Apache (httpd) 2.4 + PHP 5.6 + Webalizer

 
  1. /etc/httpd/httpd.conf
    Listen <ip>:80
    
    #LoadModule remoteip_module lib/httpd/modules/mod_remoteip.so
    #LoadModule proxy_module lib/httpd/modules/mod_proxy.so
    #LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
    #LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
    #LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
    #LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so
    #LoadModule proxy_scgi_module lib/httpd/modules/mod_proxy_scgi.so
    #LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so
    #LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
    #LoadModule proxy_express_module lib/httpd/modules/mod_proxy_express.so
    LoadModule ssl_module lib/httpd/modules/mod_ssl.so
    
    ServerAdmin hostmaster@ineta.si
    
    <Directory />
    #    AllowOverride none
    #    Require all denied
    #    Options FollowSymLinks -ExecCGI
      AllowOverride All
    </Directory>
    
    <Directory "/srv/httpd/htdocs">
      # Must remove MultiViews!
      Options FollowSymLinks
      AllowOverride All
    </Directory>
    
    <IfModule dir_module>
        DirectoryIndex index.html index.htm index.php
    </IfModule>
    
    Include /etc/httpd/extra/httpd-mpm.conf
    Include /etc/httpd/extra/httpd-autoindex.conf
    Include /etc/httpd/extra/httpd-vhosts.conf
    Include /etc/httpd/vhosts.d/*.conf
    Include /etc/httpd/extra/httpd-default.conf
    Include /etc/httpd/extra/httpd-ssl.conf
    Include /etc/httpd/mod_php.conf
  2.  /etc/httpd/extra/httpd-default.conf
    MaxKeepAliveRequests 500
    KeepAliveTimeout 15
    ServerTokens Prod
  3. /etc/httpd/extra/httpd-info.conf
    <Location /server-status>
        SetHandler server-status
        Require ip 127 195.69.96.10 84.255.243.53 84.255.203.228
    </Location>
    
    <Location /server-info>
        SetHandler server-info
        Require ip 127 195.69.96.10 84.255.243.53 84.255.203.228
    </Location>
    
  4. Disable VirtualHost sections in /etc/httpd/extra/httpd-vhosts.conf
  5.  /etc/httpd/extra/httpd-ssl.conf
    SSLProtocol all -SSLv2 -SSLv3
    
    <VirtualHost _default_:443>
      DocumentRoot    "/var/www/htdocs/ssl"
      ServerName      www.ineta.si:443
      ServerAdmin     hostmaster@ineta.si
      ErrorLog        /var/log/httpd/ssl-error_log
      TransferLog     /var/log/httpd/ssl-access_log
      SSLCertificateFile "/etc/httpd/ssl.crt/iNeta.crt"
      SSLCertificateKeyFile "/etc/httpd/ssl.crt/iNeta.key"
      SSLCertificateChainFile "/etc/httpd/ssl.crt/iNeta.chain"
    </VirtualHost>
    
  6. /etc/httpd/mod_php.conf
    #<FilesMatch \.php$>
    #    SetHandler application/x-httpd-php
    #</FilesMatch>
    
    <FilesMatch "\.(php|inc)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
  7. Log php scripts which are sending mail
    touch /var/log/php-mail.log
    chown apache.apache /var/log/php-mail.log
  8. /etc/php.ini
    short_open_tag = On
    expose_php = Off
    upload_max_filesize = 64M
    open_basedir = ".:/tmp/:/usr/lib/php/:/var/www/htdocs/"
    disable_functions = dl,exec,shell_exec,system,passthru,popen,show_source,apache_child_terminate,posix_getpwnam,pcntl_exec,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid
    date.timezone = Europe/Ljubljana
    mail.log = /var/log/php-mail.log
    session.gc_divisor = 100
    session.gc_maxlifetime = 2440
    
  9. Webalizer + GeoIP
    installpkg SBO
    ....
    ...
    download country flags from http://flags.blogpotato.de
    unpack 'world.small.zip' & 'special.small.zip' packages into /var/www/flags
    /etc/httpd/extra/httpd-default.conf
    Alias /log/flags "/var/www/flags"
    s

© 2003-24 iNeta d.o.o. | Koroška cesta 31, SI-4000 Kranj | info@ineta.si | Pravno obvestilo
Powered by BravoCMS