Differences

This shows you the differences between two versions of the page.

--- server_configuration:apache [2021/01/13 17:02] – david
+++ server_configuration:apache [2025/04/02 09:49] (current) – david
@@ Line 1: / Line 1: @@
-So many problems with cache in browsers.
+====== Apache2 Configuration ======
-Good to test with a browser which can have all data cleared, and do work in private browsing.
+The configuration is built from a DigitalOcean Droplet, preconfigured with LAMP and WordPress:
+  * Droplet Information: https://do.co/34TfYn8
+  * The WordPress One-Click Quickstart guide: https://do.co/34TfYn8#start
-Using wget to test the apache configuration, see some extra samples and docs over at Computer Hope - Linux wget command.
+===== Core configuration =====
+Note: If no site is "enabled" then a default entry seems to run hosting files under: ''/var/www/html''
+Site configuration file location(s):
 <code bash>
-# Run a command to get the default page, and view the http redirects as returned by the server
+# All configuration files
-wget --verbose datablog.roman-halliday.com
+/etc/apache2/sites-available/
-# Reload apache configuration
+# Enabled sites
-sudo service apache2 reload
+/etc/apache2/sites-enabled/
 </code>
-https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04
+Enable/disable configurations:
-- https://help.servmask.com/2018/10/27/how-to-increase-maximum-upload-file-size-in-wordpress/
+<code bash>
+# Disable
+sudo a2dissite datablog.roman-halliday.com.conf
-  - Move apache base location
+# Enable
+sudo a2ensite datablog.roman-halliday.com.conf
+</code>
+===== File Ownership =====
+Make sure all files are owned correctly:
+<code bash>
+# Site content owned by www-data so webserver can modify files
+chown -R www-data:www-data /var/www
-====== SSL - Let's Encrypt ======
+# Configuration owned by root for security
+chown -R root:root /etc/apache2
-How To Secure Apache with Let's Encrypt on Ubuntu 20.04
+</code>
-- https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04
+===== Refresh Configuration =====
+Use one of:
 <code bash>
-certbot --apache
+systemctl reload apache2
+service apache2 reload
 </code>
+===== SSL - Let's Encrypt =====
+SSL Encryption (the use of ''https'' over ''http'') is a bit standard now, fortunately it's become a lot easier with the addition of [[https://letsencrypt.org/|Lets Encrypt]].
+  * DigitalOcean Community Documentation: [[https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04|How To Secure Apache with Let's Encrypt on Ubuntu 20.04]]
+If you configure the http (non secure) websites under ''/etc/apache2/sites-enabled/'', then the ''certbot'' script will leverage [[https://letsencrypt.org/|Lets Encrypt]] to create certificates, configure them and create extra configuration files for the SSL (appending ''-le-ssl'' to the file name) and add a redirect to the original ''.conf'' file.
 <code bash>
-systemctl reload apache2
+certbot --apache
-service ssh reload
 </code>
-<code>
+====== Apache2 Migration ======
-# All configuration files
+<code bash>
-/etc/apache2/sites-available/
+################################################################################
+# Backup
+################################################################################
-# Enabled sites
+cd /mnt/volume_lon1_01/
-/etc/apache2/sites-enabled/
+sudo cp -r /etc/apache2 .
+sudo cp -r /var/www .
+sudo cp -r /etc/letsencrypt .
 </code>
-Make sure all files are owned correctly:
 <code bash>
-# Site content owned by www-data so webserver can modify files
+################################################################################
-chown -R ../ www-data:www-data /var/www
+# Fix hostname
+################################################################################
+sudo hostnamectl set-hostname roman-halliday
+################################################################################
+# Install LAMP Stack
+################################################################################
+sudo apt-get install apache2 libapache2-mod-php php-mysql php-pgsql
+################################################################################
+# MySQL - See : https://www.digitalocean.com/community/tutorials/how-to-install-lamp-stack-on-ubuntu
+################################################################################
+sudo apt-get install mysqld
+################################################################################
+# MySQL : Manage security setup script
+ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<password>';
+#> I wasn’t able to login to mysql with sudo mysql after running ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
+#> I fixed this by logging it with mysql -p, then running ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;. I did this after running the mysql_secure_installation script.
+ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
+FLUSH PRIVILEGES;
+SELECT * FROM mysql.user \G
+SELECT Host, User, plugin, password_last_changed FROM mysql.user \G
+sudo systemctl restart mysql
+# Uninstall (if you borked it)
+sudo apt remove --purge mysql\* -y
+sudo find / -name mysql
+################################################################################
+# WordPress requirements:
+sudo apt-get install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip
+################################################################################
+# Firewall
+################################################################################
+sudo ufw allow Apache Full
+################################################################################
+# Backup (original configurations/files)
+################################################################################
+sudo apt-get install bzip2
+mkdir -p ~/backups
+sudo tar -cjf ~/backups/etc_apache2-backup-`date +%F`.tar.bz /etc/apache2
+sudo tar -cjf ~/backups/etc_letsencrypt-backup-`date +%F`.tar.bz /etc/letsencrypt
+sudo tar -cjf ~/backups/var_www-backup-`date +%F`.tar.bz /var/www
+################################################################################
+# Restore Files (from backup)
+################################################################################
+cd /mnt/volume_lon1_01/
+sudo cp -r apache2 /etc/apache2
+sudo cp -r www /var/www
+sudo cp -r letsencrypt /etc/letsencrypt
+sudo chown -R www-data:www-data /var/www
+################################################################################
+# Restore Configs - letsencrypt
+# Also see:
+#   *  https://webhostingmonkey.com/move-letsencrypt/
+#   *  https://ivanderevianko.com/2019/03/migrate-letsencrypt-certificates-certbot-to-new-server
+################################################################################
+# View dir
+cd /etc/letsencrypt/
+# Migrate backup
+cp -r /mnt/volume_lon1_01/letsencrypt/* .
+################################################################################
+# Find apache2 log directories
+################################################################################
+# List all
+find /etc/apache2/sites-available/ -name "*.conf" -exec grep -E "ErrorLog|CustomLog" {} \; | cut -d '}' -f 2 | sort | uniq
+find /etc/apache2/sites-available/ -name "*.conf" -exec grep -e "APACHE_LOG_DIR" {} \; | cut -d '$' -f 2
+find /etc/apache2/sites-available/ -name "*.conf" -exec grep -e "APACHE_LOG_DIR" {} \; | cut -d '$' -f 2 | sort | uniq
+# Get path names
+find /etc/apache2/sites-available/ -name "*.conf" -exec grep -E "ErrorLog|CustomLog" {} \; | cut -d '}' -f 2 | sort | uniq | grep -Po '/\K[^/]*' | sort | uniq | sed '/.log/d'
+################################################################################
+# Create missing
+################################################################################
+sudo mkdir -p /var/log/apache2/<dir from above>
+sudo chown -R root:adm /var/log/apache2/*
+sudo ls -lh /var/log/apache2/
+################################################################################
+# Make DNS Changes
+################################################################################
+# Enable sistes
+################################################################################
+# Get site names (without SSL version)
+find /etc/apache2/sites-available/ -name "*.conf" -maxdepth 1 -exec basename {} \;| grep -v 'le-ssl' | sort
+# Enable
+sudo a2ensite david-halliday.co.uk.conf
+# Disable
+sudo a2dissite david-halliday.co.uk.conf
+# Restart Apache
+sudo systemctl reload apache2
+################################################################################
+# Refresh certificates (letsencrypt)
+################################################################################
+sudo certbot --apache
-# Configuration owned by root
-chown -R ../ root:root /etc/apache2
 </code>
+====== Troubleshooting ======
-Note: If no site is "enabled" then a default entry seems to run hosting files under: ''/var/www/html''
+  * https://help.servmask.com/2018/10/27/how-to-increase-maximum-upload-file-size-in-wordpress/
+===== PHP testing page =====
 Hosting can be tested with the file:
@@ Line 61: / Line 206: @@
 </file>
+===== Managing Page redirects/apache changes =====
+So many problems with cache in browsers. Good to test with a browser which can have all data cleared, and do work in private browsing.
+Using wget to test the apache configuration, see some extra samples and docs over at Computer Hope - Linux wget command.
+<code bash>
+# Run a command to get the default page, and view the http redirects as returned by the server
+wget --verbose datablog.roman-halliday.com
+# Reload apache configuration
+sudo service apache2 reload
+</code>
-====== Bug: extra index ======
+===== Bug: extra index =====
 I had an extra ''index.html'' file from before. The old server prioritised ''php'' pages over ''php''. This one the other way around. It took time to realise the reason I was not getting one of the wiki pages working was because of the extra index.html'' file.
 <code html>