Apache2

APACHE2
# apache2
# apache2ctl
 
Enable/Disable site
ls /etc/apache2/sites-enabled/ // show enabled sites
apache2ctl -S // 
 
sudo a2ensite sitename.conf // enable site
sudo systemctl reload apache2 // reload after change
 
sudo a2dissite sitename.conf // disable site
sudo systemctl reload apache2
 
 
 
 
 
 
SSL
sudo ufw allow "Apache Full"
sudo a2enmod ssl //povolení modulu apache2 který podporuje SSL
sudo systemctl restart apache2 //restart po povolení
 
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt //vytvoření TLS klíče
//openssl - nástroj pro management OpenSSL certifikátů
//req -x509 - specifikuje že chceme použít X.509 certificate signing request management (CSR)
//nodes - přeskočení zabezpečení našeho certifikátu heslem - aby apache přečetl soubor bez zásahu uživatele
//days 365- určím jak dlouho má být certifikát platný - dnes browsery odmítají certifikáty s delší platoností než 1 rok
//newkey rsa:2048- specifikuji že chci vytvořit certifikát a klíč zároveň, rsa:2048 - vytvářím RSA klíč o specifikované délce 2048 bitů
//keyout - specifikuje kam uložit vygenerovaný klíč
//out- specifikuje kam uložit certifikát
 
//toto celé spustí interaktivní prompt který vyplníme
//Common Name - musí být shodné s tím co pak zadávám do browseru (IP adresa, Hostname přes který se budu k serveru připojovat)
 
********************
 
Now that we have our self-signed certificate and key available, we need to update our Apache configuration to use them. On Ubuntu, you can place new Apache configuration files (they must end in .conf) into /etc/apache2/sites-available/and they will be loaded the next time the Apache process is reloaded or restarted.
 
For this tutorial we will create a new minimal configuration file. (If you already have an Apache <Virtualhost> set up and just need to add TLS to it, you will likely need to copy over the configuration lines that start with SSL, and switch the VirtualHost port from 80 to 443. We will take care of port 80 in the next step.)
 
Open a new file in the /etc/apache2/sites-available directory:
 
sudo nano /etc/apache2/sites-available/your_domain_or_ip.conf
Paste in the following minimal VirtualHost configuration:
 
/etc/apache2/sites-available/your_domain_or_ip.conf
<VirtualHost *:443>
   ServerName your_domain_or_ip
   DocumentRoot /var/www/your_domain_or_ip
 
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
 
Be sure to update the ServerName line to however you intend to address your server. This can be a hostname, full domain name, or an IP address. Make sure whatever you choose matches the Common Name you chose when making the certificate.
 
The remaining lines specify a DocumentRoot directory to serve files from, and the TLS options needed to point Apache to our newly-created certificate and key.
 
Now let’s create our DocumentRoot and put an HTML file in it just for testing purposes:
 
sudo mkdir /var/www/your_domain_or_ip
Open a new index.html file with your text editor:
 
sudo nano /var/www/your_domain_or_ip/index.html
Paste the following into the blank file:
 
/var/www/your_domain_or_ip/index.html
<h1>it worked!</h1>
This is not a full HTML file, of course, but browsers are lenient and it will be enough to verify our configuration.
 
Save and close the file Next, we need to enable the configuration file with the a2ensite tool:
 
sudo a2ensite your_domain_or_ip.conf
Next, let’s test for configuration errors:
 
sudo apache2ctl configtest
If everything is successful, you will get a result that looks like this:
 
Output
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
The first line is a message telling you that the ServerName directive is not set globally. If you want to get rid of that message, you can set ServerName to your server’s domain name or IP address in /etc/apache2/apache2.conf. This is optional as the message will do no harm.
 
If your output has Syntax OK in it, your configuration file has no syntax errors. We can safely reload Apache to implement our changes:
 
sudo systemctl reload apache2
Now load your site in a browser, being sure to use https:// at the beginning.
 
You should see an error. This is normal for a self-signed certificate! The browser is warning you that it can’t verify the identity of the server, because our certificate is not signed by any of its known certificate authorities. For testing purposes and personal use this can be fine. You should be able to click through to advanced or more information and choose to proceed.
 
After you do so, your browser will load the it worked! message.
 
Note: if your browser doesn’t connect at all to the server, make sure your connection isn’t being blocked by a firewall. If you are using ufw, the following commands will open ports 80 and 443:
 
 sudo ufw allow "Apache Full"
Next we will add another VirtualHost section to our configuration to serve plain HTTP requests and redirect them to HTTPS.
 
Step 4 — Redirecting HTTP to HTTPS
Currently, our configuration will only respond to HTTPS requests on port 443. It is good practice to also respond on port 80, even if you want to force all traffic to be encrypted. Let’s set up a VirtualHost to respond to these unencrypted requests and redirect them to HTTPS.
 
Open the same Apache configuration file we started in previous steps:
 
sudo nano /etc/apache2/sites-available/your_domain_or_ip.conf
At the bottom, create another VirtualHost block to match requests on port 80. Use the ServerName directive to again match your domain name or IP address. Then, use Redirect to match any requests and send them to the TLS VirtualHost. Make sure to include the trailing slash:
 
/etc/apache2/sites-available/your_domain_or_ip.conf
<VirtualHost *:80>
ServerName your_domain_or_ip
Redirect / https://your_domain_or_ip/
</VirtualHost>
Save and close this file when you are finished, then test your configuration syntax again, and reload Apache:
 
sudo apachectl configtest
sudo systemctl reload apache2
You can test the new redirect functionality by visiting your site with plain http:// in front of the address. You should be redirected to https:// automatically.
 
 
( https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-22-04 )
 
 
****************************************************************************
 
sudo apt-get install apache2
sudo apt-get install php
sudo apt-get install mariadb-server
sudo apt-get install php-mysql
 
/var/www/html/index.html //default html page location
 
-> sudo nano index.html //only edit as root
 
 
 
sudo touch index.php //create a php file
 
sudo service apache2 restart
 
 
****************
WORDPRESS
sudo wget https://wordpress.org/latest.tar.gz //get wordpress from site
sudo tar xzf latest.tar.gz //unpack tarball
sudo mv wordpress/* . //move files to current dir (apache server)
sudo rm -rf wordpress latest.tar.gz //remove downloaded tarball
 
files you edit to customise your installation belong in the wp-content
 
sudo chown -R www-data: . //change ownership of all files to Apache user
 
****************
sudo mysql_secure_installation
 
password: thisismyserver
 
sudo mysql -uroot -p
 
create database [name];
 
GRANT ALL PRIVILEGES ON wordpress.* TO 'root'@'localhost' IDENTIFIED BY 'YOURPASSWORD';
FLUSH PRIVILEGES;
 
****************
PHP
<?php echo "hello world"; ?>
<?php echo date('Y-m-d H:i:s'); ?>
<?php phpinfo(); ?>
 
 
https://projects.raspberrypi.org/en/projects/lamp-web-server-with-wordpress/7
 
Database:
wordpress SklepmistrHome @Sklepmistr password123
 
 
*************
MySQL
 
mysql -u root -p 
 
show databases;
drop database wordpress;