Apache 2.2.21
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
''目次''
#contents
~
----
*準備 [#bf506fb8]
-JAPAN APACHE USERS GROUP -- http://www.apache.jp/~
ソース:httpd-2.2.21.tar.gz
*インストール [#ifd4713f]
+ソースの取得~
/usr/local/srcにhttpd-2.2.21.tar.gzを取得。
# wget -P /usr/local/src http://www.ring.gr.jp/archives/...
+ソースの解凍~
/usr/local/srcにhttpd-2.2.21フォルダが作成される。
# cd /usr/local/src
# tar zxvf httpd-2.2.21.tar.gz
+APR(Apache Portable Runtime)のインストール~
++apr(1.4.5)~
[[configureのヘルプ>apr-1.4.5のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21/srclib/apr
# ./configure --prefix=/usr/local/httpd-2.2.21/apr
# make
# make install
++apr-util(1.3.12)~
[[configureのヘルプ>apr-util-1.3.12のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21/srclib/apr-util
# ./configure --prefix=/usr/local/httpd-2.2.21/apr-util ...
# make
# make install
+コンパイル設定~
[[configureのヘルプ>httpd-2.2.21のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21
# ./configure \
> --prefix=/usr/local/httpd-2.2.21 \
> --enable-so \
> --enable-rewrite=shared \
> --enable-dav=shared \
> --enable-dav-fs=shared \
> --enable-dav-lock=shared \
> --enable-ssl=shared \
> --with-ssl=/usr/local/ssl/ \
> --with-apr=/usr/local/httpd-2.2.21/apr \
> --with-apr-util=/usr/local/httpd-2.2.21/apr-util
+インストール~
# make
# make install
+シンボリックリンクの作成~
# ln -s /usr/local/httpd-2.2.21 /usr/local/apache2
*初期設定 [#padbc3f5]
-''apacheユーザーの作成''~
apache専用のユーザーを作成する。ユーザー名はapache。
# groupadd apache
# useradd -g apache apache
-''httpd.confの設定''
# vi /usr/local/apache2/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#jd5686d3]
**認証局(CA)の構築 [#o83fff79]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /usr/local/ssl
# cp misc/CA.sh .
# ./CA.sh -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for ./demoCA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/usr/local/ssl/demoCA/cacert.pem ← 自己署名型CA...
/usr/local/ssl/demoCA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /usr/local/ssl/demoCA/private/cakey.pem
# chmod 700 /usr/local/ssl/demoCA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /usr/local/ssl/demoCA/cacert.pem -text
**SSLサーバ構築 [#v775bffe]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA demoCA/cacert.pem -CAkey demoCA/priva...
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/demoCA/private/cake...
(中略)
Sign the certificate? [y/n]: y ...
1 out of 1 certificate requests sertified, commit? [y/n]...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /usr/local/apache2/conf/ssl
# mv server.key /usr/local/apache2/conf/ssl
# mv server.crt /usr/local/apache2/conf/ssl
**Apacheへの埋め込み [#va60a738]
-''httpd-ssl.confの設定''
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
↓
SSLCertificateFile "/usr/local/apache2/conf/ssl/server.c...
秘密鍵のパス
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
↓
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/serve...
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /usr/local/apache2/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/local/apache2/bin/apachectl configtest
Syntax OK
*起動 [#hc2eda9e]
下記のコマンドで起動、停止、再起動を行う
# /usr/local/apache2/bin/apachectl start ← 起動
# /usr/local/apache2/bin/apachectl stop ← 停止
# /usr/local/apache2/bin/apachectl restart ← 再起動
*動作確認 [#ybd5d995]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
*自動起動設定 [#i5e47ca8]
-''起動スクリプトのコピー''
# cp /usr/local/src/httpd-2.2.21/build/rpm/httpd.init /e...
-''起動スクリプトの編集''~
[[デフォルト起動スクリプト>デフォルト起動スクリプト Apach...
# vi /etc/rc.d/init.d/httpd
httpd=${HTTPD-/usr/sbin/httpd}
↓
httpd=${HTTPD-/usr/local/apache2/bin/httpd} ← パスの変更
(〜check13()の中〜)
CONFFILE=/etc/httpd/conf/httpd.conf
↓
CONFFILE=/usr/local/apache2/conf/httpd.conf ← パスの変更
-''実行権限を与えて自動起動設定''
# chmod 755 /etc/rc.d/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on ...
*他 [#g59cce4a]
**''STOPに失敗する'' [#m00d1437]
上記の手順でインストールするとhttpdスクリプトでstopさせる...
