Qnap [ Qapache + PHP 7.2.26 ] [ 2.4.39 ] Apache WebServer + PHP + Extensions

Toxic a dit:
i'll give you an example if thats ok...


so in /share/CACHEDEV1_DATA/.qpkg/Qapache/etc you have the main apache configuration file:

httpd.conf

most settings are based on there. Stephanes setup is based on http on port 88 and https on 448 setup your firewall to accept port 80 and forward it to NAS IP:88, and if your using https, open ports 443 and forward to NAS IP:448

I have two domains on my nas setup so we need to setup Virtual Hosts. this file along with the rest of the configuration files are in

httpd.conf and we need to add httpd-vhosts.conf file to the config. in httpd.conf there is a line

# Virtual hosts
# Include etc/extra/httpd-vhosts.conf

just uncomment the Include line like so:

# Virtual hosts
Include etc/extra/httpd-vhosts.conf

Each Virtual host can have its own settings based on what you want. httpd.conf is the default setting, but these can be overwritten by entries in httpd-vhosts.conf

Code: 
# Virtual Hosts
#
# Required modules: mod_log_config

# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#

<VirtualHost *:88>
    ServerAdmin site1@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress"
    ServerName site1.org.uk
	ServerAlias www.site1.org.uk
    ErrorLog "/opt/Qapache/var/logs/site1-error_log"
    CustomLog "/opt/Qapache/var/logs/site1-access_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:88>
    ServerAdmin site2@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/weather"
    ServerName site2.org
    ServerAlias www.site2.org
    ErrorLog "var/logs/site2-error_log"
    CustomLog "var/logs/site2-access_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:88>
    ServerAdmin site3@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/zenphoto"
    ServerName zenphoto.site1.org.uk
	ServerAlias zenphoto.site1.org.uk
    ErrorLog "/opt/Qapache/var/logs/zenphoto-error_log"
    CustomLog "/opt/Qapache/var/logs/zenphoto-access_log" combined env=!dontlog
</VirtualHost>

#
# SSL Confirguration and stuff
#

Listen 448

<VirtualHost *:448>
    ServerAdmin site1@gmail.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/wordpress"
    ServerName site1.org.uk
	ServerAlias www.site1.org.uk
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/site1/certificate.crt
	SSLCertificateKeyFile /etc/ssl/private/privatedm.key
	SSLCertificateChainFile /etc/ssl/certs/site1/ca_bundle.crt
	SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
    ErrorLog "/opt/Qapache/var/logs/site1-error_443_log"
    CustomLog "/opt/Qapache/var/logs/site1-access_443_log" combined env=!dontlog
</VirtualHost>

<VirtualHost *:448>
    ServerAdmin site2@email.com
    DocumentRoot "/share/CACHEDEV1_DATA/htdocs/site2"
    ServerName site2.org
    ServerAlias www.site2.org
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/site2/certificate.crt
	SSLCertificateKeyFile /etc/ssl/private/privatesite2.key
	SSLCertificateChainFile /etc/ssl/certs/site2/ca_bundle.crt
	SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
    ErrorLog "var/logs/site2-error_443_log"
    CustomLog "var/logs/site2-access_443_log" combined env=!dontlog
</VirtualHost>

My SSLCipherSuite is a taken from a recommended Cipher to disable anything other than TLS 1.2 (recommended)

SSL v1, v2,v3 and TLS 1.0 are vulnerable. TLS 1.1 has not yet proven insecure (I dont think)

once you are up and running check your website:

https://www.ssllabs.com/ssltest/

Also for speed and optimisation use:

https://gtmetrix.com/

Hope that's ok. I tried the lets encrypt import on QTS 4.3.2 but it just never works. so I went to https://www.sslforfree.com/ and used their manual certs, which uses Lets Encrypt and allows you to download the certs etc. this is a manual process which you have to renew the Cert every 90 days. they will email you a week before it is due to run out, but i am sure you can set a calendar event to remind you too.

give me a shout it you need anything else explained, but the info above should help loads.
Cliquez pour agrandir...

was the qnap lets encrypt meant to automate the renewal ? cause i don't really like having to do that manually on schedule :?
 
I built the 2.4.25.1 for FW 43 (unpublished yet) but available for download on repo and on my host (fixing krb5 extension missing and update to php 7.1.1)

i will pusblish it once i have built the x86 version for 4.2.2 FW, but need some times.. (very busy at work)

;)
 
Une version pour les autres arm est-elle envisageable ou bien des libs bloquent-elles tout ? :)
 
Ok merci, tant pis pour les Marvell je resterais sur la version built-in ;) C'était juste car c'est pas possible de la tweaker, les fichiers de conf sont réecris automatiquement.
Faudra vraiment que je me prenne un modèle intel, c'est trop limité les libs arm.
 
updated x64 version


Code: 
2.4.25.2   - 23 feb 2017
------------------------

update openssl to 1.0.2k
update sqlite3 to 3.17.0
update curl to 7.53
update php core to 7.1.2

added libmemcached 1.0.18
added php-memcached (from git) - extension
added firebird pdo extension (only x64 Beta and unforced)

function added : Qapache create htdocs share itself on install
 
Stephane, for your information, PHP 7.1.3 has now been released. - the work never stops :rolleyes:
 
Hello,

Y'a t-il une solution pour mon bon vieux TS 210 (armV5) ?

uname -a
Linux XXXXX 3.4.6 #1 Thu Feb 16 04:23:21 CST 2017 armv5tel unknown

sachant que cela fonctionne très bien en X86 sur mon autre nas intel :)
merci pour le bouleau
 
QoolBox a dit:
updated to php 7.1.3 ;) (upload pending)
Cliquez pour agrandir...

latest zip file appears to be corrupt. I have tried to download it 3 times now, but get the following error

Unexpected end of archive.
 
Stephane.

if I stop QApache in the App Center Apache still seems to be running. This is on a TVS-463 4.3.3.0136

had to kill the processes and then start. seems to be working now, but the stop app initially did not do anything.
 
Upload en cours de l'update Qapache
Code: 
2.4.25.5 - 18 May 2017
-------------------------
 
updated php core to 7.1.5
Libcurl update to 7.54.0
imap extension added
xdebug 2.5.4 extension added 
redis 3.1.2 extension added
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas
Retour