Sunday, 11 December 2011

The FreeBSD Experience - Part 5 : Apache/Joomla

In this part, I continue with my FreeBSD server and configure it to host two Joomla sites. Let's say I'm going to create seperate sites for John and Jenn. First go to the directory containing the original Joomla installation:

cd /usr/local/www/
cp -Rp joomla john
cp -Rp joomla jenn
chown www:www john
chown www:www jenn

Now I have two seperate Joomla installations (it is advised to copy the original Joomla directory before starting your installation). Next is adding virtual hosts in the Apache config.

Uncomment the following line in /usr/local/etc/apache22/httpd.conf:

Include etc/apache22/extra/httpd-vhosts.conf



Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf and add a comparable config like this (be sure to have your DNS-server support this otherwise use IP-adresses):
<VirtualHost *:80>
    ServerAdmin webmaster@yoursystem.local
    DocumentRoot "/usr/local/www/john"
    ServerName john.yoursystem.local
    ServerAlias john
    ErrorLog "/var/log/john-error_log"
    CustomLog "/var/log/john-access_log" common
    <Directory "/usr/local/www/john">
        Order Allow,Deny
        Allow From All
        AllowOverride All
        Options Indexes FollowSymLinks ExecCGI
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@yoursystem.local
    DocumentRoot "/usr/local/www/jenn"
    ServerName jenn.yoursystem.local
    ServerAlias jenn
    ErrorLog "/var/log/jenn-error_log"
    CustomLog "/var/log/jenn-access_log" common
    <Directory "/usr/local/www/jenn">
        Order Allow,Deny
        Allow From All
        AllowOverride All
        Options Indexes FollowSymLinks ExecCGI
    </Directory>
</VirtualHost>
Here's some info on virtual hosts from Apache.

Before activating the second site decide if you want to create a new database or use the same database (if both are going to be busy sites, add a database per joomla installation).

SSL
Adding SSL to Apache does not automatically mean your Joomla site is reachable via HTTPS.Apache needs to be aware of vhosts which require ssl and of course we need certificates to encrypt our traffic.

Creating certficates:
 The commands below create, sign and install certficates usable by Apache.
cd ~
mkdir -p certs
cd certs


openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

mkdir -p /usr/local/etc/apache22/ssl.key
mkdir -p /usr/local/etc/apache22/ssl.crt
chmod 0400 /usr/local/etc/apache22/ssl.key
chmod 0400 /usr/local/etc/apache22/ssl.crt


cp server.key /usr/local/etc/apache22/ssl.key/
cp server.crt /usr/local/etc/apache22/ssl.crt/

chmod 0400 /usr/local/etc/apache22/ssl.key/server.key
chmod 0400 /usr/local/etc/apache22/ssl.crt/server.crt
Update the apache config:
Add / uncomment the following line in /usr/local/etc/apache22/httpd.conf:
Include etc/apache22/extra/httpd-ssl.conf

Add this to /usr/local/etc/apache22/httpd-vhosts.conf:

NameVirtualHost *:443

Edit httpd-ssl.conf and add your sites:

<VirtualHost *:443>
     ServerAdmin webmaster@yoursystem.local
     DocumentRoot "/usr/local/www/john"
     ServerName john.yoursystem.local
     ServerAlias john
     ErrorLog "/var/log/john-error_log"
     CustomLog "/var/log/john-access_log" common
     SSLEngine on
     SSLCertificateFile /usr/local/etc/apache22/server.crt
     SSLCertificateKeyFile /usr/local/etc/apache22/server.key
     <Directory "/usr/local/www/john">
          Order Allow,Deny
          Allow From All
          AllowOverride All
          Options Indexes FollowSymLinks ExecCGI
     </Directory>
</VirtualHost>

<VirtualHost *:443>
     ServerAdmin webmaster@yoursystem.local
     DocumentRoot "/usr/local/www/jenn"
     ServerName jenn.yoursystem.local
     ServerAlias jenn
     ErrorLog "/var/log/jenn-error_log"
     CustomLog "/var/log/jenn-access_log" common
     SSLEngine on
     SSLCertificateFile /usr/local/etc/apache22/server.crt
     SSLCertificateKeyFile /usr/local/etc/apache22/server.key
     <Directory "/usr/local/www/jenn">
          Order Allow,Deny
          Allow From All
          AllowOverride All
          Options Indexes FollowSymLinks ExecCGI
     </Directory>
</VirtualHost>
Restart Apache
apachectl restart
Be aware of a few things:
1. Having multiple sites at one server with one certficate can pose a challenge, especially with name based vhosts read.
2. If you're running multiple sites with a common domain name, use a wildcard certificate.
3. Joomla itself has also SSL options (which you use for example at a webhosting site). It's on my to-do list for investigation.

I hope this was helpful. My next project is getting Wordpress running. Till next time !

Geplaatst door Marcel op 16:08
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)