Apache 2.2.12
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
''目次''
#contents
~
----
*準備 [#i98ca8e5]
-JAPAN APACHE USERS GROUP -- http://www.apache.jp/~
ソース:httpd-2.2.12.tar.gz
*インストール [#f0112fc8]
+ソースの取得~
/usr/local/srcにhttpd-2.2.12.tar.gzを取得。
# wget -P /usr/local/src http://www.ring.gr.jp/archives/...
+ソースの解凍~
/usr/local/srcにhttpd-2.2.12フォルダが作成される。
# cd /usr/local/src
# tar zxvf httpd-2.2.12.tar.gz
+APR(Apache Portable Runtime)のインストール~
++apr~
[[configureのヘルプ>aprのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12/srclib/apr
# ./configure --prefix=/usr/local/httpd-2.2.12/apr
# make
# make install
++apr-util~
[[configureのヘルプ>apr-utilのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12/srclib/apr-util
# ./configure --prefix=/usr/local/httpd-2.2.12/apr-util ...
# make
# make install
+コンパイル設定~
[[configureのヘルプ>apacheのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12
# ./configure \
> --prefix=/usr/local/httpd-2.2.12 \
> --enable-so \
> --enable-rewrite=shared \
> --enable-ssl=shared \
> --enable-dav=shared \
> --enable-dav-fs=shared \
> --with-ssl=/usr/local/ssl/ \
> --with-apr=/usr/local/httpd-2.2.12/apr \
> --with-apr-util=/usr/local/httpd-2.2.12/apr-util
+インストール~
# make
# make install
+シンボリックリンクの作成~
# ln -s /usr/local/httpd-2.2.12 /usr/local/apache2
*初期設定 [#kfb38bcf]
-''apacheユーザーの作成''~
apache専用のユーザーを作成する。ユーザー名はapache。
# groupadd apache
# useradd -g apache apache
-''httpd.confの設定''
# vi /usr/local/apache2/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#y927ec7a]
**認証局(CA)の構築 [#n2977593]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /usr/local/ssl
# cp misc/CA.sh .
# ./CA.sh -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for ./demoCA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/usr/local/ssl/demoCA/cacert.pem ← 自己署名型CA...
/usr/local/ssl/demoCA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /usr/local/ssl/demoCA/private/cakey.pem
# chmod 700 /usr/local/ssl/demoCA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /usr/local/ssl/demoCA/cacert.pem -text
**SSLサーバ構築 [#u23f20a0]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA demoCA/cacert.pem -CAkey demoCA/priva...
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/demoCA/private/cake...
(中略)
Sign the certificate? [y/n]: y ...
1 out of 1 certificate requests sertified, commit? [y/n]...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /usr/local/apache2/conf/ssl
# mv server.key /usr/local/apache2/conf/ssl
# mv server.crt /usr/local/apache2/conf/ssl
**Apacheへの埋め込み [#o5d36ec6]
-''httpd-ssl.confの設定''
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
↓
SSLCertificateFile "/usr/local/apache2/conf/ssl/server.c...
秘密鍵のパス
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
↓
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/serve...
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /usr/local/apache2/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/local/apache2/bin/apachectl configtest
Syntax OK
*起動 [#ta12cb87]
下記のコマンドで起動、停止、再起動を行う
# /usr/local/apache2/bin/apachectl start ← 起動
# /usr/local/apache2/bin/apachectl stop ← 停止
# /usr/local/apache2/bin/apachectl restart ← 再起動
*動作確認 [#b66c1940]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
*自動起動設定 [#vff481ec]
-''起動スクリプトのコピー''
# cp /usr/local/src/httpd-2.2.12/build/rpm/httpd.init /e...
-''起動スクリプトの編集''
# vi /etc/rc.d/init.d/httpd
apachectl=/usr/sbin/apachectl
↓
apachectl=/usr/local/apache2/bin/apachectl ← パスの変更
httpd=${HTTPD-/usr/sbin/httpd}
↓
httpd=${HTTPD-/usr/local/apache2/bin/httpd} ← パスの変更
(〜check13()の中〜)
CONFFILE=/etc/httpd/conf/httpd.conf
↓
CONFFILE=/usr/local/apache2/conf/httpd.conf ← パスの変更
-''実行権限を与えて自動起動設定''
