MBCDN

// apache
apt-get install apache2

// php und apache mod for php
apt-get install php7.0 libapache2-mod-php

// mysql server
apt-get install mysql-server

// secure install
mysql_secure_installation

change file mime type: https://stackoverflow.com/questions/3100956/enable-php-to-read-css-and-js-files-while-keeping-their-original-content-type

mod log files: https://httpd.apache.org/docs/current/mod/mod_log_config.html

Options +FollowSymLinks
RewriteEngine On

RewriteRule ^user/([0-9]*)/([a-z]*)$ ./index.php?user=$1&action=$2

https://stackoverflow.com/questions/10236717/how-to-prevent-a-file-from-direct-url-access

RewriteEngine on 
Options -Indexes // disable directory listing
RewriteCond %{HTTP_REFERER} !^http://(www\.)? [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?.*$ [NC] 
RewriteRule \.(gif|jpg|jpeg|png)$ - [F]

In der vHost Konfig oder der globalen Apache Konfig (für localhost) Todo

Siehe Certbot

In den Ordnern /etc/apache2/sites-available/ und /etc/apache2/sites-enabled liegen die Konfigurationen. Mit a2ensite kann man eine bestimmte Seite aktivieren bzw. mit a2dissite deaktivieren. Man kann auch einfach einen Softlink setzen/löschen.

<VirtualHost *:80>
    ServerAdmin admin@localhost
    DocumentRoot /var/www/html
    ServerAlias localhost
    # Redirect permanent / https://localhost/
    
    <Directory /var/www/html/>
        Options +FollowSymlinks
        AllowOverride All
    </Directory>

    ErrorLog /var/log/apache2/default-error_log
    CustomLog /var/log/apache2/default-access_log common
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin admin@localhost
    DocumentRoot /var/www/html
    ServerAlias localhost
    
    <Directory /var/www/html/>
        Options +FollowSymlinks
        AllowOverride All
    </Directory>

    SSLEngine                on
    SSLCertificateFile       /etc/ssl/localhost.crt
    SSLCertificateKeyFile    /etc/ssl/private/localhost.key
    SSLCertificateChainFile  /etc/ssl/ca_bundle.crt

    ErrorLog /var/log/apache2/default-ssl-error_log
    CustomLog /var/log/apache2/default-ssl-access_log common
</VirtualHost>

<VirtualHost *:*>
        ProxyPreserveHost On
        
        # Servers to proxy the connection, or;
        # List of application servers:
        # Usage:
        # ProxyPass / http://[IP Addr.]:[port]/
        # ProxyPassReverse / http://[IP Addr.]:[port]/
        # Example: 
        ProxyPass / http://0.0.0.0:8080/
        ProxyPassReverse / http://0.0.0.0:8080/
        
        ServerName localhost
    </VirtualHost>

    <VirtualHost *:443>
    
        SSLEngine On
        
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/file.pem
        
        
        # Servers to proxy the connection, or;
        # List of application servers:
        # Usage:
        # ProxyPass / http://[IP Addr.]:[port]/
        # ProxyPassReverse / http://[IP Addr.]:[port]/
        # Example: 
        ProxyPass / http://0.0.0.0:8080/
        ProxyPassReverse / http://0.0.0.0:8080/
        
        # Or, balance the load:
        # ProxyPass / balancer://balancer_cluster_name
    
    </VirtualHost>

    <Proxy balancer://mycluster>
        # Define back-end servers:

        # Server 1
        BalancerMember http://0.0.0.0:8080/
        
        # Server 2
        BalancerMember http://0.0.0.0:8081/
    </Proxy>
    
    <VirtualHost *:*>
        # Apply VH settings as desired
        # However, configure ProxyPass argument to
        # use "mycluster" to balance the load
        
        ProxyPass / balancer://mycluster
    </VirtualHost>

In apache/conf/httpd.conf add at the end

AddHandler cgi-script .jail
ScriptInterpreterSource Registry-Strict

and in the files add the path to the interpreter and always output content-type at first!

#!C:/jail.exe

print("Content-Type: text/html\n\n");