]>
Commit | Line | Data |
---|---|---|
91a21c27 | 1 | # Server configuration |
992af0b9 | 2 | |
992af0b9 | 3 | |
992af0b9 | 4 | |
91a21c27 | 5 | ## Requirements |
6 | ||
7 | ### Operating system and web server | |
8 | ||
9 | Shaarli can be hosted on dedicated/virtual servers, or shared hosting. The smallest DigitalOcean VPS (Droplet with 1 CPU, 1 GiB RAM and 25 GiB SSD) costs about $5/month and will run any Shaarli installation without problems. | |
10 | ||
11 | You need write access to the Shaarli installation directory - you should have received instructions from your hosting provider on how to connect to the server using SSH (or FTP for shared hosts). | |
12 | ||
13 | Examples in this documentation are given for [Debian](https://www.debian.org/), a GNU/Linux distribution widely used in server environments. Please adapt them to your specific Linux distribution. | |
14 | ||
15 | ### Network and domain name | |
16 | ||
17 | Try to host the server in a region that is geographically close to your users. | |
18 | ||
a32e6665 | 19 | A **domain name** ([DNS record](https://opensource.com/article/17/4/introduction-domain-name-system-dns)) pointing to the server's public IP address is required to obtain a SSL/TLS certificate and setup HTTPS to secure client traffic to your Shaarli instance. |
91a21c27 | 20 | |
6384447d | 21 | You can obtain a domain name from a [registrar](https://en.wikipedia.org/wiki/Domain_name_registrar) ([1](https://www.ovh.co.uk/domains), [2](https://www.gandi.net/en/domain)), or from free subdomain providers ([1](https://freedns.afraid.org/)). If you don't have a domain name, please set up a private domain name ([FQDN](ttps://en.wikipedia.org/wiki/Fully_qualified_domain_name)) in your clients' [hosts files](https://en.wikipedia.org/wiki/Hosts_(file)) to access the server (direct access by IP address can result in unexpected behavior). |
91a21c27 | 22 | |
41b93897 | 23 | Setup a **firewall** (using `iptables`, [ufw](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-debian-10), [fireHOL](https://firehol.org/) or any frontend of your choice) to deny all incoming traffic except `tcp/80` and `tcp/443`, which are needed to access the web server (and any other posrts you might need, like SSH). If the server is in a private network behind a NAT, ensure these **ports are forwarded** to the server. |
24 | ||
25 | Shaarli makes outbound HTTP/HTTPS connections to websites you bookmark to fetch page information (title, thumbnails), the server must then have access to the Internet as well, and a working DNS resolver. | |
26 | ||
91a21c27 | 27 | |
28 | ### PHP | |
29 | ||
30 | Supported PHP versions: | |
43ad7c8e | 31 | |
bdfb967c | 32 | Version | Status | Shaarli compatibility |
33 | :---:|:---:|:---: | |
30255b79 | 34 | 7.3 | Supported | Yes |
bdfb967c | 35 | 7.2 | Supported | Yes |
36 | 7.1 | Supported | Yes | |
899d0411 | 37 | 7.0 | EOL: 2018-12-03 | Yes (up to Shaarli 0.10.x) |
7062ef4d | 38 | 5.6 | EOL: 2018-12-31 | Yes (up to Shaarli 0.10.x) |
bdfb967c | 39 | 5.5 | EOL: 2016-07-10 | Yes |
40 | 5.4 | EOL: 2015-09-14 | Yes (up to Shaarli 0.8.x) | |
41 | 5.3 | EOL: 2014-08-14 | Yes (up to Shaarli 0.8.x) | |
5409ade2 | 42 | |
91a21c27 | 43 | Required PHP extensions: |
43ad7c8e | 44 | |
bdfb967c | 45 | Extension | Required? | Usage |
46 | ---|:---:|--- | |
47 | [`openssl`](http://php.net/manual/en/book.openssl.php) | All | OpenSSL, HTTPS | |
3575fe5b | 48 | [`php-json`](http://php.net/manual/en/book.json.php) | required | configuration parsing |
bdfb967c | 49 | [`php-mbstring`](http://php.net/manual/en/book.mbstring.php) | CentOS, Fedora, RHEL, Windows, some hosting providers | multibyte (Unicode) string support |
787faa42 | 50 | [`php-gd`](http://php.net/manual/en/book.image.php) | optional | required to use thumbnails |
bdfb967c | 51 | [`php-intl`](http://php.net/manual/en/book.intl.php) | optional | localized text sorting (e.g. `e->รจ->f`) |
