doc: server configuration: update apache configuration, use php-fpm

- remove apache 2.2 configuration (2.4 was released in 2012)
This commit is contained in:
nodiscc 2023-10-04 14:30:11 +02:00
parent 1e7419eca9
commit 00ccae495c
No known key found for this signature in database
GPG key ID: 067FC4266A4B6909

View file

@ -121,7 +121,7 @@ If you don't want to rely on a certificate authority, or the server can only be
## Examples ## Examples
The following examples assume a Debian-based operating system is installed. On other distributions you may have to adapt details such as package installation procedures, configuration file locations, and webserver username/group (`www-data` or `httpd` are common values). In these examples we assume the document root for your web server/virtualhost is at `/var/www/shaarli.mydomain.org/`: The following examples assume a Debian-based operating system is installed. On other distributions you may have to adapt details such as package installation procedures, configuration file locations, and webserver username/group (`www-data` or `httpd` are common values). In these examples we assume that the web server and the `php-fpm` PHP interpreter are running as the same user, and the document root for your web server/virtualhost is at `/var/www/shaarli.mydomain.org/`,:
```bash ```bash
# create the document root (replace with your own domain name) # create the document root (replace with your own domain name)
@ -134,9 +134,14 @@ You can install Shaarli at the root of your virtualhost, or in a subdirectory as
### Apache ### Apache
```bash ```bash
# Install apache + mod_php and PHP modules # Install apache + php-fpm
sudo apt update sudo apt update
sudo apt install apache2 libapache2-mod-php php-json php-mbstring php-gd php-intl php-curl php-gettext sudo apt install apache2 libapache2-mod-md libapache2-mod-fcgid php8.2-fpm php8.2-mbstring php8.2-gd php8.2-intl php8.2-curl php8.2-gettext php8.2-ldap
# Enable required modules
sudo a2enmod ssl # SSL/TLS certificates https://httpd.apache.org/docs/current/mod/mod_ssl.html
sudo a2enmod rewrite # REST API support https://httpd.apache.org/docs/current/mod/mod_rewrite.html
sudo a2enmod headers # custom HTTP headers
# Edit the virtualhost configuration file with your favorite editor (replace the example domain name) # Edit the virtualhost configuration file with your favorite editor (replace the example domain name)
sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
@ -147,7 +152,7 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
ServerName shaarli.mydomain.org ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/ DocumentRoot /var/www/shaarli.mydomain.org/
# For SSL/TLS certificates acquired with certbot or self-signed certificates # If using certbot or self-signed certificates:
# Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests # Redirect HTTP requests to HTTPS, except Let's Encrypt ACME challenge requests
RewriteEngine on RewriteEngine on
RewriteRule ^.well-known/acme-challenge/ - [L] RewriteRule ^.well-known/acme-challenge/ - [L]
@ -155,31 +160,25 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost> </VirtualHost>
# SSL/TLS configuration for Let's Encrypt certificates managed with mod_md # If using mod_md:
#MDomain shaarli.mydomain.org MDomain shaarli.mydomain.org
#MDCertificateAgreement accepted MDCertificateAgreement accepted
#MDContactEmail admin@shaarli.mydomain.org MDContactEmail admin@shaarli.mydomain.org
#MDPrivateKeys RSA 4096 MDPrivateKeys RSA 4096
<VirtualHost *:443> <VirtualHost *:443>
ServerName shaarli.mydomain.org ServerName shaarli.mydomain.org
DocumentRoot /var/www/shaarli.mydomain.org/ DocumentRoot /var/www/shaarli.mydomain.org/
# SSL/TLS configuration for Let's Encrypt certificates acquired with certbot standalone
SSLEngine on SSLEngine on
# If using certbot:
SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem
# Let's Encrypt settings from https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSL/TLS configuration for self-signed certificates # If using self-signed certificates:
#SSLEngine on SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Optional, log PHP errors, useful for debugging # Optional, log PHP errors, useful for debugging
#php_flag log_errors on #php_flag log_errors on
@ -187,6 +186,10 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
#php_value error_reporting 2147483647 #php_value error_reporting 2147483647
#php_value error_log /var/log/apache2/shaarli-php-error.log #php_value error_log /var/log/apache2/shaarli-php-error.log
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
</FilesMatch>
<Directory /var/www/shaarli.mydomain.org/> <Directory /var/www/shaarli.mydomain.org/>
# Required for .htaccess support # Required for .htaccess support
AllowOverride All AllowOverride All
@ -200,8 +203,6 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
</FilesMatch> </FilesMatch>
</Directory> </Directory>
# BE CAREFUL: directives order matter!
<FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$"> <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$">
Require all denied Require all denied
</FilesMatch> </FilesMatch>
@ -230,22 +231,7 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
# Enable the virtualhost # Enable the virtualhost
sudo a2ensite shaarli.mydomain.org sudo a2ensite shaarli.mydomain.org
# mod_ssl must be enabled to use TLS/SSL certificates # Restart the apache service
# https://httpd.apache.org/docs/current/mod/mod_ssl.html
sudo a2enmod ssl
# mod_rewrite must be enabled to use the REST API
# https://httpd.apache.org/docs/current/mod/mod_rewrite.html
sudo a2enmod rewrite
# mod_headers must be enabled to set custom headers from the server config
sudo a2enmod headers
# mod_version must only be enabled if you use Apache 2.2 or lower
# https://httpd.apache.org/docs/current/mod/mod_version.html
# sudo a2enmod version
# restart the apache service
sudo systemctl restart apache2 sudo systemctl restart apache2
``` ```
@ -260,12 +246,8 @@ sudo systemctl restart apache2
### Nginx ### Nginx
This examples uses nginx and the [PHP-FPM](https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mariadb-php-lemp-stack-on-debian-10#step-3-%E2%80%94-installing-php-for-processing) PHP interpreter. Nginx and PHP-FPM must be running using the same user and group, here we assume the user/group to be `www-data:www-data`.
```bash ```bash
# install nginx and php-fpm # Install nginx and php-fpm
sudo apt update
sudo apt install nginx php-fpm sudo apt install nginx php-fpm
# Edit the virtualhost configuration file with your favorite editor # Edit the virtualhost configuration file with your favorite editor
@ -386,6 +368,7 @@ use `https://shaarli.mydomain.org/index.php/`.
* in your configuration file `config.json.php` set `general.root_url` to * in your configuration file `config.json.php` set `general.root_url` to
`https://shaarli.mydomain.org/index.php/`. `https://shaarli.mydomain.org/index.php/`.
## Allow import of large browser bookmarks export ## Allow import of large browser bookmarks export
Web browser bookmark exports can be large due to the presence of base64-encoded images and favicons/long subfolder names. Edit the PHP configuration file. Web browser bookmark exports can be large due to the presence of base64-encoded images and favicons/long subfolder names. Edit the PHP configuration file.