These instructions document the installation and configuration of Apache 2.2 on our Debian 4.0 system. We chose Apache 2 primarily due to its simpler SSL configuration. It also seems to be the preferred version in Debian now.

Apache doesn't need much itself. However, the configuration we plan to use does require several components. We're assuming that some of our web pages will require Perl, PHP, Python, MySQL, and possibly PostgreSQL.

We'd like to run several virtual hosts:

• www.sluug.org - main content (default site, aka sluug.org)
• wiki.sluug.org - this Wiki
• stllug.sluug.org - St. Louis LUG (aka stllinux.org, linux, lug)
• hzlug.sluug.org - Hazelwood LUG (aka hazlug, hzwlug, hazelwood, newbie)
• stclug.sluug.org - St. Charles LUG (stcharles, saintcharles)
• security.sluug.org - Security SIG (aka stlsug)
• solaris.sluug.org - Solaris SIG
• slacc.sluug.org - St. Louis Area Computer Club
• dev.sluug.org - development site
• test.sluug.org - test site
• users.sluug.org - user's pages
• webmail.sluug.org - webmail (requires its own real IP for SSL certificate)

Install Apache. We require the prefork MPM, due to some PHP libraries that are not thread-safe. The worker MPM would be preferable, if not for that.

apt-get install -y apache2 apache2.2-common apache2-utils apache2-mpm-prefork
apt-get install apache2-doc

Install PHP 5.x CLI:

apt-get install -y php5-cli php-pear php5-common

Install PHP 5.x Apache module:

apt-get install libapache2-mod-php5

Install some commonly used PHP libraries:

apt-get install php5-mysql libmysqlclient15off mysql-common
apt-get install php5-curl

Enable some modules:

a2enmod rewrite
a2enmod ssl
a2enmod info
a2enmod include
a2enmod deflate

mkdir /home/web
chown -R www-data:www-data /home/web
a2dissite default

Edit /etc/apache2/conf.d/index_files:

DirectoryIndex index.shtml index.html index.cgi index.pl index.php index.xhtml

NOTE: The DirectoryIndex directive seems to have stopped working for us, so we had to add it to /etc/apache2/sites-enabled/000-www.sluug.org as well.

Edit /etc/apache2/conf.d/logging:

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined

Edit /etc/apache2/conf.d/server_sig:

ServerSignature Off
ServerTokens Minor

Remove the ServerSignature and ServerTokens settings from the main Apache config file, as it overrides the settings in the conf.d/server_sig file.

sed -i -e 's/^ServerSignature .*/ServerSignature Off/' /etc/apache2/apache2.conf
sed -i -e 's/^ServerTokens .*/ServerTokens Minor/' /etc/apache2/apache2.conf

mkdir -p /home/web/www.sluug.org/public /home/web/www.sluug.org/cgi-bin
chown -R www-data:www-data /home/web/wwww.sluug.org
chmod g+s /home/web/www.sluug.org

Edit /etc/apache2/sites-available/000-www.sluug.org:

NameVirtualHost *
<VirtualHost *>
	ServerName www.sluug.org
	ServerAlias sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/www.sluug.org/public
	ScriptAlias /cgi-bin/ "/home/web/www.sluug.org/cgi-bin/"
	<Directory /home/web/www.sluug.org/public>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews IncludesNoExec
		DirectoryIndex index.shtml index.html
		Order allow,deny
		Allow from all
	</Directory>
	<Directory "/home/web/www.sluug.org/cgi-bin">
		AllowOverride None
		Options ExecCGI
	</Directory>
</VirtualHost>

a2ensite www.sluug.org

mkdir /home/web/wiki.sluug.org
chown -R www-data:www-data /home/web/wiki.sluug.org

Edit /etc/apache2/sites-available/wiki.sluug.org:

<VirtualHost *>
	ServerName wiki.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/wiki.sluug.org
	<Directory /home/web/wiki.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite wiki.sluug.org

mkdir /home/web/stllug.sluug.org /home/web/stllug.sluug.org/public
chown -R www-data:www-data /home/web/stllug.sluug.org

Edit /etc/apache2/sites-available/stllug.sluug.org:

<VirtualHost *>
	ServerName stllug.sluug.org
	ServerAlias stllinux.sluug.org
	ServerAlias linux.sluug.org
	ServerAlias lug.sluug.org
	ServerAlias stl.sluug.org
	ServerAlias stllinux.org
	ServerAlias www.stllinux.org
	UseCanonicalName On
	DocumentRoot /home/web/stllug.sluug.org/public
	<Directory /home/web/stllug.sluug.org/public>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite stllug.sluug.org

mkdir /home/web/hzwlug.sluug.org
chown -R www-data:hzwlug /home/web/hzwlug.sluug.org

Edit /etc/apache2/sites-available/hzwlug.sluug.org:

<VirtualHost *>
	ServerName hazlug.sluug.org
	ServerAlias hzlug.sluug.org
	ServerAlias hzwlug.sluug.org
	ServerAlias hazelwood.sluug.org
	ServerAlias newbie.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/hzwlug.sluug.org
	<Directory /home/web/hzwlug.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite hzwlug.sluug.org

mkdir /home/web/stclug.sluug.org
chown -R www-data:stclug /home/web/stclug.sluug.org

