目次
# wget -P /usr/local/src http://www.ring.gr.jp/archives/net/apache/httpd/httpd-2.2.21.tar.gz
# cd /usr/local/src # tar zxvf httpd-2.2.21.tar.gz
# cd /usr/local/src/httpd-2.2.21/srclib/apr # ./configure --prefix=/usr/local/httpd-2.2.21/apr # make # make install
# cd /usr/local/src/httpd-2.2.21/srclib/apr-util # ./configure --prefix=/usr/local/httpd-2.2.21/apr-util --with-apr=/usr/local/httpd-2.2.21/apr # make # make install
# cd /usr/local/src/httpd-2.2.21 # ./configure \ > --prefix=/usr/local/httpd-2.2.21 \ > --enable-so \ > --enable-rewrite=shared \ > --enable-dav=shared \ > --enable-dav-fs=shared \ > --enable-dav-lock=shared \ > --enable-ssl=shared \ > --with-ssl=/usr/local/ssl/ \ > --with-apr=/usr/local/httpd-2.2.21/apr \ > --with-apr-util=/usr/local/httpd-2.2.21/apr-util
# make # make install
# ln -s /usr/local/httpd-2.2.21 /usr/local/apache2
# groupadd apache # useradd -g apache apache
# vi /usr/local/apache2/conf/httpd.confユーザーとグループの変更
User daemon Group daemon ↓ User apache Group apacheサーバー名の設定
ServerName www.example.com:80 ↓ ServerName XXXXXXXXXXX:80
# cd /usr/local/ssl # cp misc/CA.sh . # ./CA.sh -newca CA certificate filename (or enter to create) ← 空Enter Making CA certificate ... Generating a 1024 bit RSA private key .....++++++ ................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: ← 秘密鍵のパスフレーズを入力 Verifying password - Enter PEM pass phrase: ← もう一度入力 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: ← JP State or Province Name (full name) [Some-State]: ← 県名 Locality Name (eg, city) []: ← 市町村 Organization Name (eg, company) [Internet Widgits Pty Ltd]:← 社名 Organizational Unit Name (eg, section) []: ← 部署 Common Name (eg, YOUR name) []: ← (※) Email Address []: ← メルアド Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ← 空Enter An optional company name []: ← 空Enter Enter pass phrase for ./demoCA/private/./cakey.pem: ← 秘密鍵のパスフレーズを入力 (※)サーバのURL(またはサーバ名?)にしないとApacheLogに警告が出力されてた。以上の処理により、
# chmod 600 /usr/local/ssl/demoCA/private/cakey.pem # chmod 700 /usr/local/ssl/demoCA/privateとパーミッションを設定しておく。
# openssl x509 -in /usr/local/ssl/demoCA/cacert.pem -text
# openssl genrsa -out server.key 1024 Generating RSA private key, 1024 bit long modules .............++++++ ....++++++ e is 65537 (0x10001)確認
# ls server.key
# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: ← JP State or Province Name (full name) [Some-State]: ← 県名 Locality Name (eg, city) []: ← 市町村 Organization Name (eg, company) [Internet Widgits Pty Ltd]:← 社名 Organizational Unit Name (eg, section) []: ← 部署 Common Name (eg, YOUR name) []: ← (※) Email Address []: ← メルアド Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ← 空Enter An optional company name []: ← 空Enter (※)サーバのURL(またはサーバ名?)にしないとApacheLogに警告が出力されてた。確認
# ls server.key server.csr
# echo 01 > ca-cert.srl # openssl x509 -CA demoCA/cacert.pem -CAkey demoCA/private/cakey.pem -CAserial ca-cert.srl -req -days 3650 -in server.csr -out server.crt Using configuration from /usr/local/ssl/openssl.cnf Enter pass phrase for /usr/local/ssl/demoCA/private/cakey.pem: ← 秘密鍵のパスフレーズを入力 (中略) Sign the certificate? [y/n]: y ← [y]+Enter 1 out of 1 certificate requests sertified, commit? [y/n]: ← [y]+Enter確認
# ls server.key server.csr server.crt秘密鍵と証明書を移動する。
# mkdir /usr/local/apache2/conf/ssl # mv server.key /usr/local/apache2/conf/ssl # mv server.crt /usr/local/apache2/conf/ssl
# vi /usr/local/apache2/conf/extra/httpd-ssl.confサーバー名
<VirtualHost _default_:443> ServerName www.example.com:443 ↓ ServerName XXXXXXXXXXXXXXX:443サーバー証明書のパス
