Qnap [ Qapache + PHP 7.2.26 ] [ 2.4.39 ] Apache WebServer + PHP + Extensions

Alors je vois que tout est dispo (vhost,...)
Mais n'y a t-il pas une solution plus simple pour faire du multi domain ou multi site ?

Merci !
 
Bon, tout marche nickel !!

Sinon, j'ai une question sur la Container Station et la duplication d'image, un forum ou autres à me proposer ?

Merci !
 
mmmm je ne m'y connais pas trop

mais c'est la solution la plus usité

n'oublie pas à chaque modif de redémarrer l'App Qapache pour que les changements prennent effets
 
Bonjour Stéphane et merci pour l'extension.
J'ai pu l'installer avec succes sur mon NAS et alors que tout fonctionne correctement sur le port 88 en interne, impossible d'acceder a l'interface en utilisant https sur le port 448
Y a t il quelque chose de particulier a faire pour activer la connection securisée ?
Merci d'avance
 
je regarde dés que j'ai 5 min

mais en principe tu active l'include dans httpd.conf et tu configure http-ssl.conf

il préconfiguré de mémoire avec des certificats auto signés au démarrage du QPKG
 
Cà serait sympa, j'ai le même problème :?

Dans /opt/Qapache/etc/httpd.conf, la ligne
LoadModule ssl_module libexec/mod_ssl.so
Cliquez pour agrandir...
est bien décommentée.

Quand je décommente la ligne
Include etc/extra/httpd-ssl.conf
Cliquez pour agrandir...
et que je relance Qapache (dans l'AppCenter), ni le port 88 (http), ni le 448 (https) ne répondent, alors qu'avant le 88 répondait (mais pas le 448).
 
Merci Stéphane! Le mieux serait d'avoir apache 2.4.x comme serveur web par default surtout vu que Synology avec DSM 6.1 beta le monte par default.

Il faudrait remonter cela au HQ pour qu'ils agissent!

Les différences, mis à part (mod_proxy_wstunnel qui m'intéresse) sont bien décrites ici et avant tout on peut lire:

Reduced memory usage
Despite many new features, 2.4.x tends to use less memory than 2.2.x.
Cliquez pour agrandir...
Bref, je vais aussi ouvrir un ticket, mais je pense qu'il est temps désormais de basculer sur la nouvelle major version.

giopas
 
QoolBox a dit:
  • httpd.conf
  • SSL.conf
  • php.ini
  • error.log

HTTP = port 88
HTTPS = port 448
Cliquez pour agrandir...

I am wanting to setup HTTPS on my site. HTTP port 448 is not open by default using Nmap.

do I need to included the httpd-ssl.conf into the httpd.conf file?

or can I just add the SSL required settings to my httpd-vhosts.conf?

Just a noob to https :rolleyes:
 
Could you please post you config (hiding sensitive info) please? I always wanted to do so on QNAP default HTTPD, but it is quite complicated...

Sent from my A0001 using Tapatalk
 
i'll give you an example if thats ok...


so in /share/CACHEDEV1_DATA/.qpkg/Qapache/etc you have the main apache configuration file:

httpd.conf

most settings are based on there. Stephanes setup is based on http on port 88 and https on 448 setup your firewall to accept port 80 and forward it to NAS IP:88, and if your using https, open ports 443 and forward to NAS IP:448

I have two domains on my nas setup so we need to setup Virtual Hosts. this file along with the rest of the configuration files are in

httpd.conf and we need to add httpd-vhosts.conf file to the config. in httpd.conf there is a line

# Virtual hosts
# Include etc/extra/httpd-vhosts.conf

just uncomment the Include line like so:

# Virtual hosts
Include etc/extra/httpd-vhosts.conf

Each Virtual host can have its own settings based on what you want. httpd.conf is the default setting, but these can be overwritten by entries in httpd-vhosts.conf

Code: 
# Virtual Hosts
#
# Required modules: mod_log_config

# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#

<VirtualHost *:88>
    ServerAdmin site1@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress"
    ServerName site1.org.uk
	ServerAlias www.site1.org.uk
    ErrorLog "/opt/Qapache/var/logs/site1-error_log"
    CustomLog "/opt/Qapache/var/logs/site1-access_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:88>
    ServerAdmin site2@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/weather"
    ServerName site2.org
    ServerAlias www.site2.org
    ErrorLog "var/logs/site2-error_log"
    CustomLog "var/logs/site2-access_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:88>
    ServerAdmin site3@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/zenphoto"
    ServerName zenphoto.site1.org.uk
	ServerAlias zenphoto.site1.org.uk
    ErrorLog "/opt/Qapache/var/logs/zenphoto-error_log"
    CustomLog "/opt/Qapache/var/logs/zenphoto-access_log" combined env=!dontlog
</VirtualHost>

#
# SSL Confirguration and stuff
#

Listen 448

<VirtualHost *:448>
    ServerAdmin site1@gmail.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress"
    ServerName site1.org.uk
	ServerAlias www.site1.org.uk
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/site1/certificate.crt
	SSLCertificateKeyFile /etc/ssl/private/privatedm.key
	SSLCertificateChainFile /etc/ssl/certs/site1/ca_bundle.crt
	SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
    ErrorLog "/opt/Qapache/var/logs/site1-error_443_log"
    CustomLog "/opt/Qapache/var/logs/site1-access_443_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:448>
    ServerAdmin site2@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/site2"
    ServerName site2.org
    ServerAlias www.site2.org
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/site2/certificate.crt
	SSLCertificateKeyFile /etc/ssl/private/privatesite2.key
	SSLCertificateChainFile /etc/ssl/certs/site2/ca_bundle.crt
	SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
    ErrorLog "var/logs/site2-error_443_log"
    CustomLog "var/logs/site2-access_443_log" combined env=!dontlog
</VirtualHost>

My SSLCipherSuite is a taken from a recommended Cipher to disable anything other than TLS 1.2 (recommended)

SSL v1, v2,v3 and TLS 1.0 are vulnerable. TLS 1.1 has not yet proven insecure (I dont think)

once you are up and running check your website:

https://www.ssllabs.com/ssltest/

Also for speed and optimisation use:

https://gtmetrix.com/

Hope that's ok. I tried the lets encrypt import on QTS 4.3.2 but it just never works. so I went to https://www.sslforfree.com/ and used their manual certs, which uses Lets Encrypt and allows you to download the certs etc. this is a manual process which you have to renew the Cert every 90 days. they will email you a week before it is due to run out, but i am sure you can set a calendar event to remind you too.

give me a shout it you need anything else explained, but the info above should help loads.
 
Thank you Toxic, this is helpful and useful as future reference (whenever I will take the time to re-write all my 10-15 virtual hosts with reverse proxy!

(btw, check your config as you may have left an email visible ;) )
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas
Retour