Debian GNU/Linux Apache Webserver help

Linux, Apache, MariaDB, PHP (LAMP)

Linux

• apt update && apt upgrade -y && apt full-upgrade -y && apt autoremove -y

Apache

• apt install apache2
• apache2 -v
• Testing
  Call up 127.0.0.1 in the browser.
  ifconfig

Activate mod_rewrite

• a2enmod rewrite
• systemctl restart apache2
• nano /etc/apache2/apache2.conf
• Change the following in the following lines
  ‹Directory /var/www/›
    Options Indexes FollowSymLinks
    AllowOverride None (Change None to All)
      Require all granted
    DirectoryIndex index.php index.html (Add line so that index.php is loaded first)
  ‹/Directory›
• Restart Apache
  systemctl restart apache2
• Change Apache user and group
  nano /etc/apache2/envvars
  Change www-data user and group
  systemctl restart apache2

Increase the timeout so that scripts are not aborted prematurely

• nano /etc/apache2/apache2.conf (in other configurations httpd.conf)
• Change the following in the following lines
  Timeout 3600 (Standard 600)
  ProxyTimeout 600 (in other configurations this increase can help)
• systemctl restart apache2

MariaDB

• apt install mariadb-server (Or the default-mysql-server package, depending on the system, this leads to MariaDB via dependency)
• Secure MariaDB
  mysql_secure_installation
  5x Yes
• Testing
  mysql -u root -p
SHOW databases;
EXIT;
• Change password
  USE mysql;
UPDATE user SET password=[PASSWORD] WHERE user='root';
FLUSH PRIVILEGES;
EXIT;

MariaDB Upgrade

• systemctl stop mysql
• Create backups
  cp -R /etc/mysql/ /etc/mysql-[VERSION]_[DATE]
cp -R /var/lib/mysql/ /var/lib/mysql-[VERSION]_[DATE]
• Script is downloaded and executed.
  Creates '/etc/apt/sources.list.d/mariadb.list', '/etc/apt/preferences.d/mariadb-enterprise.pref' and 'GPG Keys'.
  curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
• System update
  apt update && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
• Uninstall old installation and related items
  apt remove mariadb-*
• Install new MariaDB
  apt-get install mariadb-server
• Upgrade databases
  mysql_upgrade

System variables

MariaDB in Debian

character_set_server utf8mb4
collation_server  utf8mb4_general_ci

Standard MariaDB

character_set_server latin1
collation_server  latin1_swedish_ci

Change system variables

For this session

• mysql
SHOW VARIABLES LIKE 'character%';
SET character_set_server = 'utf8mb4';
SHOW VARIABLES LIKE 'collation%';
SET collation_server = 'utf8mb4_general_ci';
exit
• systemctl restart mariadb.service
• systemctl restart apache2

Via configuration file (required restart)

1. Rename 'my.cnf' symlink to 'my.cnf.backup'
2. Since the link '/etc/mysql/my.cnf' points to 'my.cnf.fallback' until the end, we copy this file and save the copy under '/etc/mysql/my.cnf'.
3. At the end of the '/etc/mysql/my.cnf' file we add the following.
   [mysqld]
character-set-server  = utf8mb4
collation-server      = utf8mb4_general_ci
4. Restart. Testing. Testing. Testing.

PHP

• Query PHP standard version
  apt show php
• Install the PHP standard version
  apt install php
• Install important PHP modules
  apt install php7.0-[MODULE] (Construction)
  apt install php7.0-mysql (for MariaDB)
  apt install php7.0-gd (for Graphics)
  apt install php7.0-opcache (for optimizing the script speed; set opcache.save_comments=1 in php.ini)
  apt install php7.0-mcrypt
apt install php7.0-intl
apt install php7.0-soap
apt install php7.0-bcmath
• Show installed modules
  php -m
• PHP settings
  nano /etc/php/7.0/apache2/php.ini
systemctl restart apache2

Enable/disable PHP extension

These commands create or remove the symlink '20-xdebug.ini' in '/etc/php/7.1/cli/conf.d' and '/etc/php/7.1/fpm/conf.d'.

