CONTENT.html

<p>
Apache is free and open-source web server.<br />
It powers most web sites on the internet.
</p>

<h3>Installation</h3>
<p>
The official Debian repository contains Apache and PHP:
</p>
<pre><code class="language-bash">apt install apache2 php libapache2-mod-php</code></pre>

<h3>Domain</h3>
<p>
When you own a domain (e.g. example.net), you can specify the zone of that domain.<br />
For a web server, the following entries are relevant:
</p>
<pre class="file"><code class="language-dns">@    IN  A      192.0.2.1       ; IPv4 address for example.net
@    IN  AAAA   2001:db8:10::1  ; IPv6 address for example.net
www  IN  CNAME  @               ; www.example.net is an alias for example.net
@    IN  CAA    0 issue "letsencrypt.org"
</code></pre>

<h4>CAA</h4>
<p>
The Certification Authority Authorization (CAA) defines the Certificate Authority (CA)<br />
that is allowed to issue certificates for the domain.
</p>

<h3>Web Site</h3>
<p>
A web server can serve many web sites.<br />
Each web site is configured as virtual host on the server:
</p>

<dl class="file">
<dt><code class="filename">/etc/apache2/sites-available/example.net.conf</code></dt>
<dd>
<pre class="file"><code class="language-apache">&lt;VirtualHost *:80&gt;
    ServerName example.net
    ServerAlias www.example.net
    ServerAdmin webmaster@example.net
    DocumentRoot /var/www/example.net
    &lt;Directory /var/www/example.net/&gt;
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    &lt;/Directory&gt;
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined
&lt;/VirtualHost&gt;
</code></pre>
</dd>
</dl>

<p>
When the configuration file of the site is available, the site needs to be enabled:
</p>
<pre><code class="language-bash">a2ensite example.net</code></pre>

<h3>SSL/TLS Certificate</h3>
<p>
Install <code>certbot</code> to get a SSL/TLS certificate from Let's Encrypt:
</p>
<pre><code class="language-bash">apt install certbot python3-certbot-apache</code></pre>
<p>
Create and install the certificate (add all subdomains you might need):
</p>
<pre><code class="language-bash">certbot --apache -d example.net -d www.example.net -d mail.example.net</code></pre>

<h3>PHP</h3>
<p>
Most sites written in PHP (e.g. WordPress, phpMyAdmin, Matomo, ...)<br />
require the following modules, which are part of php-defaults, to be installed:
</p>
<pre><code class="language-bash">apt install php-curl php-gd php-intl php-mbstring php-mysql php-xml php-zip</code></pre>
<p>
Additional modules provide better image quality for media uploads:
</p>
<pre><code class="language-bash">apt install php-imagick</code></pre>

<h3>External Links</h3>
<ul>
<li><a href="https://apache.org/" target="_blank">
https://apache.org/</a></li>
<li><a href="https://letsencrypt.org/" target="_blank">
https://letsencrypt.org/</a></li>
<li><a href="https://certbot.eff.org/" target="_blank">
https://certbot.eff.org/</a></li>
<li><a href="https://packages.debian.org/source/bullseye/php-defaults" target="_blank">
https://packages.debian.org/source/bullseye/php-defaults</a></li>
<li><a href="https://en.wikipedia.org/wiki/Zone_file" target="_blank">
https://en.wikipedia.org/wiki/Zone_file</a></li>
</ul>