By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,614 Members | 1,653 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,614 IT Pros & Developers. It's quick & easy.

Apache 1.3 + PHP 4.x + SSL

P: n/a
Folks,

I've never implemented a secure server before - and I now have a project
for it - It will be an Apache 1.3 environment tuned with PHP and MySQL
- and I'd appreciate any comments/advice/note from folk who have done
similar. I have my application working fine in a non-SSL environment
and believe the switch-over should not be too difficult. But...

Can someone confirm the following:

My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
only require SSL between client and server therefore I believe I do not
need to tune PHP/MySQL - true/false?

I have the following modules compiled in my Apache httpd
Compiled-in modules:
http_core.c
mod_vhost_alias.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_include.c
mod_dir.c
mod_cgi.c
mod_actions.c
mod_alias.c
mod_access.c
mod_auth.c
mod_unique_id.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_php4.c
suexec: enabled; valid wrapper /opt/apache/bin/suexec

I believe I have everything I need already compiled in - true/false?

Is it sufficient for me just to edit the my httpd.conf file under the
heading 'SSL Virtual Host Context' and tune accordingly?

Since my server sits behind an external firewall, and since the only
services will be ssh and apache listening, would one consider that
reasonably secure? Can anyone recommend any other steps I might consider?

Since Apache/PHP sit on the same server as MySQL I plan on having them
use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
before either but believe it gives added security and performance
benifits - Can anyone offer advice/comments on this?

Help, via the newsgroup for all to learn/share would be greatly appreciated,

Thanks
randelld
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Randell D. wrote:
Folks,

I've never implemented a secure server before - and I now have a project
for it - It will be an Apache 1.3 environment tuned with PHP and MySQL
- and I'd appreciate any comments/advice/note from folk who have done
similar. I have my application working fine in a non-SSL environment
and believe the switch-over should not be too difficult. But...

Can someone confirm the following:

My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
only require SSL between client and server therefore I believe I do not
need to tune PHP/MySQL - true/false?

I have the following modules compiled in my Apache httpd
Compiled-in modules:
http_core.c
mod_vhost_alias.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_include.c
mod_dir.c
mod_cgi.c
mod_actions.c
mod_alias.c
mod_access.c
mod_auth.c
mod_unique_id.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_php4.c
suexec: enabled; valid wrapper /opt/apache/bin/suexec

I believe I have everything I need already compiled in - true/false?

Is it sufficient for me just to edit the my httpd.conf file under the
heading 'SSL Virtual Host Context' and tune accordingly?

Since my server sits behind an external firewall, and since the only
services will be ssh and apache listening, would one consider that
reasonably secure? Can anyone recommend any other steps I might consider?

Since Apache/PHP sit on the same server as MySQL I plan on having them
use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
before either but believe it gives added security and performance
benifits - Can anyone offer advice/comments on this?

Help, via the newsgroup for all to learn/share would be greatly
appreciated,

Thanks
randelld

The only "outside" traffic will be between the users browser and Apache
- on port 443. The "conersations" between Apache, PHP and Mysql should
all be internal to the system. You just have to make sure your pages
are all redirected to port 443. (https).

Michael Austin.
Jul 17 '05 #2

P: n/a
Michael Austin wrote:
Randell D. wrote:
Folks,

I've never implemented a secure server before - and I now have a
project for it - It will be an Apache 1.3 environment tuned with PHP
and MySQL - and I'd appreciate any comments/advice/note from folk who
have done similar. I have my application working fine in a non-SSL
environment and believe the switch-over should not be too difficult.
But...

Can someone confirm the following:

My LAMP (Linux, Apache, MySQL and PHP) sit all on the same server - I
only require SSL between client and server therefore I believe I do
not need to tune PHP/MySQL - true/false?

I have the following modules compiled in my Apache httpd
Compiled-in modules:
http_core.c
mod_vhost_alias.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_include.c
mod_dir.c
mod_cgi.c
mod_actions.c
mod_alias.c
mod_access.c
mod_auth.c
mod_unique_id.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_php4.c
suexec: enabled; valid wrapper /opt/apache/bin/suexec

I believe I have everything I need already compiled in - true/false?

Is it sufficient for me just to edit the my httpd.conf file under the
heading 'SSL Virtual Host Context' and tune accordingly?

Since my server sits behind an external firewall, and since the only
services will be ssh and apache listening, would one consider that
reasonably secure? Can anyone recommend any other steps I might consider?

Since Apache/PHP sit on the same server as MySQL I plan on having them
use sockets (pipes?) and not tcp/ip port 3306 - I've not done this
before either but believe it gives added security and performance
benifits - Can anyone offer advice/comments on this?

Help, via the newsgroup for all to learn/share would be greatly
appreciated,

Thanks
randelld


The only "outside" traffic will be between the users browser and Apache
- on port 443. The "conersations" between Apache, PHP and Mysql should
all be internal to the system. You just have to make sure your pages
are all redirected to port 443. (https).

Michael Austin.


Thanks
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.