Multiple SSL certificates on single IP address

Multiple SSL certificates on single IP address

Create the virtual host ssl inside the sites-available

#cd /etc/apache2/sites-available/
#cp default-ssl.conf web1.com-ssl.conf
#cp default-ssl.conf web2.com-ssl.conf

Make sure link on the /etc/apache2/sites-enable exist, the origin from the sites-available

#cd /etc/apache2/sites-enable
#ln -s /etc/apache2/sites-available/web1.com-ssl.conf
#ln -s /etc/apache2/sites-available/web2.com-ssl.conf
#ls -la /etc/apache2/sites-enabled
total 8
drwxr-xr-x 2 root root 4096 Apr 13 18:49 .
drwxr-xr-x 9 root root 4096 Apr 13 18:39 ..
lrwxrwxrwx 1 root root 35 Feb 15 09:57 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 58 Apr 13 18:48 web1.com-ssl.conf -> /etc/apache2/sites-available/web1.com-ssl.conf
lrwxrwxrwx 1 root root 54 Apr 13 18:49 web2.com-ssl.conf -> /etc/apache2/sites-available/web2.com-ssl.conf

Debian 9 with old PHP 5.6 and MySQL 5.6, 5.7 or 8.0 and Apache2

Debian 9 with old PHP 5.6 and MySQL 5.6, 5.7 or 8.0 and Apache2

Run below commands to upgrade the current packages to the latest version

#apt update
#apt upgrade

Install the Apache2 package

#apt install apache2

Execute the following commands to install the required packages first on your system. Then import packages signing key. After that configure PPA for the PHP packages on your system.

#apt install ca-certificates apt-transport-https
#wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
#echo "deb https://packages.sury.org/php/ stretch main" | tee /etc/apt/sources.list.d/php.list

Installing PHP 5.6

Execute the following commands for installing PHP 5.6 on your Debian 9 Stretch system.

#apt update
#apt install php5.6

Also install required php modules.

#apt-get install php5.6-cli php5.6-common php5.6-curl php5.6-mbstring php5.6-mysql php5.6-xml php5.6-gd

Install MYSQL Version 5.6, 5.7 or 8.0, better 5.7 or 8.0

#apt -y install wget
#wget https://repo.mysql.com//mysql-apt-config_0.8.13-1_all.deb
#dpkg -i mysql-apt-config_0.8.13-1_all.deb

During the installation the system will prompt to select MySQL version. Choose which MySQL version, 5.6, 5.7 or 8.0 available to choose then OK

#apt update
#apt -y install mysql-server

Finish up by running the MySQL secure_installation

#mysql_secure_installation

Test php working or not

Create new php file at /var/www/html

#vim info.php

write

<?php phpinfo(); ?>

Open browser http://localhost/info.php

Enable and load mod_rewrite Apache2 on Debian 8

#a2enmod rewrite

Then open and edit /etc/apache2/apache2.conf find

Options Indexes FollowSymLinks
AllowOverride All
Require all granted

Replace “AllowOverride None” to “AllowOverride all”

Enable Apache2 mod_headers & mod_expires on

To increase PageSpeed: Leverage browser caching.

enable mod_headers:

#a2enmod headers

enable mod_expires:

#a2enmod expires

Then restart Apache server to make these changes effective

#service apache2 restart

 

Set up iptables On Debian 8

Faster way paste this on console

/sbin/iptables -F && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP && /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP && /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP && /sbin/iptables -I INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT && /sbin/iptables -A INPUT -i lo -j ACCEPT && /sbin/iptables -A OUTPUT -o lo -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT && /sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT && /sbin/iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT && /sbin/iptables -P OUTPUT ACCEPT && /sbin/iptables -P INPUT DROP

IP-Tables are not persistent On Debian 8, save permanent the new rules to the master iptables file:

#iptables-save > /etc/iptables.up.rules

Make sure the iptables rules are started on a reboot we’ll create a new file:

#nano /etc/network/if-pre-up.d/iptables

Add these lines to it:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

The file needs to be executable so change the permissions:

#chmod +x /etc/network/if-pre-up.d/iptables
#iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh