Re: Web server with PHP setup & mod-ssl

[John Foster <jfoster@augustmail.com>]

Danny O'Brien wrote:

> I'm rebuilding a web server with a home-grown PHP site that allows 
> users to log in securely, to view, upload, and download files. This is 
> my first real foray into Debian.
>
> Here's the spec:
>
> Kernel2.4.18-bf2.4
> Apache1.3.26-0woo
> openssl0.9.6c-2.wo
> postgres7.2.1-2wood
> php4.1.2-6wood
>
> My questions:
>
> - does "apt-get upgrade" always provide the most secure versions? The 
> reason I ask is:
>
> - Apache 1.3.26 seems ancient -- is this an OK version to run? I have 
> executed apt-get upgrade, and apt.conf is set for "stable."
>
> - also, openssl is up to 0.9.6 "l" -- 0.9.6 "c" also seems ancient.
>
> - My previous build ran mod-ssl. However, there is no mod-ssl package 
> in Debian. Has anyone installed mod-ssl under Debian, or is there a 
> better program for this function?
>
> TIA
>
> - Danny O'Brien 

Unless you want to venture into the waters of testing or unstable you 
are about as good as you can get. You should install apache-ssl if you 
want to set up a secure server & especially if this is a production 
system. That will take care of your mod-ssl issues. Apache2 which is OK 
in unstable is MUCH easier to work with.....but it is in UNSTABLE  :-)

--
John Foster
Advance-Computing Systems
We build amazing servers!