SSLCertificateFile "/usr/local/apache2/conf/server.crt" ↓ SSLCertificateFile "/usr/local/apache2/conf/ssl/server.crt"秘密鍵のパス
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" ↓ SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/server.key"
# vi /usr/local/apache2/conf/httpd.confSSL設定ファイルのリンク
# Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf ↓ Include conf/extra/httpd-ssl.conf ← コメント外す確認
# /usr/local/apache2/bin/apachectl configtest Syntax OK
下記のコマンドで起動、停止、再起動を行う
# /usr/local/apache2/bin/apachectl start ← 起動 # /usr/local/apache2/bin/apachectl stop ← 停止 # /usr/local/apache2/bin/apachectl restart ← 再起動
http,httpsでそれぞれアクセスし「It works!」が表示されればOK。
# cp /usr/local/src/httpd-2.2.21/build/rpm/httpd.init /etc/rc.d/init.d/httpd
# vi /etc/rc.d/init.d/httpd httpd=${HTTPD-/usr/sbin/httpd} ↓ httpd=${HTTPD-/usr/local/apache2/bin/httpd} ← パスの変更 (〜check13()の中〜) CONFFILE=/etc/httpd/conf/httpd.conf ↓ CONFFILE=/usr/local/apache2/conf/httpd.conf ← パスの変更
# chmod 755 /etc/rc.d/init.d/httpd # chkconfig --add httpd # chkconfig httpd on # chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
上記の手順でインストールするとhttpdスクリプトでstopさせる時に失敗してしまう。
# /etc/rc.d/init.d/httpd start httpd を起動中: [ OK ] # /etc/rc.d/init.d/httpd stop httpd を停止中: [失敗]
pidファイルの位置が違っているのが原因みたい。
# /etc/rc.d/init.d/httpd start httpd を起動中: [ OK ] # find / -name *.pid /var/run/abrtd.pid /var/run/syslogd.pid /var/run/sshd.pid /var/run/crond.pid /var/run/messagebus.pid /var/run/haldaemon.pid /usr/local/httpd-2.2.21/logs/httpd.pid ← ここにpidファイルが作成されている
httpd起動スクリプトでは
pidfile=${PIDFILE-/var/log/httpd/${prog}.pid}
と記述されている。
Apache HTTP サーバ バージョン 2.2 ドキュメントによるとpid作成先を設定するディレクティブはPidFileでデフォルトはlogs/httpd.pidになるみたい。
httpd.confには記述が無いので追加する。
# vi /usr/local/apache2/conf/httpd.conf PidFile /var/run/httpd.pid ← ServerRootの次ぐらいの行に追加
httpd起動スクリプトも修正する。
# vi /etc/rc.d/init.d/httpd #pidfile=${PIDFILE-/var/log/httpd/${prog}.pid} ← コメントアウト pidfile=${PIDFILE-/var/run/httpd.pid} ← 追加
テスト
# /etc/rc.d/init.d/httpd start httpd を起動中: [ OK ] # find / -name *.pid /var/run/abrtd.pid /var/run/syslogd.pid /var/run/sshd.pid /var/run/crond.pid /var/run/httpd.pid ← /var/run/messagebus.pid /var/run/haldaemon.pid # /etc/rc.d/init.d/httpd stop httpd を停止中: [ OK ]
conf/extra/httpd-mpm.confにPidFileディレクティブの記述があるがソースからコンパイルするとhttpd.confでextra/httpd-mpm.confがincludeされない(?)ようである。
httpd-mpm.confでPidFileのパスを修正し、httpd.confでextra/httpd-mpm.confをincludeさせてもOKかと。
# vi /usr/local/apache2/conf/extra/httpd-mpm.conf #PidFile "logs/httpd.pid" ↓ PidFile "/var/run/httpd.pid" #LockFile "logs/httpd/accept.lock" ↓ LockFile "/var/lock/subsys/httpd"
# vi /usr/local/apache2/conf/httpd.conf # Server-pool management (MPM specific) #Include conf/extra/httpd-mpm.conf ↓ Include conf/extra/httpd-mpm.conf ← コメント外す
httpd起動スクリプトの修正は同じ。