Edit /etc/apache2/sites-available/stclug.sluug.org:

<VirtualHost *>
	ServerName stclug.sluug.org
	ServerAlias stcharles.sluug.org
	ServerAlias saintcharles.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/stclug.sluug.org
	<Directory /home/web/stclug.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite stclug.sluug.org

mkdir /home/web/security.sluug.org
chown -R www-data:security /home/web/security.sluug.org

Edit /etc/apache2/sites-available/security.sluug.org:

<VirtualHost *>
	ServerName security.sluug.org
	ServerAlias secure.sluug.org
	ServerAlias sec.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/security.sluug.org
	<Directory /home/web/security.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite security.sluug.org

mkdir /home/web/solaris.sluug.org
chown -R www-data:solaris /home/web/solaris.sluug.org

Edit /etc/apache2/sites-available/solaris.sluug.org:

<VirtualHost *>
	ServerName solaris.sluug.org
	ServerAlias sun.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/solaris.sluug.org
	<Directory /home/web/solaris.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite solaris.sluug.org

mkdir /home/web/slacc.sluug.org
chown -R www-data:www-data /home/web/slacc.sluug.org

Edit /etc/apache2/sites-available/slacc.sluug.org:

<VirtualHost *>
	ServerName slacc.sluug.org
	ServerAlias www.slacc.com
	ServerAlias slacc.com
	UseCanonicalName On
	DocumentRoot /home/web/slacc.sluug.org
	<Directory /home/web/slacc.sluug.org>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite slacc.sluug.org

mkdir -p /home/web/test.sluug.org/public
chown -R www-data:www-data /home/web/test.sluug.org
chmod g+s /home/web/test.sluug.org

Edit /etc/apache2/sites-available/test.sluug.org:

<VirtualHost *>
	ServerName test.sluug.org
	ServerAlias drupal.sluug.org
	UseCanonicalName On
	DocumentRoot /home/web/test.sluug.org/public
	<Directory /home/web/test.sluug.org/public>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite test.sluug.org

mkdir -p /home/booch/web/blog.craigbuchek.com
chown -R booch:www-data /home/booch/web/blog.craigbuchek.com
chmod g+s /home/booch/web/blog.craigbuchek.com

Edit /etc/apache2/sites-available/blog.craigbuchek.com:

<VirtualHost *>
	ServerName blog.craigbuchek.com
	ServerAlias blog.boochtek.com
	UseCanonicalName On
	DocumentRoot /home/booch/web/blog.craigbuchek.com
	<Directory /home/booch/web/blog.craigbuchek.com>
		AllowOverride All
		Options Indexes FollowSymLinks MultiViews
		Order allow,deny
		Allow from all
	</Directory>
</VirtualHost>

a2ensite blog.craigbuchek.com

Restart the HTTP server:

/etc/init.d/apache2 restart

To reload the configuration:

/etc/init.d/apache2 reload

We had to migrate off of our existing site in stages. We migrated the majority of the site, but did not want to migrate any of the forms and associated scripts, list archives, or user pages. So in the interim, we set up .htaccess in /home/web/www.sluug.org/public to redirect those pages to the old site.

# Rewrite rules to point home directories and form pages to Dark.
RewriteEngine on
# NOTE: List archives are located at ~archives, so this rule covers them too.
RewriteRule ^~(.*)    http://users.sluug.org/~$1   [r=301,nc,l]
RewriteRule ^(members/join.*)$  http://users.sluug.org/$1   [r=302,nc,l]
RewriteRule ^(volunteer.*)$  http://users.sluug.org/$1   [r=302,nc,l]
RewriteRule ^(resources/list_servs.*)$  http://users.sluug.org/$1   [r=302,nc,l]

Need to better use group permissions to allow different users the ability to edit different web sites. Especially need to add a group for the main web site.

Could probably use some tuning and routine maintenance.

Backups. (We currently rely on backups of /home.)

Should monitor log files to analyze them to see if there are any pages missing that we should add, or any errors.

Turn on SSL.

Edit /usr/sbin/make-ssl-cert? James changed some things, but that was for Debian 3.1.

Create the certificate (this also from Debian 3.1):

make-ssl-cert /usr/share/massa-cert/ssleay.cnf apache.pem --force-overwrite

Did we configure an SSL Certificate when the Apache-SSL (actually a dependency) installation asked us?

• It looks like we did, and entered:
  • State: Missouri
  • Locality: Saint Louis
  • Organization: Saint Louis UNIX Users Group, Inc.
  • Organizational Unit: Geeks
  • Host: budlight.sluug.org
  • Email: webmaster@sluug.org

Make sure SSL version works the same as the regular version.

Initially installed, configured, and documented by James Pattie, 2005-02-19.

Installed and configured by Craig Buchek, 2005-09-10.

Re-installed and configured by Craig Buchek, 2007-05-30.