xenogenesi::blog
memento
3d adt android apache2 app apt aria2 build bullet cflags chromium codeigniter debian demoscene dependencies dpkg driver emulator freeglut gcc gfx git glut htaccess javascript json kernel linux make metalink minimal mysql opengl php python raspbian realtime rpi specs template toolchain update-alternatives video wifi wordpress

debian/stretch, apache2, mod_rewrite and .htaccess

by default debian/stretch apache2 installation have mod_rewrite disabled (at least the one used with debootstrap and lxc containers) so few steps are needed to enable it and .htaccess files

enable mod_rewrite (apache2 must be restarted, see below)

a2endmod rewrite

in the virtual host configuration enable .htaccess (apache2 must be restarted, see below)

<Directory "/var/www/htdocs">
     AllowOverride All
</Directory>

optionally enable mod_rewrite log (in the virtual host configuration) output goes into error.log (don’t leave it enabled in production) note: rewrite engine may need to be enabled before (apache2 must be restarted, see below)

RewriteEngine On
LogLevel alert rewrite:trace6

restart apache

systemctl restart apache2

SSL Let’s encrypt on Debian stretch with dehydrated

Assuming you’ve apache2 already installed and a reachable internet server running

apt-get install dehydrated

Add/edit /etc/apache2/conf-available/letscrypt.conf (notice the difference between the alias and the real directory which is plural acme-challenges):

Alias /.well-known/acme-challenge/ "/var/lib/dehydrated/acme-challenges/"
<Directory "/var/lib/dehydrated/acme-challenges/">
        Options None
        AllowOverride None
        # Apache 2.x
        <IfModule !mod_authz_core.c>
                Order allow,deny
                Allow from all
        </IfModule>
        # Apache 2.4
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
</Directory>

Add/edit /etc/dehydrated/conf.d/99_email.sh:

CONTACT_EMAIL="anymail@yourdomain"

Edit /etc/dehydrated/domains.txt, set the domains for which generate certificates.

Restart apache2 and run dehydrated -c, it should create the domain certs.

Edit your apache’s host file (/etc/apache2/sites-available/default-ssl.conf), replace DOMAIN with your domains:

SSLCertificateFile /var/lib/dehydrated/certs/DOMAIN/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/DOMAIN/privkey.pem

Add/edit /etc/cron.daily/dehydrated:

#!/bin/sh

exec /usr/bin/dehydrated -c >/var/log/dehydrated-cron.log 2>&1

Run chmod 0755 /etc/cron.daily/dehydrated

Add/Edit /etc/logrotate.d/dehydrated:

/var/log/dehydrated-cron.log
{
        rotate 12
        monthly
        missingok
        notifempty
        delaycompress
        compress
}

git-http

create a repository

cd /var/git
mkdir my-new-repo.git
cd my-new-repo.git
git --bare init

/etc/apache2/conf-available/git-http.conf:

SetEnv GIT_PROJECT_ROOT /var/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend
#/usr/libexec/git-core/git-http-backend/

RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]

<LocationMatch "^/git/">
        Order Deny,Allow
        Deny from env=AUTHREQUIRED
        AuthType Basic
        AuthName "Git Access"
#        Require group committers
#        Satisfy Any
        AuthUserFile /etc/apache2/passwd.git
        Require valid-user
</LocationMatch>

enable the conf, create the user/password

a2enconf git-http    
htpasswd -c /etc/apache2/passwd.git <user>
# restart apache

apache2/php/mysql (logs) timezone

Setting timezone for apache/php/mysql (logs timestamp also)

# apache2 on debian (it get system tz)
dpkg-reconfigure tzdata

# this doesn't work (maybe useful for .htaccess/vhosts?)
echo "SetEnv TZ Europe/Rome" > /etc/apache2/conf-available/tz-rome.conf
service apache2 reload

# php
echo 'date.timezone = "Europe/Rome"' > /etc/php5/apache2/conf.d/30-tz-rome.ini

# mysql (untested)
default-time-zone = "Europe/Rome"