52 | [`php-curl`](http://php.net/manual/en/book.curl.php) | optional | using cURL for fetching webpages and thumbnails in a more robust way | |
53 | [`php-gettext`](http://php.net/manual/en/book.gettext.php) | optional | Use the translation system in gettext mode (faster) | |
992af0b9 | 54 | |
91a21c27 | 55 | Some [plugins](Plugins.md) may require additional configuration. |
56 | ||
57 | ||
58 | ## SSL/TLS (HTTPS) | |
992af0b9 | 59 | |
91a21c27 | 60 | We recommend setting up [HTTPS](https://en.wikipedia.org/wiki/HTTPS) on your webserver for secure communication between clients and the server. |
43ad7c8e | 61 | |
91a21c27 | 62 | For public-facing web servers this can be done using free SSL/TLS certificates from [Let's Encrypt](https://en.wikipedia.org/wiki/Let's_Encrypt), a non-profit certificate authority provididing free certificates. |
992af0b9 | 63 | |
91a21c27 | 64 | - [How to secure Apache with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10) |
65 | - [How to secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-10) | |
66 | - [How To Use Certbot Standalone Mode to Retrieve Let's Encrypt SSL Certificates](https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-debian-10). | |
992af0b9 | 67 | |
91a21c27 | 68 | In short: |
992af0b9 | 69 | |
91a21c27 | 70 | ```bash |
71 | # install certbot | |
72 | sudo apt install certbot | |
bdfb967c | 73 | |
91a21c27 | 74 | # stop your webserver if you already have one running |
75 | # certbot in standalone mode needs to bind to port 80 (only needed on initial generation) | |
76 | sudo systemctl stop apache2 | |
77 | sudo systemctl stop nginx | |
bdfb967c | 78 | |
91a21c27 | 79 | # generate initial certificates - Let's Encrypt ACME servers must be able to access your server! |
80 | # (DNS records must be correctly pointing to it, firewall/NAT on port 80/443 must be open) | |
81 | sudo certbot certonly --standalone --noninteractive --agree-tos --email "admin@shaarli.mydomain.org" -d shaarli.mydomain.org | |
82 | # this will generate a private key and certificate at /etc/letsencrypt/live/shaarli.mydomain.org/{privkey,fullchain}.pem | |
bdfb967c | 83 | |
91a21c27 | 84 | # restart the web server |
85 | sudo systemctl start apache2 | |
86 | sudo systemctl start nginx | |
87 | ``` | |
88 | ||
89 | If you don't want to rely on a certificate authority, or the server can only be accessed from your own network, you can also generate self-signed certificates. Not that this will generate security warnings in web browsers/clients trying to access Shaarli: | |
90 | ||
91 | - [How To Create a Self-Signed SSL Certificate for Apache](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-on-debian-10) | |
92 | - [How To Create a Self-Signed SSL Certificate for Nginx](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-debian-10) | |
bdfb967c | 93 | |
94 | -------------------------------------------------------------------------------- | |
95 | ||
91a21c27 | 96 | ## Examples |
97 | ||
98 | The following examples assume a Debian-based operating system is installed. On other distributions you may have to adapt details such as package installation procedures, configuration file locations, and webserver username/group (`www-data` or `httpd` are common values). | |
99 | ||
100 | In these examples we assume the document root for your web server/virtualhost is at `/var/www/shaarli.mydomain.org/`: | |
101 | ||
102 | ```bash | |
103 | sudo mkdir -p /var/www/shaarli.mydomain.org/ | |
104 | ``` | |
105 | ||
106 | You can install Shaarli at the root of your virtualhost, or in a subdirectory as well. See [Directory structure](Directory-structure) | |
107 | ||
bdfb967c | 108 | |
91a21c27 | 109 | ### Apache |
bdfb967c | 110 | |
91a21c27 | 111 | ```bash |
112 | # Install apache + mod_php and PHP modules | |
113 | sudo apt update | |
114 | sudo apt install apache2 libapache2-mod-php php-json php-mbstring php-gd php-intl php-curl php-gettext | |
115 | ||
116 | # Edit the virtualhost configuration file with your favorite editor | |
