by default debian/stretch apache2 installation have mod_rewrite disabled (at least the one used with debootstrap and lxc containers) so few steps are needed to enable it and .htaccess files
enable mod_rewrite (apache2 must be restarted, see below)
a2endmod rewrite
in the virtual host configuration enable .htaccess (apache2 must be restarted, see below)
<Directory "/var/www/htdocs">
AllowOverride All
</Directory>
optionally enable mod_rewrite log (in the virtual host configuration) output goes into error.log (don’t leave it enabled in production) note: rewrite engine may need to be enabled before (apache2 must be restarted, see below)
RewriteEngine On
LogLevel alert rewrite:trace6
restart apache
systemctl restart apache2
Assuming you’ve apache2 already installed and a reachable internet server running
apt-get install dehydrated
Add/edit /etc/apache2/conf-available/letscrypt.conf
(notice the difference between the alias and the real directory which is plural acme-challenges):
Alias /.well-known/acme-challenge/ "/var/lib/dehydrated/acme-challenges/"
<Directory "/var/lib/dehydrated/acme-challenges/">
Options None
AllowOverride None
# Apache 2.x
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
# Apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
Add/edit /etc/dehydrated/conf.d/99_email.sh
:
CONTACT_EMAIL="anymail@yourdomain"
Edit /etc/dehydrated/domains.txt
, set the domains for which generate certificates.
Restart apache2 and run dehydrated -c
, it should create the domain certs.
Edit your apache’s host file (/etc/apache2/sites-available/default-ssl.conf
), replace DOMAIN with your domains:
SSLCertificateFile /var/lib/dehydrated/certs/DOMAIN/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/DOMAIN/privkey.pem
Add/edit /etc/cron.daily/dehydrated
:
#!/bin/sh
exec /usr/bin/dehydrated -c >/var/log/dehydrated-cron.log 2>&1
Run chmod 0755 /etc/cron.daily/dehydrated
Add/Edit /etc/logrotate.d/dehydrated
:
/var/log/dehydrated-cron.log
{
rotate 12
monthly
missingok
notifempty
delaycompress
compress
}
create a repository
cd /var/git
mkdir my-new-repo.git
cd my-new-repo.git
git --bare init
/etc/apache2/conf-available/git-http.conf:
SetEnv GIT_PROJECT_ROOT /var/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend
#/usr/libexec/git-core/git-http-backend/
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
<LocationMatch "^/git/">
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName "Git Access"
# Require group committers
# Satisfy Any
AuthUserFile /etc/apache2/passwd.git
Require valid-user
</LocationMatch>
enable the conf, create the user/password
a2enconf git-http
htpasswd -c /etc/apache2/passwd.git <user>
# restart apache
Setting timezone for apache/php/mysql (logs timestamp also)
# apache2 on debian (it get system tz)
dpkg-reconfigure tzdata
# this doesn't work (maybe useful for .htaccess/vhosts?)
echo "SetEnv TZ Europe/Rome" > /etc/apache2/conf-available/tz-rome.conf
service apache2 reload
# php
echo 'date.timezone = "Europe/Rome"' > /etc/php5/apache2/conf.d/30-tz-rome.ini
# mysql (untested)
default-time-zone = "Europe/Rome"