Copyright (C) 2008-2020 Oliver Bohlen.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".
This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
I use name based virtual hosts for multiple domains under the same IP. Here is my Webserver and PHP configuration.
Before installing (emergeing) apache, change the /etc/make.conf as shown below.
If you want to use this solution you need the following howto(s) finished:
emerge www-servers/apache
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/apache2/modules.d/00_mod_log_config.conf
Changed on 13.01.09This activates apache logging for with vhost names in the log file
CustomLog /var/log/apache2/access_log commonAfter change
CustomLog /var/log/apache2/access_log vhost
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/apache2/vhosts.d/01_vhosts.conf
Changed on 13.01.09Here are some settings for name based virtual hosts and some security settings before.
# Some default settings Listen 80 Listen 443 #NameVirtualHost *:80 #NameVirtualHost *:443 # ServerName ServerName xgabosh.example.com # Directory Index DirectoryIndex index.html # MPM-Settings ServerLimit 500 MaxClients 500 # Some security settings Timeout 60 # Allow a maximum of 100MB for upload. LimitRequestBody 104857600 # Mallow a maximum of 50 headersites LimitRequestFields 50 # Sets maximum length of the from client sent HTTP-Request-Headers LimitRequestFieldsize 4094 # Maximum leght of HTTP request line LimitRequestLine 8190 # Allow a maximum of 100MB for upload. per webdav LimitXMLRequestBody 104857600 # ITK Settings LimitUIDRange 10 20000 LimitGIDRange 10 20000 # Deactvate SSL compression SSLCompression off # deactivate SSLv2+3 (Poodle Attack) SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # Ciphers recommended by Mozilla https://wiki.mozilla.org/Security/Server_Side_TLS # TEST: https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.example.com SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 #SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLHonorCipherOrder on #SSLCipherSuite EECDH+AES:EDH+AES:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5 SSLCertificateFile /etc/ssl/example.com/example.com.crt SSLCertificateKeyFile /etc/ssl/example.com/example.com.key SSLCertificateChainFile /etc/ssl/example.com/letsencryptchain.pem # OCSP Stapling #SSLUseStapling on #SSLStaplingResponderTimeout 5 #SSLStaplingReturnResponderErrors off #SSLStaplingCache shmcb:/var/run/ocsp(128000) # Secure cookies Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure # Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" # Load LDAP Auth modules LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so # Security <Directory /> Require all denied Options None AllowOverride None </Directory> <Directory /var/www> Require all granted Options None AllowOverride None </Directory> <Directory /srv/www> Require all granted Options None AllowOverride None </Directory> ServerSignature Off TraceEnable off # Disables massive http 206 RequestHeader unset Range # Server-status LoadModule status_module /usr/lib/apache2/modules/mod_status.so ExtendedStatus On <Location /server-status> SetHandler server-status Require all denied Require host 127.0.0.1 Require host my.lan.network.ip/16 Require host XXX.XXX.XXX.XXX/16 </Location> # Know Media Files AddType audio/mpeg mp3 AddType audio/mp4 m4a AddType audio/ogg ogg oga AddType video/webm webm # favicon.ico for all Alias /favicon.ico /var/www/gabosh.ico # VHost Templade Macro <Macro VHost $vhost> # HTTP <VirtualHost *:80> ServerName $vhost DocumentRoot /var/www/$vhost/htdocs # letsencrypt noproxy ProxyPass /.well-known/acme-challenge ! # Additional Config Include /etc/apache2/vhosts.d/vhosts/$vhost.vhost # letsencrypt auth Include /etc/apache2/vhosts.d/letsencrypt.include # favicon.ico for PW-Secured sites <Location /favicon.ico> Require all granted </Location> </VirtualHost> # HTTPS <VirtualHost *:443> ServerName $vhost DocumentRoot /var/www/$vhost/htdocs # Activate SSL for VHost SSLEngine on # letsencrypt noproxy ProxyPass /.well-known/acme-challenge ! # Additional Config Include /etc/apache2/vhosts.d/vhosts/$vhost.sslvhost # letsencrypt auth Include /etc/apache2/vhosts.d/letsencrypt.include # favicon.ico for PW-Secured sites <Location /favicon.ico> Require all granted </Location> </VirtualHost> </Macro> # default vHost <VirtualHost *:80> Redirect / http://www.example.com/ </VirtualHost> <VirtualHost *:443> Redirect / http://www.example.com/ SSLEngine on Include /etc/apache2/vhosts.d/letsencrypt.include </VirtualHost> # Generate VHosts from Macro Use VHost www.example.com Use VHost fbofl.example.com Use VHost drucker-ofl.example.com Use VHost get.example.com Use VHost mailman.example.com Use VHost doc.example.com Use VHost gtc.example.com #Use VHost mdforms.example.com Use VHost camofl.example.com Use VHost epson.example.com Use VHost fhem.example.com Use VHost fhemphone.example.com Use VHost fhemtablet.example.com Use VHost status.example.com Use VHost olmusic.example.com Use VHost nextcloud.example.com Use VHost nextcloud-test.example.com Use VHost autoconfig.example.com Use VHost vnc.example.com Use VHost share.example.com <Location /favicon.ico> Require all granted </Location>
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/conf.d/apache2
Changed on 09.09.08Apache startoptions for enabling PHP5 and SSL
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE"After change
APACHE2_OPTS="-D DAV -D DAV_FS -D PHP -D SSL -D LANGUAGE -D PROXY -D MPM_ITK -D AUTHNZ_EXTERNAL"
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/php/gabosh-php.ini
Changed on 23.02.11PHP-Configuration
; Don't log deprecated errors error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT ; Don't display errors display_errors = Off display_startup_errors = Off track_errors = Off html_errors = Off ; Log errors to file error_log = /var/log/apache2/php_errors.log ; Maximum post size of 20MB post_max_size = 100M ; Maximum of 20MB upload upload_max_filesize = 100M ; Default timezone for PHP date.timezone = "Europe/Berlin" ; Maximum of 200 MySQL active connections at the same time mysql.max_persistent = 200 ; Maximum of 300 MySQL connections at the same time mysql.max_links = 300 ; Set max memory memory_limit = 512M
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/portage/make.conf
Changed on 13.01.09The Apache MPM which should be compiled in
APACHE2_MPMS="prefork" APACHE2_MODULES="$APACHE2_MODULES cgid proxy proxy_http proxy_wstunnel macro"
For starting the new service after system reboot you should add it to a runlevel with the following command(s):
rc-update add apache2
Please send a feedback to: doc<at>gabosh.net
Howto listingHere you can find the official Gentoo Linux Forums where you can find a lot of answers.
Here a link to the official Gentoo Linux Homepage.