117 | sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf | |
118 | ``` | |
992af0b9 | 119 | |
992af0b9 | 120 | ```apache |
91a21c27 | 121 | <VirtualHost *:80> |
122 | ServerName shaarli.mydomain.org | |
123 | DocumentRoot /var/www/shaarli.mydomain.org/ | |
124 | ||
125 | # Log level. Possible values include: debug, info, notice, warn, error, crit, alert, emerg. | |
126 | LogLevel warn | |
127 | # Log file locations | |
128 | ErrorLog /var/log/apache2/error.log | |
129 | CustomLog /var/log/apache2/access.log combined | |
130 | ||
131 | # Redirect HTTP requests to HTTPS | |
132 | RewriteEngine on | |
133 | RewriteRule ^.well-known/acme-challenge/ - [L] | |
134 | # except for Let's Encrypt ACME challenge requests | |
135 | RewriteCond %{HTTP_HOST} =shaarli.mydomain.org | |
136 | RewriteRule ^ https://shaarli.mydomain.org%{REQUEST_URI} [END,NE,R=permanent] | |
137 | </VirtualHost> | |
138 | ||
bdfb967c | 139 | <VirtualHost *:443> |
91a21c27 | 140 | ServerName shaarli.mydomain.org |
141 | DocumentRoot /var/www/shaarli.mydomain.org/ | |
992af0b9 | 142 | |
91a21c27 | 143 | # Log level. Possible values include: debug, info, notice, warn, error, crit, alert, emerg. |
992af0b9 | 144 | LogLevel warn |
91a21c27 | 145 | # Log file locations |
146 | ErrorLog /var/log/apache2/error.log | |
147 | CustomLog /var/log/apache2/access.log combined | |
992af0b9 | 148 | |
91a21c27 | 149 | # SSL/TLS configuration (for Let's Encrypt certificates) |
bdfb967c | 150 | SSLEngine on |
91a21c27 | 151 | SSLCertificateFile /etc/letsencrypt/live/shaarli.mydomain.org/fullchain.pem |
152 | SSLCertificateKeyFile /etc/letsencrypt/live/shaarli.mydomain.org/privkey.pem | |
bdfb967c | 153 | Include /etc/letsencrypt/options-ssl-apache.conf |
992af0b9 | 154 | |
91a21c27 | 155 | # SSL/TLS configuration (for self-signed certificates) |
bdfb967c | 156 | #SSLEngine on |
157 | #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | |
158 | #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | |
992af0b9 | 159 | |
bdfb967c | 160 | # Optional, log PHP errors, useful for debugging |
161 | #php_flag log_errors on | |
162 | #php_flag display_errors on | |
163 | #php_value error_reporting 2147483647 | |
164 | #php_value error_log /var/log/apache2/shaarli-php-error.log | |
992af0b9 | 165 | |
91a21c27 | 166 | <Directory /var/www/shaarli.mydomain.org/> |
167 | # Required for .htaccess support | |
992af0b9 | 168 | AllowOverride All |
992af0b9 | 169 | Order allow,deny |
bdfb967c | 170 | Allow from all |
bdfb967c | 171 | </Directory> |
992af0b9 | 172 | |
91a21c27 | 173 | <LocationMatch "/\."> |
174 | # Prevent accessing dotfiles | |
175 | RedirectMatch 404 ".*" | |
176 | </LocationMatch> | |
3cc8c898 | 177 | |
91a21c27 | 178 | <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$"> |
179 | # allow client-side caching of static files | |
180 | Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" | |
181 | </LocationMatch> | |
3cc8c898 | 182 | |
91a21c27 | 183 | # serve the Shaarli favicon from its custom location |
184 | Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico | |
992af0b9 | 185 | |
91a21c27 | 186 | </VirtualHost> |
187 | ``` | |
43ad7c8e | 188 | |
91a21c27 | 189 | ```bash |
190 | # Enable the virtualhost | |
191 | sudo a2ensite shaarli | |
992af0b9 | 192 | |
91a21c27 | 193 | # mod_ssl must be enabled to use TLS/SSL certificates |
194 | # https://httpd.apache.org/docs/current/mod/mod_ssl.html | |
195 | sudo a2enmod ssl | |
992af0b9 | 196 | |
91a21c27 | 197 | # mod_rewrite must be enabled to use the REST API |
198 | # https://httpd.apache.org/docs/current/mod/mod_rewrite.html | |
199 | sudo a2enmod rewrite | |
43ad7c8e | 200 | |
91a21c27 | 201 | # mod_version must only be enabled if you use Apache 2.2 or lower |
202 | # https://httpd.apache.org/docs/current/mod/mod_version.html | |
203 | # sudo a2enmod version | |
992af0b9 | 204 | |
91a21c27 | 205 | # restart the apache service |
206 | systemctl restart apache | |
207 | ``` | |
43ad7c8e | 208 | |