• Activate
  php5enmod xdebug (for PHP 5)
  phpenmod xdebug (for standard PHP version)
• Deactivate
  php5dismod xdebug (for PHP 5)
  phpdismod xdebug (for standard PHP version)
• Restart
  systemctl restart php5.6-fpm.service
systemctl restart apache2

phpMyAdmin

• apt install phpmyadmin
• Testing
  Call localhost/phpmyadmin in the browser.
• If not select (= space bar) the automatic configuration for apache2
  nano /etc/apache2/apache2.conf
Include /etc/phpmyadmin/apache.conf (Insert line at the bottom)
• Create a new user for MariaDB
  For security reasons, you can no longer log into the MariaDB server directly as a root user using the normal password authentication (e.g. with phpMyAdmin).
  USE mysql;
CREATE USER '[USER]'@'localhost' IDENTIFIED BY '[PASSWORD]';
GRANT ALL PRIVILEGES ON *.* TO '[USER]'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON [DATABASE].* TO '[USER]'@'localhost'; (Create user for a specific database)
  FLUSH PRIVILEGES;
EXIT;

Xdebug

• apt install php-xdebug
• Add the following to the '/etc/php/7.0/mods-available/xdebug.ini' file
  xdebug.remote_enable=1
xdebug.remote_handler=dbgp
xdebug.remote_mode=req
xdebug.remote_host=localhost
xdebug.remote_port=9000
timeout 300 seconds
• systemctl restart apache2

ImageMagick

• apt install imagemagick
• apt install php7.0-imagick
• systemctl restart apache2

E-mail dispatch

sendmail

The sendmail module is set as standard in php.ini and is already installed on Debian, you just have to start Thunderbird.

• Create a Thunderbird account to read messages
  Account name: [USERNAME]@debian.com
Your name: [NAME]
E-mail address: [E-MAIL]
Outgoing mail server (SMTP): [SMTP-SERVER]
  Server settings
  Server type: Unix Movemail
Server: localhost
Username:[USERNAME]
• E-mail storage location
  /var/spool/mail/
• Outbound e-mail queue
  ATTENTION: The folder did not exist on my system.
  /var/spool/mqueue/
• Here are all the configuration files
  /etc/mail/
  e.g. /etc/mail/access/
• Informations
  Only *.db files are used by sendmail.
  After changes in configuration files, the respective *.db files are regenerated by the Makefile.
  ATTENTION: If no Makefile is available: cat ./Filename | makemap hash Filename
  ATTENTION: Here too, exceptions confirm the rule. The aliases.db is the only one generated with the command newaliases. makemap also creates an aliases.db, but it can make sendmail inoperable.

sSMTP

Send e-mails with sSMTP via the console.

• apt install ssmtp
• nano /etc/ssmtp/ssmtp.conf
  Change the following in the following lines
  root=[E-MAIL]
mailhub=[SMTP-SERVER]:[SMTP-PORT]
hostname= (Is not needed. If the variable has been entered, the sending of the e-mail is accelerated.)
  rewriteDomain=
AuthUser=[E-MAIL]
AuthPass=[PASSWORD]
UseSTARTTLS=yes
UseTLS=yes
FromLineOverride=yes
• nano /etc/ssmtp/revaliases
  Add the following
  [USER]:[E-MAIL]:[SMTP-SERVER]:[SMTP-PORT]
root:mail@dreadyhead.com:smtp.dreadyhead.com:465
• Testing
  echo "This is a test message" | mailx -s 'Test Message' [E-MAIL]

Add MIME Types

• nano /etc/mime.types

Create Host

• nano /etc/hosts

Create Apache VirtualHost and set up SSL

• Create folder
  mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
• Create private key
  openssl genrsa -out sslcert.key 2048
• Generate CSR file from private key
  CSR file contains certificate information
  openssl req -new -key sslcert.key -out sslcert.csr
• Generate certificate from CSR file
  openssl x509 -req -days 365 -in sslcert.csr -signkey sslcert.key -out sslcert.crt
• Activate Apache2 SSL module
  a2enmod ssl
• Check whether port 443 is listening
  cat /etc/apache2/ports.conf
  The following lines should appear
  Listen 80
‹IfModule ssl_module›
    Listen 443
‹/IfModule›
‹IfModule mod_gnutls.c›
    Listen 443
‹/IfModule›
• Create a new VirtualHost configuration for the SSL port
  nano /etc/apache2/sites-available/[DOMAIN].conf
  Insert the following lines in the new VirtualHost configuration
  ‹VirtualHost *:80›
    ServerAdmin info@[DOMAIN]
    ServerName [DOMAIN]
    ServerAlias www.[DOMAIN]
    DocumentRoot /var/www/[PATH]
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
‹/VirtualHost›
‹VirtualHost *:443›
    ServerAdmin info@[DOMAIN]
    ServerName [DOMAIN]
    ServerAlias www.[DOMAIN]
    DocumentRoot /var/www/[PATH]
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/sslcert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/sslcert.key
‹/VirtualHost›
• Activate page
  a2ensite [DOMAIN].conf
systemctl restart apache2
• Deactivate page
  a2dissite [DOMAIN].conf
systemctl restart apache2

Important Log Files

• Apache and PHP errors
  nano /var/log/apache2/error.log
• MariaDB errors
  nano /var/log/mysql/error.log

