the software

When we are talking about web servers apache is first match on google. LAMP or WAMP became over a long period as standard. But since some years nginx is pronounced as solution in global acting institutions. Where apache lacks nginx comes up with strengh but all good solutions have a small disatvantage - the easy to use problem. Apache defenitly solves this problem. Good documentation, easy install and configuration and lots of modules which are well documented.

If it comes to HA- or REVERSE-Proxie and Load-Balancing you better go with nginx. If it should go fast and easy better try apache. When webserver is installed and started installing php and a cms is not a big thing anymore.

The reason why I combine apache and php in this howto is that the webserver itself has only the possibility to provide html code, but whe it comes to scripting or coding OO languages apache and php for example goes hand in hand.

the user

No need to operate as root. Root can do

rm -Rf /*

the user can't - try it - you will do it only once! Second argument is that the most common attack brute force vector tries first to access as root. Disallow ssh root access combined with iptables ( ufw ) and fail2ban saves you a lot of headaches.

the kick in

The most important part of base setup is the reconfiguration of the sshd. Restrict the ssh login and turn on the firewall. After installing fail2ban we've build a good base for headless OS.

ATTENTION - before you restrict the ssh daemon you need to login as user [ m0r4k ] and try [ sudo su ]. If this doesn't work you won't get su privileges anymore and you are locked out as superuser!

apt install -y apache2
apt-get install -y libapache2-mod-php
apt-get install php

the apache config

Your web server is installed and ready to use. In the location /var/www/html you can find the index.html. Modify it and see the result in the browser, but remember to restart the server each time. HTML is static - php more or less dynamic so the "standard" rule says - if you code a static file you need to reload the apache2 daemon. Changing a php script "normally" doesn't need a reload.

But if the standard setup of apache2 is not enough because we have a multiple domain setup we need to change the 000_default.conf of apache2 to setup virtual hosts. In my opinion you are doing good to separate all hosts in different files not to lose the overview.

In our case we configure z3r0.at as our domain and  www.z3r0.at as subdomain. I will explain the followed commands in another section - to fasten up this process I won't go in details of enabling rewrite module or enabling an apache2 site.

apache2
cd /etc/apache2/sites-available
ls
000-default.conf default-ssl.conf
cp 000-default.conf z3r0-at.conf
cat z3r0-at.conf
/etc/apache2/sites-available/z3r0-at.conf
<VirtualHost *:80>

	ServerName z3r0.at
    ServerAlias www.z3r0.at ww.z3r0.at wwww.z3r0.at

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/z3r0

  	<Directory /var/www/z3r0/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all	
	</Directory>


	ErrorLog ${APACHE_LOG_DIR}/error_z3r0.log
	CustomLog ${APACHE_LOG_DIR}/access_z3r0.log combined

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Do you see the difference? What did I change? Right - the ServerName, ServerAlias, DocumentRoot, ErrorLog and CustomLog. So let's create the DocumentRoot and fire up the server with "HelloWorld" output.

startup
mkdir /var/www/z3r0
chown www-data:www-data /var/www/z3r0
echo "<h1> HelloWorld </h1>" >> /var/www/z3r0/index.html
a2ensite z3r0-at.conf #apache enable site  = a2ensite
a2enmod rewrite       #apache enable mod   = a2enmod
systemctl restart apache2

the extensions

With apache2 and php you can do already view an html page and script some php code. The libapache2-mod-php allows to execute php scripts on web server, but php without its powerfull extensions is quite boring to use. Also most php-frameworks do need additional software to be installed on your system.

In our case we gonna install the dependencies to run typo3 cms but installing deps for wordpress is almost the same.

php extensions
apt install -y php-gd php-mysql php-xml php-zip php-intl
apt install -y imagemagick

the php finetune

Some parameters of php has to be fine tuned because a restricted use of the software is welcome not to stress out the system or its memory. The web server runs under a "system user" called www-data and these running processes need system resources like ram and cpu time. 

For example your system has 1GB of ram it is save to allow php to use 256MB to 512MB for processing with fast results. But php also needs a restriction to know when script runs out of time of execution to stop. There are so many options to fine tune but most important for TYPO3 are these.

 

setting

orig.

new

max_execution_time30240
max_input_vars10001500
upload_max_filesize2256

To fasten things up we gonna use sed, but it is on you to open the config file  with your prefered editor. 

/etc/php/7.3/apache2/php.ini
sed "s/max_execution_time \= 30/max_execution_time \= 240/g"  -i /etc/php/7.3/apache2/php.ini
sed "s/\;max_input_vars \= 1000/max_input_vars \= 1500/g"  -i /etc/php/7.3/apache2/php.ini
sed "s/upload_max_filesize \= 2/upload_max_filesize \= 256/g"  -i /etc/php/7.3/apache2/php.ini
sed "s/post_max_size \= 8/post_max_size \= 256/g"  -i /etc/php/7.3/apache2/php.ini