Apache24 with SSL, MySQL5 and PHP5 Installation Exercise ===================================================== 1. Intro: The packages to be installed are: * Apache2 * Mysql-server * PHP5 Debian provides 2 ways of installing third party software: i. Binary Packages This are pre-built package that contains the executables, config files, man/info pages, etc for the Debian system and have a distinguished file extension ".deb" ii. Source packages They contain the original unmodified source files in gzipped-compressed tar format. For this class, we will install Apache, Mysql and PHP using packages. ------------------- 2. Installation of Apache, Mysql & PHP using packages: 2.1 Install Apache, Mysql and PHP $ sudo apt-get install mysql-server apache2 php5 php5-mysql 2.1.1 When the mysql-server prompts for a password to be entered use 'afnog' as the password. If not prompted, it will be set at the next exercise. 2.2. Once installed, the scripts are placed at /etc/init.d/ . To add Apache to the System Startup $ sudo update-rc.d apache2 enable 2.3. To start apache run $ sudo /etc/init.d/apache2 start Check if the apache web server you have just installed works by pointing a browser to the server i.e. http:// or http://pcXX.sse.ws.afnog.org You can also do $ telnet localhost 80 Then set your IPv6 address to match your IPv4 address: $ sudo ip -6 addr add 2001:43f8:220:219::XX/64 dev eth0 Then add your default route for IPv6: $ sudo ip -6 route add default via 2001:43f8:220:219::1 On the above if you get an message: RTNETLINK answers: File exists It means the gateway is already in place - as it was auto-configured Test your IPv6 connectivity: $ ping6 www.google.com Then browse your IPv6 address at http://[2001:43f8:220:219::XX] ------------ 3. Configuring SSL To create a secure virtual host accessed via https rather than http, you will need to configure your Apache server to use OpenSSL for encrypting the data served from the web server. NOTE: * Each virtual host must have its own certificate file see comments on "CommonName". * The "CommonName" is the FQDN in this case pcXX.sse.ws.afnog.org * The path is where the certificate File and Keys are located in this case /etc/apache2/ssl The following steps should do the trick. 3.1 Create the SSL Certificates for your Apache Web Server: $ sudo mkdir /etc/apache2/ssl/ $ cd /etc/apache2/ssl/ $ sudo openssl genrsa -des3 -out server.key 2048 NOTE: Password-Phrase is needed to encrypt the key. For this exercise, use "afnog" as the pass phrase. However, this pass-phrase will be needed at every apache restart. To get rid of the pass-phrase prompts at every apache restart and maintain the original key. $ sudo cp server.key server.key.org $ sudo openssl rsa -in server.key.org -out server.key 3.1.1 Create Certificate Request $ sudo openssl req -new -key server.key -out server.csr * NOTE: The CommonName is the name of the Website you will use in this case the localhost name i.e pcXX.sse.ws.afnog.org where XX is your computer number 3.1.2 Self Sign your Own Certificate $ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 3.2 Enable SSL in Apache 3.2.1 Enable SSL using the following command; $ sudo a2enmod ssl 3.2.2 Open and edit the default-ssl.conf file * Note: Edit the file in the sites-available folder and activate the site (using the filename) after. $ sudo nano /etc/apache2/sites-available/default-ssl.conf 3.2.3 modify by editing the following lines in the default-ssl.conf to point to the location of the self-signed certificate and private key. SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key 3.2.4 Enable the SSL on the specific site - note the "sitename" in the syntax below is the filename of the site to be activated - in this case 'default-ssl' $ sudo a2ensite default-ssl Restart apache to reflect the changes $ sudo apachectl restart Check if the apache web server you have just installed works by pointing a browser to the server i.e. https://:443. Or https://pcXX.sse.ws.afnog.org:443 and IPv6 as http://[2001:43f8:220:219:XX]:443 $ telnet localhost 443