# chmod 755 /etc/rc.d/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on ...
*他 [#ufc11d27]
終了行:
''目次''
#contents
~
----
*準備 [#i98ca8e5]
-JAPAN APACHE USERS GROUP -- http://www.apache.jp/~
ソース:httpd-2.2.12.tar.gz
*インストール [#f0112fc8]
+ソースの取得~
/usr/local/srcにhttpd-2.2.12.tar.gzを取得。
# wget -P /usr/local/src http://www.ring.gr.jp/archives/...
+ソースの解凍~
/usr/local/srcにhttpd-2.2.12フォルダが作成される。
# cd /usr/local/src
# tar zxvf httpd-2.2.12.tar.gz
+APR(Apache Portable Runtime)のインストール~
++apr~
[[configureのヘルプ>aprのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12/srclib/apr
# ./configure --prefix=/usr/local/httpd-2.2.12/apr
# make
# make install
++apr-util~
[[configureのヘルプ>apr-utilのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12/srclib/apr-util
# ./configure --prefix=/usr/local/httpd-2.2.12/apr-util ...
# make
# make install
+コンパイル設定~
[[configureのヘルプ>apacheのconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.12
# ./configure \
> --prefix=/usr/local/httpd-2.2.12 \
> --enable-so \
> --enable-rewrite=shared \
> --enable-ssl=shared \
> --enable-dav=shared \
> --enable-dav-fs=shared \
> --with-ssl=/usr/local/ssl/ \
> --with-apr=/usr/local/httpd-2.2.12/apr \
> --with-apr-util=/usr/local/httpd-2.2.12/apr-util
+インストール~
# make
# make install
+シンボリックリンクの作成~
# ln -s /usr/local/httpd-2.2.12 /usr/local/apache2
*初期設定 [#kfb38bcf]
-''apacheユーザーの作成''~
apache専用のユーザーを作成する。ユーザー名はapache。
# groupadd apache
# useradd -g apache apache
-''httpd.confの設定''
# vi /usr/local/apache2/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#y927ec7a]
**認証局(CA)の構築 [#n2977593]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /usr/local/ssl
# cp misc/CA.sh .
# ./CA.sh -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for ./demoCA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/usr/local/ssl/demoCA/cacert.pem ← 自己署名型CA...
/usr/local/ssl/demoCA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /usr/local/ssl/demoCA/private/cakey.pem
# chmod 700 /usr/local/ssl/demoCA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /usr/local/ssl/demoCA/cacert.pem -text
**SSLサーバ構築 [#u23f20a0]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA demoCA/cacert.pem -CAkey demoCA/priva...
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/demoCA/private/cake...
(中略)
Sign the certificate? [y/n]: y ...
1 out of 1 certificate requests sertified, commit? [y/n]...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /usr/local/apache2/conf/ssl
# mv server.key /usr/local/apache2/conf/ssl
# mv server.crt /usr/local/apache2/conf/ssl
**Apacheへの埋め込み [#o5d36ec6]
-''httpd-ssl.confの設定''
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
↓
SSLCertificateFile "/usr/local/apache2/conf/ssl/server.c...
秘密鍵のパス
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
↓
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/serve...
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /usr/local/apache2/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/local/apache2/bin/apachectl configtest
Syntax OK
*起動 [#ta12cb87]
下記のコマンドで起動、停止、再起動を行う
# /usr/local/apache2/bin/apachectl start ← 起動
# /usr/local/apache2/bin/apachectl stop ← 停止
# /usr/local/apache2/bin/apachectl restart ← 再起動
*動作確認 [#b66c1940]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
*自動起動設定 [#vff481ec]
-''起動スクリプトのコピー''
# cp /usr/local/src/httpd-2.2.12/build/rpm/httpd.init /e...
-''起動スクリプトの編集''
# vi /etc/rc.d/init.d/httpd
apachectl=/usr/sbin/apachectl
↓
apachectl=/usr/local/apache2/bin/apachectl ← パスの変更
httpd=${HTTPD-/usr/sbin/httpd}
↓
httpd=${HTTPD-/usr/local/apache2/bin/httpd} ← パスの変更
(〜check13()の中〜)
CONFFILE=/etc/httpd/conf/httpd.conf
↓
CONFFILE=/usr/local/apache2/conf/httpd.conf ← パスの変更
-''実行権限を与えて自動起動設定''
# chmod 755 /etc/rc.d/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on ...
*他 [#ufc11d27]
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
