This is an old revision of the document!
sudo apt update sudo apt install apache2
sudo adduser <user> www-data sudo usermod -a -G www-data <user>
$ sudo apt update $ sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list sudo apt update
$ wget -q0 - https://packages.sury.org/php/apt.gpg | sudo apt-key add -
$ sudo apt update sudo apt install phpV.v
$ sudo a2enmod ssl $ sudo a2enmod proxy $ sudo a2enmod proxy_http $ sudo a2enmod rewrite
sudo apt install phpV.v-{bz2,curl,gd,mbstring,mysql,xml,zip} phpV.v-{bcmath}
sudo apt install phpV.v-{bz2,curl,gd,mbstring,mysql,xml,zip} phpV.v-{sqlite3}
sudo apt install phpV.v-json
sudo systemctl restart apache2 sudo service apache2 restart
sudo a2dismod phpV.v sudo a2enmod phpV.v sudo systemctl restart apache2 sudo service apache2 restart
sudo update-alternatives --set php /usr/bin/phpV.v sudo update-alternatives --set phar /usr/bin/pharV.v sudo update-alternatives --set phar.phar /usr/bin/phar.pharV.v
php -v
php -m | grep -i mysql
<?php phpinfo();?>
php --ini
max_execution_time = 120 max_input_vars = 2000 memory_limit = 512M post_max_size = 32M sys_temp_dir = "/tmp" upload_tmp_dir = "/tmp" upload_max_filesize = 16M date.timezone = Asia/Bangkok
php -i > /var/www/html/php_info.txt
sudo apt install phpV.v-dev autoconf automake
tar -xvzf xdebug-3.1.5.tgz
within a temp folder, then change to that folder, run phpize and check it's output:cd xdebug-3.1.5 phpize Configuring for: ... Zend Module Api No: 20190902 (7.4), 20200930 (8.0), 20210902 (8.1) Zend Extension Api No: 320190902 (7.4), 420200930 (8.0), 420210902 (8.1)
./configure make
sudo cp modules/xdebug.so /usr/lib/php/{20190902, 20200930, 20210902}
zend_extension = /usr/lib/php/20190902/xdebug.so xdebug.remote_enable=1 xdebug.remote_port=9000 (default: 9000) xdebug.profiler_enable=0 xdebug.profiler_enable_trigger=1 xdebug.profiler_output_dir=PATH_TO_PROFILER_OUTPUT_DIR xdebug.remote_log=PATH_TO_LOG/xdebug.log
/etc/php/8.0/apache2/conf.d/99-xdebug.ini
and add lines:zend_extension = xdebug xdebug.remote_port=9000 (default: 9003) xdebug.mode=debug
php -m
. This lists all loaded modules. Xdebug should appear twice there (once under 'PHP Modules' and once under 'Zend Modules').Debian 10, other than Debian 9, requires manual installation of phpmyadmin, phpmyadmin has been removed from Debian's repositories.