91a21c27 | 209 | See [How to install the Apache web server](https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-debian-10) for a complete guide. |
992af0b9 | 210 | |
91a21c27 | 211 | ### Nginx |
43ad7c8e | 212 | |
91a21c27 | 213 | Guide on setting up the Nginx web server: [How to install the Nginx web server](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-debian-10) |
992af0b9 | 214 | |
91a21c27 | 215 | You will also need to install the [PHP-FPM](http://php-fpm.org) interpreter as detailed [here](https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mariadb-php-lemp-stack-on-debian-10#step-3-%E2%80%94-installing-php-for-processing). Nginx and PHP-FPM must be running using the same user and group, here we assume the user/group to be `www-data:www-data` but this may vary depending on your Linux distribution. |
43ad7c8e | 216 | |
992af0b9 | 217 | |
91a21c27 | 218 | ```bash |
219 | # install nginx and php-fpm | |
220 | sudo apt update | |
221 | sudo apt install nginx php-fpm | |
992af0b9 | 222 | |
91a21c27 | 223 | # Edit the virtualhost configuration file with your favorite editor |
224 | sudo nano /etc/nginx/sites-available/shaarli.mydomain.org | |
992af0b9 V |
225 | ``` |
226 | ||
227 | ```nginx | |
91a21c27 | 228 | server { |
229 | listen 80; | |
230 | server_name shaarli.mydomain.org; | |
992af0b9 | 231 | |
91a21c27 | 232 | # redirect all plain HTTP requests to HTTPS |
233 | return 301 https://shaarli.mydomain.org$request_uri; | |
992af0b9 | 234 | } |
992af0b9 | 235 | |
91a21c27 | 236 | server { |
237 | listen 443 ssl; | |
238 | server_name shaarli.mydomain.org; | |
239 | root /var/www/shaarli.mydomain.org; | |
3cc8c898 | 240 | |
91a21c27 | 241 | # log file locations |
242 | # combined log format prepends the virtualhost/domain name to log entries | |
243 | access_log /var/log/nginx/access.log combined; | |
244 | error_log /var/log/nginx/error.log; | |
3cc8c898 | 245 | |
91a21c27 | 246 | # paths to private key and certificates for SSL/TLS |
247 | ssl_certificate /etc/ssl/shaarli.mydomain.org.crt; | |
248 | ssl_certificate_key /etc/ssl/private/shaarli.mydomain.org.key; | |
992af0b9 | 249 | |
91a21c27 | 250 | # increase the maximum file upload size if needed: by default nginx limits file upload to 1MB (413 Entity Too Large error) |
251 | client_max_body_size 100m; | |
992af0b9 | 252 | |
91a21c27 | 253 | # relative path to shaarli from the root of the webserver |
254 | location / { | |
255 | # default index file when no file URI is requested | |
256 | index index.php; | |
257 | try_files $uri /index.php$is_args$args; | |
992af0b9 | 258 | } |
992af0b9 | 259 | |
91a21c27 | 260 | location ~ (index)\.php$ { |
261 | try_files $uri =404; | |
262 | # slim API - split URL path into (script_filename, path_info) | |
263 | fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
264 | # pass PHP requests to PHP-FPM | |
265 | fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
266 | fastcgi_index index.php; | |
267 | include fastcgi.conf; | |
268 | } | |
43ad7c8e | 269 | |
91a21c27 | 270 | location ~ \.php$ { |
271 | # deny access to all other PHP scripts | |
272 | # disable this if you host other PHP applications on the same virtualhost | |
273 | deny all; | |
274 | } | |
992af0b9 | 275 | |
91a21c27 | 276 | location ~ /\. { |
277 | # deny access to dotfiles | |
278 | deny all; | |
279 | } | |
992af0b9 | 280 | |
91a21c27 | 281 | location ~ ~$ { |
282 | # deny access to temp editor files, e.g. "script.php~" | |
283 | deny all; | |
284 | } | |
992af0b9 | 285 | |
91a21c27 | 286 | location = /favicon.ico { |
287 | # serve the Shaarli favicon from its custom location | |
288 | alias /var/www/shaarli/images/favicon.ico; | |
289 | } | |
992af0b9 | 290 | |
91a21c27 | 291 | # allow client-side caching of static files |
292 | location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | |
293 | expires max; | |
294 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
295 | # HTTP 1.0 compatibility | |
296 | add_header Pragma public; | |
