apache2


I - Commandes


# run syntax check for config files
$ apache2ctl -t
# or
$ apache2ctl configtest

# environnement variables (used by apache2.conf)
$ vim /etc/apache2/envvars

VirtualHost

<VirtualHost *:80>
  # ....
</VirtualHost>

<VirtualHost 192.168.1.10:80>
  # ....
</VirtualHost>
t>

Sites

# create new web site (*.conf)
$ vim /etc/apache2/sites-available/mon-site.fr.conf
# or
$ cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/mon-site.fr.conf

# enable site (without .conf, add symlink)
$ a2ensite mon-site.fr

# disable site (remove symlink)
$ a2dissite mon-site.fr

Modules

# MODULES

# install module (générique)
$ apt install libapache2-mod-*

# list modules available
$ ls -al /etc/apache2/mods-available
# some modules have .conf associed

# enable module (add sym link)
$ a2enmod ssl

# disable module (delete sym link)
$ a2dismod ssl

# list enabled modules
$ ls -al /etc/apache2/mods-enabled

II - Informations


# show enabled sites
$ a2query -s

# show enabled modules
$ a2query -m

# show enabled conf
$ a2query -c

III - Exemple de configuration


<VirtualHost: *:80>
  ServerName mon-site.fr
  ServerAlias *.mon-site.fr

  Redirect 301 / https://mon-site.fr
</VirtualHost>

<VirtualHost: *:443>
  ServerName mon-site.fr
  ServerAlias *.mon-site.fr

  ServerAdmin mon-email@gmail.com

  DocumentRoot /var/www/mon-site.fr
  <Directory /var/www/mon-site.fr>
    Options -Indexes +FollowSymlinks
    AllowOverride All
    Require all granted
  </Directory>

  ErrorLog /var/log/apache2/mon-site.fr/error.log
  CustomLog /var/log/apache2/nextcloud/access.log combined

  ErrorDocument 404 /var/www/mon-site.fr/404.html
  ErrorDocument 503 /var/www/mon-site.fr/503.html

  ServerSignature Off

  # gérer les certificats SSL ...

</VirtualHost>

IV - Autre


# Port d'écoute
Listen 80

# User et Group
User www-data
Group www-data

# Repertoire d'installation Apache
ServerRoot /etc/apache2

# Pour URL
<Location /private_access> # <LocationMatch private/*>
	Require host .eni.labs
	Require ip 10.75
</Location>

# Si
<If "%{TIME_HOUR} -le 9 || %{TIME_HOUR} -ge 17">
	Require all denied
	ErrorDocument "Désole, ressource accessible seulement de 9h à 17h"
</If>

# Fichier PID
PidFile /var/logs/apache2/apache.pid

# Ports
Listen 80
Listen 10.75.0.51:80

# Vérifie si user posséde autorisation d'acces
Require all granted # sans restriction
Require all denied # toujours refusé

# Pour authentification
<Directory /opt/app/upload>
	AuthType Basic
	AuthName "Acces authentifie"
	AuthBasicProvider file
	AuthUserFile /opt/app/htpasswd
	Require valid-user
</Directory>

<RequireAll> <RequireAny> <RequireNone>
	Require ip 10.0.0.0
	Require group DSI Exploitation
</RequireAll>

AuthName "Acces authentifie"
AuthType Basic