wget https://files.phpmyadmin.net/phpMyAdmin/5.0.2/phpMyAdmin-5.0.2-english.tar.gz
tar xvf phpMyAdmin-5.0.2-english.tar.gz sudo mv phpMyAdmin-5.0.2-english/ /usr/share/phpmyadmin
sudo mkdir -p /var/lib/phpmyadmin/tmp sudo chown -R www-data:www-data /var/lib/phpmyadmin
sudo vim /var/lib/phpmyadmin/blowfish_secret.inc.php <?php $cfg['blowfish_secret'] = '32-CHAR-LONG-SECRET-KEY'; <ESC>:wq sudo chown root:www-data /var/lib/phpmyadmin/blowfish_secret.inc.php sudo chmod 640 /var/lib/phpmyadmin/blowfish_secret.inc.php
cd /etc/apache2/conf-available ln -s ../../phpmyadmin/apache.conf phpmyadmin.conf cd ../conf-enabled ln -s ../conf-available/phpmyadmin.conf phpmyadmin.conf
cd /usr/share/phpmyadmin ln -s /etc/phpmyadmin/config.inc.php config.inc.php ln -s /etc/phpmyadmin/config.header.inc.php config.header.inc.php ln -s /etc/phpmyadmin/config.footer.inc.php config.footer.inc.php
vim /etc/phpmyadmin/conf.d/tempdir.php <?php $cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';
mysql -u <my-admin-user> -p SELECT user,host FROM mysql.user; CREATE USER 'user'@'localhost' IDENTIFIED BY 'password'; GRANT USAGE ON phpmyadmin.* TO phpmyadmin
sudo chown root:www-data /etc/phpmyadmin/config-db.php sudo chmod 640 /etc/phpmyadmin/config-db.php
sudo mariadb GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION; exit
cd /usr/share/phpmyadmin/ sudo wget https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-english.tar.gz tar xzf phpMyAdmin-5.1.0-english.tar.gz sudo mv phpMyAdmin-5.1.0-english phpmyadmin
define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/'); define('CONFIG_DIR', '/etc/phpmyadmin/');
export APACHE_RUN_USER=<user> export APACHE_RUN_GROUP=<user>
/etc/init.d/apache2 restart rm /var/lib/php/sessions/*
ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'
sudo chown root:<user> /var/lib/phpmyadmin/blowfish_secret.inc.php sudo chown -R <user>:<user> /var/lib/tmp sudo chown root:<user> /etc/phpmyadmin/config-db.php
takeown /F X:\FULL_PATH_TO_FOLDER takeown /F X:\FULL_PATH_TO_FOLDER /r /d y icacls X:\FULL_PATH_TO_FOLDER /grant Administrators:F icacls X:\FULL_PATH_TO_FOLDER /grant Administrators:F /t
Modify /etc/apache2/mods-available/mdm-prefork.conf and restart apache2
$ sudo apache2ctl -V | grep MPM vim /etc/apache2/mods-available/mdm-prefork.conf MaxRequestedWorkers 400 ServerLimit 400 $ sudo service apache2 restart
sudo apt install python-certbot-apache
certbot
certbot certificates
certbot --expand -d example.com,www.example.com,click.example.com certbot certonly --webroot --agree-tos -w /srv/www/letsencrypt/ --expand -d example.com,www.example.com,click.example.com
certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem
certbot delete --cert-name www.example.com
certbot delete
chrome://flags/#allow-insecure-localhost
openssl req -x509 -nodes -new -sha256 -days 1024 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA" openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = localhost.yourdomain.tld DNS.3 = machine1.yourdomain.tld DNS.4 = machine2.yourdomain.tld
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local" openssl x509 -req -sha256 -days 1024 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
SSLEngine on SSLCertificateFile "/home/user/certs/ssl/localhost.crt" SSLCertificateKeyFile "/home/user/certs/ssl/localhost.key"
openssl x509 -text < $CERT_FILE
* Setup a VirtualHost on your main apache server, which for this example is now called “proxy”. * There needs to be another (regular) VirtualHost file on the backuppc server, which for this example is now called “host”. * The SSL certificates are served from the “proxy” through access to https://sub.domain.tld * The “host” serves an unencrypted site through port 80. This assumes your local network is secure.
* sub.domain.tld: external domain name with which you access the “host” behind the “proxy” * host.yourdomain.tld: internal domain name of your “host”. You may also choose to have both names the same.
<VirtualHost *:80> ServerName sub.domain.tld Redirect 301 / https://sub.domain.tld <VirtualHost> <VirtualHost *:443> ServerName sub.domain.tld ServerAdmin you@domain.tld DocumentRoot /var/www/html/yoursite SSLEngine on RedirectMatch ^/$ /yourapp/ # use this if backuppc is not the default app, or if you need to access another app on the same server <Location "/yourapp/"> ProxyPass "http://host.yourdomain.tld/yourapp/" ProxyPassReverse "http://host.yourdomain.tld/yourapp/" Require all granted </Location> # add other options such as Files and Directory permissions Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/sub.domain.tld/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/sub.domain.tld/privkey.pem </VirtualHost>