This is an old revision of the document!
New versions of apache2 require a chain of certs in one file, not anymore separate files:
cat /etc/apache2/ssl/cert.crt /etc/apache2/ssl/intermediate.crt > /etc/apache2/ssl/chain.crt
Common SSL-Cert config for all vhosts in 000-default:
# cert-file: # SSLCertificateFile /etc/apache2/ssl/cert.crt # replaced by chain-file: SSLCertificateFile /etc/apache2/ssl/chain.crt
# the selfmade private key file associated with the certificate # generated via $ openssl genrsa -out domain.privatekey 2048 # CSR - Certificate Signing Request - for this private key was generated via # $ openssl req -new -key domain.privatekey -out domain.csr # uploaded to cert registry
SSLCertificateKeyFile /etc/apache2/ssl/domain.privatekey
# DEPRECATED: # now SSLCertificateFile contains the chain of rapidssl-intermediate and domain crt - see above! # SSLCertificateChainFile /etc/apache2/ssl/rapidssl_intermediate.crt
Check your certs:
Cert trusted by CA?
openssl verify -CAfile intermediate.crt cert.crt
private key ok? - should return the same value:
openssl x509 -noout -modulus -in certificate.crt openssl rsa -noout -modulus -in private.key
Use php-fpm for better performance and better security: run each domain in its own “pool” - processes per user. This way you also have less permission problems with sftp.
apt-get install apache2 libapache2-mod-fastcgi php5-fpm a2enmod actions cp /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.backup mcedit /etc/apache2/mods-enabled/fastcgi.conf <IfModule mod_fastcgi.c> AddType application/x-httpd-fastphp5 .php Action application/x-httpd-fastphp5 /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization <Directory /usr/lib/cgi-bin> Require all granted </Directory> </IfModule>
apache2ctl configtest /etc/init.d/apache2 restart
check if a phpfpm “www” pool process is running
now configure pools for each domain/vhost
cd /etc/php5/fpm/pool.d/ cp www.conf {user1.conf,user2.conf}
replace all appearances of “www” in user.conf
/etc/init.d/php-fpm restart
You need to edit your vhosts to use the new pool. Replace USERNAME by the poolname you just created and VHOSTNAME by a dfifferent name in each vhost:
<VirtualHost *:80> ... <IfModule mod_fastcgi.c> Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi-${USERNAME}-VHOSTNAME -socket /var/run/php5-fpm-${USERNAME}.sock -pass-header Authorization </IfModule> ...
The username must be an exisiting user in the system. e.g.:
adduser --disabled-login USERNAME adduser www-data USERNAME mkdir /var/www/USERNAME chown -R USERNAME:USERNAME /var/www/USERNAME chmod 750 /var/www/USERNAME
Links: