Apache2 Installation on Debian Etch¶
- Table of contents
- Apache2 Installation on Debian Etch
Installing Apache2 Web Server¶
Currently, Apache 2.2 is included within the stable release of Debian Etch. It can be installed easily with the following command line:
# apt-get install apache2
Installing the Python Module¶
In order to use Apache's Python module, the python-mysqldb package must be installed.
# apt-get install python-mysqldb
To enable the module, use the following commands
# apt-get install libapache2-mod-python # a2enmod mod_python # /etc/init.d/apache2 restart
Installing the Subversion Modules¶
In order to use Apache's Subversion module, the libapache2-svn package must be installed.
# apt-get install libapache2-svn
To enable the modules, use the following commands and restart the apache2 server
# a2enmod dav # a2enmod dav_svn # /etc/init.d/apache2 restart
Restarting the Apache2 Web Server¶
Complete Server Shutdown and Restart¶
This stops the server and starts the server again
# /etc/init.d/apache2 restart
Enabling SSL Authentication¶
SSL Authentication can be enables within the virtual host configuration of your web site.
Therefore, create a file (e.g. www) related to your hostname in /etc/apache2/sites-available/ on your server.
By this way, you can turn on/off the site using the commands a2ensite and a2dissite e.g.
# a2ensite www
SSL Client Authentication¶
SSL Client Authentication enables authentication of users based on certificates.
Next, a basic configuration file is provided, to use SSL based client authentication.
NameVirtualHost www.example.org:443 <VirtualHost www.example.org:443> ServerName www.example.org DocumentRoot /var/www ServerAdmin root@www.example.org # Use SSL SSLEngine On # web server's certificate SSLCertificateFile "/etc/ssl/certs/www-cert.pem" # web server's private key SSLCertificateKeyFile "/etc/ssl/private/www-key.pem" # Path to CA Certificates -> to authenticate clients based on certificates SSLCACertificatePath "/etc/ssl/certs/" # Logfiles -> Turns on debug level on custom log-files for this site CustomLog /var/log/apache2/access-www combined ErrorLog /var/log/apache2/error-www LogLevel debug # Protects the whole server, but can be reduced to specific paths on the server <Location /> # Requires SSL connection to access the Location SSLRequireSSL # Requires Client verification, and verifies up to 2 intermediary CAs SSLVerifyClient require SSLVerifyDepth 2 # Requires, that the client's DN in the certificates equals to "Peter Miller" or "Claus Burger" SSLRequire %{SSL_CLIENT_S_DN_CN} in {"Peter Miller", "Claus Burger"} # Creates additional environment variables including client certificate data SSLOptions +ExportCertData </Location> </VirtualHost>
Further details about the mod_ssl configuration can be found here .
SSL Certificate Storage¶
The SSL module does not recognise certificates, when they are not linked with their hash values. The most simple way to do this, is to use the command c_rehash from the package ca-certificates.
# apt-get install ca-certificates # c_rehash /etc/ssl/certs
Updated by Andreas Müller almost 2 years ago · 8 revisions