grav: Installation

Posted on 25-05-25 15:27

apt install wget curl git build-essential
apt install iptables fail2ban
apt install ssl-cert ca-certificates 
apt install php-xml php-cli php-cgi php-mysql php-mbstring php-gd php-curl php-zip
apt install nftables

wget https://getgrav.org/download/core/grav-admin/latest -O grav-admin.zip
unzip grav-admin.zip
mv grav-admin grav
mv grav /var/www/html/
chown -Rf www-data: grav/

<VirtualHost *:80>
    ServerName www.redkey.de
    ServerAlias redkey.de
    ServerAdmin whatever@forever.de
    DocumentRoot /var/www/html/redkey_de
    ErrorLog /var/log/apache2/error_001-redkey_de.log
    CustomLog /var/log/apache2/access_001-redkey_de.log combined
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =redkey.de
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.redkey.de
    ServerAlias redkey.de
    ServerAdmin whatever@forever.de

    SSLCertificateFile /etc/letsencrypt/live/redkey.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/redkey.de/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    Protocols h2 h2c http/1.1
    Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
    SSLEngine on
    SSLCompression off
    SSLOptions +StrictRequire
    SSLProtocol -all +TLSv1.3 +TLSv1.2
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off
    SSLSessionTickets off
    ServerSignature off
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    SSLOpenSSLConfCmd Curves X448:secp521r1:secp384r1:prime256v1
    SSLOpenSSLConfCmd ECDHParameters secp384r1
    SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
    LogLevel warn

    ErrorLog /var/log/apache2/error_003-redkey_de-ssl.log
    CustomLog /var/log/apache2/access_003-redkey_de-ssl.log combined

    RewriteEngine on

    DocumentRoot /var/www/html/grav
    <Directory /var/www/html/grav>
        Options -Indexes
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

</VirtualHost>
</IfModule>