297 | } | |
f8b936e7 | 298 | |
f8b936e7 | 299 | } |
992af0b9 V |
300 | ``` |
301 | ||
91a21c27 | 302 | ```bash |
303 | # enable the configuration/virtualhost | |
304 | sudo ln -s /etc/nginx/sites-available/shaarli.mydomain.org /etc/nginx/sites-enabled/shaarli.mydomain.org | |
305 | # reload nginx configuration | |
306 | sudo systemctl reload nginx | |
992af0b9 V |
307 | ``` |
308 | ||
992af0b9 | 309 | |
91a21c27 | 310 | ## Reverse proxies |
992af0b9 | 311 | |
91a21c27 | 312 | If Shaarli is hosted on a server behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) (i.e. there is a proxy server between clients and the web server hosting Shaarli), configure it accordingly. See [Reverse proxy](Reverse-proxy.md) configuration. |
b230bf20 | 313 | |
992af0b9 | 314 | |
3cc8c898 | 315 | |
91a21c27 | 316 | ## Allow import of large browser bookmarks export |
992af0b9 | 317 | |
91a21c27 | 318 | Web browser bookmark exports can be large due to the presence of base64-encoded images and favicons/long subfolder names. Edit the PHP configuration file. |
992af0b9 | 319 | |
91a21c27 | 320 | - Apache: `/etc/php/<PHP_VERSION>/apache2/php.ini` |
321 | - Nginx + PHP-FPM: `/etc/php/<PHP_VERSION>/fpm/php.ini` (in addition to `client_max_body_size` in the [Nginx configuration](#nginx)) | |
992af0b9 | 322 | |
91a21c27 | 323 | ```ini |
53ed6d7d | 324 | [...] |
91a21c27 | 325 | # (optional) increase the maximum file upload size: |
326 | post_max_size = 100M | |
327 | [...] | |
328 | # (optional) increase the maximum file upload size: | |
329 | upload_max_filesize = 100M | |
330 | ``` | |
992af0b9 | 331 | |
91a21c27 | 332 | To verify PHP settings currently set on the server, create a `phpinfo.php` in your webserver's document root |
992af0b9 | 333 | |
91a21c27 | 334 | ```bash |
335 | # example | |
336 | echo '<?php phpinfo(); ?>' | sudo tee /var/www/shaarli.mydomain.org/phpinfo.php | |
337 | #give read-only access to this file to the webserver user | |
338 | sudo chown www-data:root /var/www/shaarli.mydomain.org/phpinfo.php | |
339 | sudo chmod 0400 /var/www/shaarli.mydomain.org/phpinfo.php | |
340 | ``` | |
992af0b9 | 341 | |
91a21c27 | 342 | Access the file from a web browser (eg. <https://shaarli.mydomain.org/phpinfo.php> and look at the _Loaded Configuration File_ and _Scan this dir for additional .ini files_ entries |
992af0b9 | 343 | |
91a21c27 | 344 | It is recommended to remove the `phpinfo.php` when no longer needed as it publicly discloses details about your webserver configuration. |
992af0b9 | 345 | |
b230bf20 | 346 | |
91a21c27 | 347 | ## Robots and crawlers |
992af0b9 | 348 | |
91a21c27 | 349 | To opt-out of indexing your Shaarli instance by search engines, create a `robots.txt` file at the root of your virtualhost: |
3cc8c898 | 350 | |
91a21c27 | 351 | ``` |
352 | User-agent: * | |
353 | Disallow: / | |
992af0b9 | 354 | ``` |
bdfb967c | 355 | |
91a21c27 | 356 | By default Shaarli already disallows indexing of your local copy of the documentation by default, using `<meta name="robots">` HTML tags. Your Shaarli instance may still be indexed by various robots on the public Internet, that do not respect this header or the robots standard. |
bdfb967c | 357 | |
91a21c27 | 358 | - [Robots exclusion standard](https://en.wikipedia.org/wiki/Robots_exclusion_standard) |
359 | - [Introduction to robots.txt](https://support.google.com/webmasters/answer/6062608?hl=en) | |
360 | - [Robots meta tag, data-nosnippet, and X-Robots-Tag specifications](https://developers.google.com/search/reference/robots_meta_tag) | |
361 | - [About robots.txt](http://www.robotstxt.org) | |
362 | - [About the robots META tag](https://www.robotstxt.org/meta.html) | |
bdfb967c | 363 | |
b49a04f7 | 364 | |
91a21c27 | 365 | ## Fail2ban |
bdfb967c | 366 | |
91a21c27 | 367 | [fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page) is an intrusion prevention framework that reads server (Apache, SSH, etc.) and uses `iptables` profiles to block brute-force attempts. You need to create a filter to detect shaarli login failures in logs, and a jail configuation to configure the behavior when failed login attempts are detected: |