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# /etc/rc.d/init.d/httpd stop
httpd を停止中: ...
~
pidファイルの位置が違っているのが原因みたい。~
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# find / -name *.pid
/var/run/abrtd.pid
/var/run/syslogd.pid
/var/run/sshd.pid
/var/run/crond.pid
/var/run/messagebus.pid
/var/run/haldaemon.pid
/usr/local/httpd-2.2.21/logs/httpd.pid ← ここにpidフ...
httpd起動スクリプトでは
pidfile=${PIDFILE-/var/log/httpd/${prog}.pid}
と記述されている。~
''[[Apache HTTP サーバ バージョン 2.2 ドキュメント>http:/...
httpd.confには記述が無いので追加する。~
# vi /usr/local/apache2/conf/httpd.conf
PidFile /var/run/httpd.pid ← Server...
httpd起動スクリプトも修正する。
# vi /etc/rc.d/init.d/httpd
#pidfile=${PIDFILE-/var/log/httpd/${prog}.pid} ← コメン...
pidfile=${PIDFILE-/var/run/httpd.pid} ← 追加
テスト
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# find / -name *.pid
/var/run/abrtd.pid
/var/run/syslogd.pid
/var/run/sshd.pid
/var/run/crond.pid
/var/run/httpd.pid ←
/var/run/messagebus.pid
/var/run/haldaemon.pid
# /etc/rc.d/init.d/httpd stop
httpd を停止中: ...
~
**''STOPに失敗する その2'' [#a50e6c04]
conf/extra/httpd-mpm.confにPidFileディレクティブの記述が...
httpd-mpm.confでPidFileのパスを修正し、httpd.confでextra/...
# vi /usr/local/apache2/conf/extra/httpd-mpm.conf
#PidFile "logs/httpd.pid"
↓
PidFile "/var/run/httpd.pid"
#LockFile "logs/httpd/accept.lock"
↓
LockFile "/var/lock/subsys/httpd"
# vi /usr/local/apache2/conf/httpd.conf
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
↓
Include conf/extra/httpd-mpm.conf ← コメント外す
httpd起動スクリプトの修正は同じ。
終了行:
''目次''
#contents
~
----
*準備 [#bf506fb8]
-JAPAN APACHE USERS GROUP -- http://www.apache.jp/~
ソース:httpd-2.2.21.tar.gz
*インストール [#ifd4713f]
+ソースの取得~
/usr/local/srcにhttpd-2.2.21.tar.gzを取得。
# wget -P /usr/local/src http://www.ring.gr.jp/archives/...
+ソースの解凍~
/usr/local/srcにhttpd-2.2.21フォルダが作成される。
# cd /usr/local/src
# tar zxvf httpd-2.2.21.tar.gz
+APR(Apache Portable Runtime)のインストール~
++apr(1.4.5)~
[[configureのヘルプ>apr-1.4.5のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21/srclib/apr
# ./configure --prefix=/usr/local/httpd-2.2.21/apr
# make
# make install
++apr-util(1.3.12)~
[[configureのヘルプ>apr-util-1.3.12のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21/srclib/apr-util
# ./configure --prefix=/usr/local/httpd-2.2.21/apr-util ...
# make
# make install
+コンパイル設定~
[[configureのヘルプ>httpd-2.2.21のconfigureヘルプ]]
# cd /usr/local/src/httpd-2.2.21
# ./configure \
> --prefix=/usr/local/httpd-2.2.21 \
> --enable-so \
> --enable-rewrite=shared \
> --enable-dav=shared \
> --enable-dav-fs=shared \
> --enable-dav-lock=shared \
> --enable-ssl=shared \
> --with-ssl=/usr/local/ssl/ \
> --with-apr=/usr/local/httpd-2.2.21/apr \
> --with-apr-util=/usr/local/httpd-2.2.21/apr-util
+インストール~
# make
# make install
+シンボリックリンクの作成~
# ln -s /usr/local/httpd-2.2.21 /usr/local/apache2
*初期設定 [#padbc3f5]
-''apacheユーザーの作成''~
apache専用のユーザーを作成する。ユーザー名はapache。
# groupadd apache
# useradd -g apache apache
-''httpd.confの設定''
# vi /usr/local/apache2/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#jd5686d3]
**認証局(CA)の構築 [#o83fff79]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /usr/local/ssl
# cp misc/CA.sh .
# ./CA.sh -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for ./demoCA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/usr/local/ssl/demoCA/cacert.pem ← 自己署名型CA...
