Raspbian LAMP化 [3] Apache

投稿者: | 2018年7月13日

先日の“Raspberry Pi 3 Model B” LAMP化 : 準備編に続き、Apache を導入します。

Apache 2 導入

Apache 2 本体は既に導入済みでした。

$ sudo apt-get install apache2 libapache2-mod-php

apache2 はすでに最新バージョン (2.4.25-3+deb9u4) です。
apache2 は手動でインストールしたと設定されました。
以下のパッケージが新たにインストールされます:
  libapache2-mod-php libapache2-mod-php7.0
アップグレード: 0 個、新規インストール: 2 個、削除: 0 個、保留: 0 個。

Creating config file /etc/php/7.0/apache2/php.ini with new version
php_invoke: Enable module wddx for apache2 sapi
php_invoke: Enable module pdo_mysql for apache2 sapi
php_invoke: Enable module tokenizer for apache2 sapi
php_invoke: Enable module opcache for apache2 sapi
php_invoke: Enable module pdo_sqlite for apache2 sapi
php_invoke: Enable module bcmath for apache2 sapi
php_invoke: Enable module sysvmsg for apache2 sapi
php_invoke: Enable module mysqlnd for apache2 sapi
php_invoke: Enable module gettext for apache2 sapi
php_invoke: Enable module gd for apache2 sapi
php_invoke: Enable module pdo_odbc for apache2 sapi
php_invoke: Enable module sysvsem for apache2 sapi
php_invoke: Enable module posix for apache2 sapi
php_invoke: Enable module xmlreader for apache2 sapi
php_invoke: Enable module shmop for apache2 sapi
php_invoke: Enable module bz2 for apache2 sapi
php_invoke: Enable module iconv for apache2 sapi
php_invoke: Enable module calendar for apache2 sapi

※Apache 設定については、過去記事「Armbian の LAMP化 まとめ」をご参照ください。

基本設定

下記ファイルに収められています。
(社内公開用であれば、特に編集しなくても動きます)。

apache2.conf

$ cat /etc/apache2/apache2.conf 
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
#  /etc/apache2/
#  |-- apache2.conf
#  |   `--  ports.conf
#  |-- mods-enabled
#  |   |-- *.load
#  |   `-- *.conf
#  |-- conf-enabled
#  |   `-- *.conf
#   `-- sites-enabled
#      `-- *.conf

000-default.conf

  • DocumentRoot /var/www/html
  • ErrorLog ${APACHE_LOG_DIR}/error.log
  • CustomLog ${APACHE_LOG_DIR}/access.log combined
$ cat /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

envvars

  • export APACHE_RUN_USER=www-data
  • export APACHE_RUN_GROUP=www-data
  • export LANG=C
$ cat /etc/apache2/envvars 
# envvars - default environment variables for apache2ctl

# this won't be correct after changing uid
unset HOME

# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
    SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
    SUFFIX=
fi

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# temporary state file location. This might be changed to /run in Wheezy+1
export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX

# The locale used by some modules like mod_dav
export LANG=C
# Uncomment the following line to use the system default locale instead:
#. /etc/default/locale

export LANG

# The command to get the status for 'apache2ctl status'.
# Some packages providing 'www-browser' need '--dump' instead of '-dump'.
#export APACHE_LYNX='www-browser -dump'

# If you need a higher file descriptor limit, uncomment and adjust the
# following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'

# If you would like to pass arguments to the web server, add them below
# to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''

# Enable the debug mode for maintainer scripts.
# This will produce a verbose output on package installations of web server modules and web application
# installations which interact with Apache
#export APACHE2_MAINTSCRIPT_DEBUG=1

ports.conf

  • Listen 80
  • Listen 443
$ cat /etc/apache2/ports.conf 
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

php7.0-cgi.conf

$ cat /etc/apache2/conf-available/php7.0-cgi.conf 
# This file replaces old system MIME types and sets them only in the
# Apache webserver

# application/x-httpd-php                        phtml pht php
# application/x-httpd-php3                       php3
# application/x-httpd-php4                       php4
# application/x-httpd-php5                       php
<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
# application/x-httpd-php-source                 phps
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[3457]?|t|tml|ps)$">
    Require all denied
</FilesMatch>

# To enable PHP CGI site-wide, just uncomment following lines, however
# as a security measure, it's recommended to enable PHP just in the
# specific virtual servers or just specific directories

#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#<Directory "/usr/lib/cgi-bin">
#    AllowOverride None
#    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#    Order allow,deny
#    Allow from all
#</Directory>
#Action application/x-httpd-php /cgi-bin/php7.0

Welcomeページの削除

$ ls /var/www/html/
index.html  index.php
pi@raspberrypi:~ $ sudo mv /var/www/html/index.html /var/www/html/index.htmlold
$ cat /var/www/html/phpinfo.php
<?php
phpinfo();
?>

index.htmlが無いのでルートを表示するとエラーになります。

Forbidden
You don't have permission to access / on this server.
Apache/2.4.25 (Raspbian) Server at 192.168.2.211 Port 80

phpinfo

上記で作成した {host}/phpinfo.php で、設定情報が表示されます。

PHP Version 7.0.27-0+deb9u1
System Linux raspberrypi 4.14.34-v7+ #1110 SMP Mon Apr 16 15:18:51 BST 2018 armv7l
Build Date is omitted…

※セキュリティ上、一時的な利用に留めましょう。

初期設定

DocumentRoot 権限付与

www-data ユーザに DocumentRoot 以下の権限(0775)を付与します。

$ ls -lhd /var/www/html/
drwxr-xr-x 2 root root 4.0K  6月 25 01:25 /var/www/html/

$ sudo chown -R www-data:www-data /var/www/html/
$ sudo chmod -R 0775 /var/www/html/
$ sudo passwd www-data
新しい UNIX パスワードを入力してください:
新しい UNIX パスワードを再入力してください:
passwd: パスワードは正しく更新されました

グループ(権限)付与

pi ユーザでファイルアップロードを行う場合は、当該ユーザをグループ”www-data”に追加しておきます。

$ groups pi
pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio
$ groups www-data
www-data : www-data

$ sudo gpasswd -a pi www-data
ユーザ pi をグループ www-data に追加
$ groups pi
pi : pi adm dialout cdrom sudo audio www-data video plugdev games users input netdev spi i2c gpio