Set up multiple PHP versions in Apache

Deactivate PHP 5.6, activate PHP 7.1

• a2dismod php5.6
• a2enmod php7.1
• systemctl restart apache2

PHP, FPM and FastCGI

1. Add source list
   apt install ca-certificates apt-transport-https
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
echo "deb https://packages.sury.org/php/ stretch main" | sudo tee /etc/apt/sources.list.d/php.list
2. Install PHP and FPM
   apt update && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
apt install php5.6 php5.6-fpm
apt install php7.4 php7.4-fpm
3. Testing
   systemctl status php5.6-fpm
systemctl status php7.4-fpm
4. Install Apache FastCGI
   apt update && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
apt install apache2 libapache2-mod-fcgid
5. Apache configuration
   a2enmod actions fcgid alias proxy_fcgi
systemctl restart apache2
6. Adjust VirtualHost configuration
   nano /etc/apache2/sites-available/[DOMAIN].conf
   Add the following lines to the VirtualHost configuration
   ‹VirtualHost *:[PORT]›
    ...
    ‹FilesMatch \.php$›
        # Apache 2.4.10+ can proxy to unix socket
        SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
    ‹/FilesMatch›
‹/VirtualHost›
   Restart Apache
   systemctl restart apache2
7. Adjust PHP settings
   ATTENTION: Installed modules are automatically added when installing.
   nano /etc/php/7.0/fpm/php.ini
8. Change user www-data if necessary
   nano /etc/php/7.0/fpm/pool.d/www.conf
   Change all users www-data to your username (e.g. dreadyhead)
   systemctl restart php7.0-fpm.service
9. Important files
   /var/log/php7.0-fpm.log
/etc/php/7.0/fpm/php-fpm.conf

If the apache2 folder in '/etc/php/7.3/' is missing

• Install the following
  apt install libapache2-mod-php7.3

Deactivate PHP version

• systemctl disable php5.6-fpm.service

Set up multiple PHP versions in the console

• Check the current configuration
  which php
  The file '/usr/bin/php' refers to the '/etc/alternatives/php'.
  The file '/etc/alternatives/php' refers to the '/usr/bin/php7.3'.
• Change alternatives
  update-alternatives --set php /usr/bin/php7.1
update-alternatives --set phar /usr/bin/phar7.1
update-alternatives --set phar.phar /usr/bin/phar.phar7.1
  ATTENTION: The phpize and php-config command is available in php[PHP VERSION]-dev package. This is more useful for compiling PHP modules using pecl.
  update-alternatives --set phpize /usr/bin/phpize7.1
update-alternatives --set php-config /usr/bin/php-config7.1
  

Composer

Install System Composer (may be out of date)

• apt install composer
• Testing
  composer
  If everything went well, all commands will be displayed.

Install Composer from getcomposer.org

• Add source list
  php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '8a6138e2a05a8c28539c9f0fb361159823655d7ad2deecb371b04a83966c61223adc522b0189079e3e9e277cd72b8897') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
• Make available globally
  mv composer.phar /usr/bin/composer
  

Composer commands

• Upgrade version
  composer require [MANUFACTURER]/[PACKAGE]
composer require friendsofphp/php-cs-fixer

Set up multiple PHP versions in the Composer

Status

• About the Composer
  composer -vvv about
• which php
  /usr/bin/php
• /usr/bin/php -v
  PHP 7.1.33
• php -v
  PHP 7.2.24
• type -a php
  php is aliased to '/usr/bin/php7.2'
  php is /usr/bin/php
• which composer
  /usr/bin/composer

Solution

• Change the .bash_aliases file
  alias php="/usr/bin/php7.2"
alias composer="/usr/bin/php7.2 /usr/bin/composer"
• Restart the console
• Check settings
  type -a composer
  composer is aliased to '/usr/bin/php7.2 /usr/bin/composer'
  composer is /usr/bin/composer
• The Composer is now using the correct php version.

elasticsearch

• Add source list
  Download and install the public signing key
  wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
apt install apt-transport-https
  Save the repository definition to '/etc/apt/sources.list.d/elastic-7.x.list'
  echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
apt update && apt upgrade -y && apt full-upgrade -y && apt autoremove -y
apt install elasticsearch
• Settings
  nano /etc/elasticsearch/elasticsearch.yml
• Error Report
  /var/log/elasticsearch/

Configure SysVInit autostart

• Add elasticsearch
  update-rc.d elasticsearch defaults 95 10
• Start service
  service elasticsearch start
• Testing
  curl -X GET http://127.0.0.1:9200

Configure SystemD autostart

• Reload SystemD process
  systemctl daemon-reload
• Start service
  systemctl start elasticsearch
systemctl enable elasticsearch
• Testing
  curl -X GET http://127.0.0.1:9200