/usr/local/ssl/demoCA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /usr/local/ssl/demoCA/private/cakey.pem
# chmod 700 /usr/local/ssl/demoCA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /usr/local/ssl/demoCA/cacert.pem -text
**SSLサーバ構築 [#v775bffe]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA demoCA/cacert.pem -CAkey demoCA/priva...
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for /usr/local/ssl/demoCA/private/cake...
(中略)
Sign the certificate? [y/n]: y ...
1 out of 1 certificate requests sertified, commit? [y/n]...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /usr/local/apache2/conf/ssl
# mv server.key /usr/local/apache2/conf/ssl
# mv server.crt /usr/local/apache2/conf/ssl
**Apacheへの埋め込み [#va60a738]
-''httpd-ssl.confの設定''
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
↓
SSLCertificateFile "/usr/local/apache2/conf/ssl/server.c...
秘密鍵のパス
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
↓
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/serve...
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /usr/local/apache2/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/local/apache2/bin/apachectl configtest
Syntax OK
*起動 [#hc2eda9e]
下記のコマンドで起動、停止、再起動を行う
# /usr/local/apache2/bin/apachectl start ← 起動
# /usr/local/apache2/bin/apachectl stop ← 停止
# /usr/local/apache2/bin/apachectl restart ← 再起動
*動作確認 [#ybd5d995]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
*自動起動設定 [#i5e47ca8]
-''起動スクリプトのコピー''
# cp /usr/local/src/httpd-2.2.21/build/rpm/httpd.init /e...
-''起動スクリプトの編集''~
[[デフォルト起動スクリプト>デフォルト起動スクリプト Apach...
# vi /etc/rc.d/init.d/httpd
httpd=${HTTPD-/usr/sbin/httpd}
↓
httpd=${HTTPD-/usr/local/apache2/bin/httpd} ← パスの変更
(〜check13()の中〜)
CONFFILE=/etc/httpd/conf/httpd.conf
↓
CONFFILE=/usr/local/apache2/conf/httpd.conf ← パスの変更
-''実行権限を与えて自動起動設定''
# chmod 755 /etc/rc.d/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on ...
*他 [#g59cce4a]
**''STOPに失敗する'' [#m00d1437]
上記の手順でインストールするとhttpdスクリプトでstopさせる...
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# /etc/rc.d/init.d/httpd stop
httpd を停止中: ...
~
pidファイルの位置が違っているのが原因みたい。~
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# find / -name *.pid
/var/run/abrtd.pid
/var/run/syslogd.pid
/var/run/sshd.pid
/var/run/crond.pid
/var/run/messagebus.pid
/var/run/haldaemon.pid
/usr/local/httpd-2.2.21/logs/httpd.pid ← ここにpidフ...
httpd起動スクリプトでは
pidfile=${PIDFILE-/var/log/httpd/${prog}.pid}
と記述されている。~
''[[Apache HTTP サーバ バージョン 2.2 ドキュメント>http:/...
httpd.confには記述が無いので追加する。~
# vi /usr/local/apache2/conf/httpd.conf
PidFile /var/run/httpd.pid ← Server...
httpd起動スクリプトも修正する。
# vi /etc/rc.d/init.d/httpd
#pidfile=${PIDFILE-/var/log/httpd/${prog}.pid} ← コメン...
pidfile=${PIDFILE-/var/run/httpd.pid} ← 追加
テスト
# /etc/rc.d/init.d/httpd start
httpd を起動中: ...
# find / -name *.pid
/var/run/abrtd.pid
/var/run/syslogd.pid
/var/run/sshd.pid
/var/run/crond.pid
/var/run/httpd.pid ←
/var/run/messagebus.pid
/var/run/haldaemon.pid
# /etc/rc.d/init.d/httpd stop
httpd を停止中: ...
~
**''STOPに失敗する その2'' [#a50e6c04]
conf/extra/httpd-mpm.confにPidFileディレクティブの記述が...
httpd-mpm.confでPidFileのパスを修正し、httpd.confでextra/...
# vi /usr/local/apache2/conf/extra/httpd-mpm.conf
#PidFile "logs/httpd.pid"
↓
PidFile "/var/run/httpd.pid"
#LockFile "logs/httpd/accept.lock"
↓
LockFile "/var/lock/subsys/httpd"
# vi /usr/local/apache2/conf/httpd.conf
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
↓
Include conf/extra/httpd-mpm.conf ← コメント外す
httpd起動スクリプトの修正は同じ。
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
