[TOC]
Install Apache2 and PHP
IF you've already installed apache (and it requires the user auth modules)
apt-get download apache2.2-common
apt-get install apache2
and install php: http://www.debianadmin.com/apache2-web-server-with-php-support-in-ubuntu.html
apt-get install php5
apt-cache search mod-php
apt-get install libapache2-mod-php5
Configure Apache2 Virtual Directory
add custom pages to our apache/trac
Alias /webpages/ "/trac-root/webpages/"
because /trac-root/webpages is not in the /var/www
<Directory /trac-root/webpages/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
AuthName "THIS IS A PROTECTED FOLDER"
AuthType Basic
AuthUserFile /trac-root/userlist.password
Require valid-user
</Directory>
The above allows Directory Browsing, follow sym links allows symbolic links, multiviews allows the server to "understand" that if /dirname doesn't exist to look for dirname.htm/html/php
Permissions
proper permissions for files in the /webpages/ directory should be chown root webpages
or owner nobody for security
chgrp www-data webpages
allows apache to use the dir
more specifically
chmod 450 webpages
( = chmod g+r webpages AND chmod g+x webpages but reducing "owner" & "other" to minimum)
(WE NEED THE EXECUTE PERMISSIONS on the directory)
A more secure production example
nano /etc/apache2/sites-available/default
Alias /webpages/ "/trac-root/webpages/"
because /trac-root/webpages is not in the /var/www
<Directory /trac-root/webpages/>
Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "THIS IS A PROTECTED FOLDER"
AuthType Basic
AuthUserFile /trac-root/userlist.password
Require valid-user
</Directory>
Validating the configuration
/etc/init.d/apache2reload (maybe unnecessary as it reload modules?)
/etc/init.d/apache2 restart (or apache2ctl graceful)
And then browse to http://domain/webpages (or http://127.0.0.1/webpages even!)
Optimization and Security references
- http://drupal.org/node/104847
- http://phplens.com/lens/php-book/optimizing-debugging-php.php
- PHP CODE WRITING SECURITY http://www.peachpit.com/articles/article.aspx?p=712187
- apache security continued http://www.petefreitag.com/item/505.cfm