6c44d604 | 368 | |
91a21c27 | 369 | ```ini |
370 | # /etc/fail2ban/filter.d/shaarli-auth.conf | |
371 | [INCLUDES] | |
372 | before = common.conf | |
373 | [Definition] | |
374 | failregex = \s-\s<HOST>\s-\sLogin failed for user.*$ | |
375 | ignoreregex = | |
376 | ``` | |
bdfb967c | 377 | |
91a21c27 | 378 | ```ini |
379 | # /etc/fail2ban/jail.local | |
380 | [shaarli-auth] | |
381 | enabled = true | |
382 | port = https,http | |
383 | filter = shaarli-auth | |
384 | logpath = /var/www/shaarli.mydomain.org/data/log.txt | |
385 | # allow 3 login attempts per IP address | |
386 | # (over a period specified by findtime = in /etc/fail2ban/jail.conf) | |
387 | maxretry = 3 | |
388 | # permanently ban the IP address after reaching the limit | |
389 | bantime = -1 | |
390 | ``` | |
bdfb967c | 391 | |
91a21c27 | 392 | #### References |
bdfb967c | 393 | |
91a21c27 | 394 | - [Apache/PHP - error log per VirtualHost - StackOverflow](http://stackoverflow.com/q/176) |
bdfb967c | 395 | - [Apache - PHP: php_value vs php_admin_value and the use of php_flag explained](https://ma.ttias.be/php-php_value-vs-php_admin_value-and-the-use-of-php_flag-explained/) |
91a21c27 | 396 | - [Server-side TLS (Apache) - Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS#Apache) |
bdfb967c | 397 | - [Nginx Beginner's guide](http://nginx.org/en/docs/beginners_guide.html) |
398 | - [Nginx ngx_http_fastcgi_module](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html) | |
399 | - [Nginx Pitfalls](http://wiki.nginx.org/Pitfalls) | |
91a21c27 | 400 | - [Nginx PHP configuration examples - Karl Blessing](http://kbeezie.com/nginx-configuration-examples/) |
401 | - [Apache 2.4 documentation](https://httpd.apache.org/docs/2.4/) | |
402 | - [Apache mod_proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) | |
403 | - [Apache Reverse Proxy Request Headers](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#x-headers) | |
404 | - [HAProxy documentation](https://cbonte.github.io/haproxy-dconv/) | |
405 | - [Nginx documentation](https://nginx.org/en/docs/) | |
406 | - [`X-Forwarded-Proto`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto) | |
407 | - [`X-Forwarded-Host`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host) | |
408 | - [`X-Forwarded-For`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For) | |
409 | - [Server-side TLS (Nginx) - Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) | |
bdfb967c | 410 | - [How to Create Self-Signed SSL Certificates with OpenSSL](http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php) |
411 | - [How do I create my own Certificate Authority?](https://workaround.org/certificate-authority) | |
bdfb967c | 412 | - [Travis configuration](https://github.com/shaarli/Shaarli/blob/master/.travis.yml) |
413 | - [PHP: Supported versions](http://php.net/supported-versions.php) | |
91a21c27 | 414 | - [PHP: Unsupported versions (EOL/End-of-life)](http://php.net/eol.php) |
bdfb967c | 415 | - [PHP 7 Changelog](http://php.net/ChangeLog-7.php) |
416 | - [PHP 5 Changelog](http://php.net/ChangeLog-5.php) | |
417 | - [PHP: Bugs](https://bugs.php.net/) | |
91a21c27 | 418 | - [Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security) |
419 | - Hosting providers: [DigitalOcean](https://www.digitalocean.com/) ([1](https://www.digitalocean.com/docs/droplets/overview/), [2](https://www.digitalocean.com/pricing/), [3](https://www.digitalocean.com/docs/droplets/how-to/create/), [How to Add SSH Keys to Droplets](https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/), [4](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-debian-8), [5](https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps)), [Gandi](https://www.gandi.net/en), [OVH](https://www.ovh.co.uk/), [RackSpace](https://www.rackspace.com/), etc. | |
420 | ||
421 |