Apache2 Installation on Debian Etch

Table of Contents

  1. Installing Apache2 Web Server
    1. Installing the Python Module
    2. Installing the Subversion Modules
  2. Restarting the Apache2 Web Server
    1. Complete Server Shutdown and Restart
  3. Enabling SSL Authentication
    1. SSL Client Authentication
    2. SSL Certificate Storage

Installing Apache2 Web Server

Currently, Apache 2.2 is included within the stable release of Debian Etch. It can be installed easily with the following command line: 

# apt-get install apache2

Installing the Python Module

In order to use Apache's Python module, the python-mysqldb package must be installed. 

# apt-get install python-mysqldb

To enable the module, use the following commands 

# apt-get install libapache2-mod-python
# a2enmod mod_python
# /etc/init.d/apache2 restart

Installing the Subversion Modules

In order to use Apache's Subversion module, the libapache2-svn package must be installed. 

# apt-get install libapache2-svn

To enable the modules, use the following commands and restart the apache2 server 

# a2enmod dav
# a2enmod dav_svn
# /etc/init.d/apache2 restart

Restarting the Apache2 Web Server

Complete Server Shutdown and Restart

This stops the server and starts the server again 

# /etc/init.d/apache2 restart

Enabling SSL Authentication

SSL Authentication can be enables within the virtual host configuration of your web site. Therefore, create a file (e.g. www) related to your hostname in /etc/apache2/sites-available/ on your server. By this way, you can turn on/off the site using the commands a2ensite and a2dissite e.g. 

# a2ensite www

SSL Client Authentication

SSL Client Authentication enables authentication of users based on certificates. Next, a basic configuration file is provided, to use SSL based client authentication. 

NameVirtualHost www.example.org:443

<VirtualHost www.example.org:443>
  ServerName www.example.org
  DocumentRoot /var/www
  ServerAdmin root@www.example.org

  # Use SSL
  SSLEngine On

  # web server's certificate
  SSLCertificateFile    "/etc/ssl/certs/www-cert.pem"
  # web server's private key
  SSLCertificateKeyFile "/etc/ssl/private/www-key.pem"

  # Path to CA Certificates -> to authenticate clients based on certificates
  SSLCACertificatePath "/etc/ssl/certs/"

  # Logfiles -> Turns on debug level on custom log-files for this site
  CustomLog /var/log/apache2/access-www combined
  ErrorLog /var/log/apache2/error-www
  LogLevel debug

  # Protects the whole server, but can be reduced to specific paths on the server
  <Location />
    # Requires SSL connection to access the Location
    SSLRequireSSL

    # Requires Client verification, and verifies up to 2 intermediary CAs
    SSLVerifyClient require
    SSLVerifyDepth 2

    # Requires, that the client's DN in the certificates equals to "Peter Miller" or "Claus Burger"
    SSLRequire    %{SSL_CLIENT_S_DN_CN} in {"Peter Miller", "Claus Burger"}

    # Creates additional environment variables including client certificate data
    SSLOptions +ExportCertData

   </Location>

</VirtualHost>

Further details about the mod_ssl configuration can be found here.

SSL Certificate Storage

The SSL module does not recognise certificates, when they are not linked with their hash values. The most simple way to do this, is to use the command c_rehash from the package ca-certificates. 

# apt-get install ca-certificates
# c_rehash /etc/ssl/certs