\">#vi \/etc\/apache2\/sites-available\/000-default.conf<\/pre>\n<p>Where you will need to add the ServerName and Redirect inbetween the &lt;VirtualHost *:80&gt; stanza.<\/p>\n<pre class=\"lang:apache decode:true\">&lt;VirtualHost *:80&gt;\r\n    ServerName fqdn.suffix\r\n    Redirect \"\/\" https:\/\/fqdn.sufix\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>Once you have done that reload apache again and now when you type http:\/\/fqdn.suffix it should automatically redirect you to the secure version of the site (look for the lock symbol in your browser and the https prefix)<\/p>\n<p>Obviously there are many other ways to configure apache and you can use proper virtual hosts if you like. There are some conf files in this directory that will provide helpful guidance.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Other document roots<\/strong><\/p>\n<p>If you are using alternative document roots then you need to add them to \/etc\/apache2\/apache2.conf and then restart it. eg:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"apache\">&lt;Directory \/websites&gt;\r\n        Options Indexes FollowSymLinks\r\n        AllowOverride None\r\n        Require all granted\r\n&lt;\/Directory&gt;<\/pre>\n<p>Will grant apache access to the \/websites directory and its sub directories.\u00a0 Failure to do this will result in an <strong>Access Forbidden<\/strong> message even if you have set the document root in a site configuration file.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>php5-pgsql<\/strong><\/p>\n<p>You will need php5-pgsql in order to allow postfixadmin to communicate with the database. there is no special configuration, simply<\/p>\n<pre class=\"lang:sh decode:true\">#apt-get install php5 phppgadmin<\/pre>\n<p>and it should be fine.<\/p>\n<p>Note that php7 is around the corner and I have no idea at this stage whether it plays nice with this configuration but it is probably one to look out for.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you haven\u2019t got apache installed already then just install it using apt-get install apache2. Once it is installed, make sure that it works by pointing a browser to the FQDN of your server. If all is well then it will bring up the debian apache2 default page.\u00a0 If it does not work and you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-145","post","type-post","status-publish","format-standard","hentry","category-debian-server"],"_links":{"self":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=145"}],"version-history":[{"count":4,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/145\/revisions"}],"predecessor-version":[{"id":347,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/145\/revisions\/347"}],"wp:attachment":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}