Apache 2.2.26(RPM)
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
''目次''
#contents
~
----
~
※[[RPM]]も参照の事。~
~
*準備 [#bdf7987c]
-インストール済みのパッケージを削除
# yum remove httpd apr apr-util
~
-[[APR 1.5.0(RPM)]] のインストール~
~
-[[APR-util 1.5.3(RPM)]] のインストール~
~
- distcache-devel のインストール~
リポジトリに含まれていない為,、 Fedora から SRPM を持って...
~
# su - rpmdevel
$ cd /home/rpmdevel/src
$ wget http://ftp.riken.jp/Linux/fedora/releases/18/Ever...
$ rpmbuild --rebuild distcache-1.4.5-23.src.rpm
$ cd /home/rpmdevel/rpm/RPMS/i686
$ sudo rpm -Uvh distcache-1.4.5-23.i686.rpm
$ sudo rpm -Uvh distcache-devel-1.4.5-23.i686.rpm
~
-必要なものを yum でインストールする
# yum -y install pcre-devel
~
*インストール [#x0b60073]
+ソースの取得~
# su - rpmdevel
$ cd /home/rpmdevel/src
$ wget http://ftp.riken.jp/net/apache/httpd/httpd-2.2.26...
~
+''RPMの作成''
$ rpmbuild -tb --clean httpd-2.2.26.tar.gz
~
+''インストール''
$ cd /home/rpmdevel/rpm/RPMS/i686
$ sudo rpm -Uvh httpd-2.2.26-1.i686.rpm
$ sudo rpm -Uvh httpd-devel-2.2.26-1.i686.rpm
$ sudo rpm -Uvh mod_ssl-2.2.26-1.i686.rpm
~
*初期設定 [#j2088014]
-''httpd.confの設定''
# vi /etc/httpd/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#ea529495]
**認証局(CA)の構築 [#qb4ba4f0]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /etc/pki/tls
# cp misc/CA .
# ./CA -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to '/etc/pki/CA/private/./cakey....
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for /etc/pki/CA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/etc/pki/CA/cacert.pem ← 自己署名型CA証明書~
/etc/pki/CA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /etc/pki/CA/private/cakey.pem
# chmod 700 /etc/pki/CA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /etc/pki/CA/cacert.pem -text
**SSLサーバ構築 [#p4db68bc]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA ../CA/cacert.pem -CAkey ../CA/private...
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem: ← ...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /etc/httpd/conf/ssl
# mv server.key /etc/httpd/conf/ssl
# mv server.crt /etc/httpd/conf/ssl
**Apacheへの埋め込み [#fb362adc]
-''httpd-ssl.confの設定''
# vi /etc/httpd/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/etc/httpd/conf/server.crt"
↓
SSLCertificateFile "/etc/httpd/conf/ssl/server.crt"
秘密鍵のパス
SSLCertificateKeyFile "/etc/httpd/conf/server.key"
↓
SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key"
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /etc/httpd/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/sbin/apachectl configtest
Syntax OK
*起動 [#l58249df]
下記のコマンドで起動、停止、再起動を行う
# /usr/sbin/apachectl start ← 起動
# /usr/sbin/apachectl stop ← 停止
# /usr/sbin/apachectl restart ← 再起動
*動作確認 [#z82ab4b3]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
~
*自動起動設定 [#l37381a1]
# chkconfig httpd on
~
*有効にしているモジュール [#ye1b3c2d]
大層な数のモジュールが動作しているので、下記に限定して他...
(とりあえず)~
LoadModule authz_host_module /usr/lib/httpd/modules/mod_...
→[[authz_host_module>http://httpd.apache.org/docs/2.2/ja/...
~
LoadModule log_config_module /usr/lib/httpd/modules/mod_...
→[[log_config_module>http://httpd.apache.org/docs/2.2/ja/...
~
LoadModule setenvif_module /usr/lib/httpd/modules/mod_se...
→[[setenvif_module>http://httpd.apache.org/docs/2.2/ja/mo...
~
LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so
→[[ssl_module>http://httpd.apache.org/docs/2.2/ja/mod/mod...
~
LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so
→[[mime_module>http://httpd.apache.org/docs/2.2/ja/mod/mo...
~
LoadModule dav_module /usr/lib/httpd/modules/mod_dav.so
→[[dav_module>http://httpd.apache.org/docs/2.2/ja/mod/mod...
~
LoadModule dav_fs_module /usr/lib/httpd/modules/mod_dav_...
→[[dav_fs_module>http://httpd.apache.org/docs/2.2/ja/mod/...
~
LoadModule rewrite_module /usr/lib/httpd/modules/mod_rew...
→[[rewrite_module>http://httpd.apache.org/docs/2.2/ja/mod...
~
LoadModule dav_svn_module /usr/lib/httpd/modules/mod_dav...
→[[dav_svn_module>http://www.caldron.jp/~nabetaro/svn/svn...
~
終了行:
''目次''
#contents
~
----
~
※[[RPM]]も参照の事。~
~
*準備 [#bdf7987c]
-インストール済みのパッケージを削除
# yum remove httpd apr apr-util
~
-[[APR 1.5.0(RPM)]] のインストール~
~
-[[APR-util 1.5.3(RPM)]] のインストール~
~
- distcache-devel のインストール~
リポジトリに含まれていない為,、 Fedora から SRPM を持って...
~
# su - rpmdevel
$ cd /home/rpmdevel/src
$ wget http://ftp.riken.jp/Linux/fedora/releases/18/Ever...
$ rpmbuild --rebuild distcache-1.4.5-23.src.rpm
$ cd /home/rpmdevel/rpm/RPMS/i686
$ sudo rpm -Uvh distcache-1.4.5-23.i686.rpm
$ sudo rpm -Uvh distcache-devel-1.4.5-23.i686.rpm
~
-必要なものを yum でインストールする
# yum -y install pcre-devel
~
*インストール [#x0b60073]
+ソースの取得~
# su - rpmdevel
$ cd /home/rpmdevel/src
$ wget http://ftp.riken.jp/net/apache/httpd/httpd-2.2.26...
~
+''RPMの作成''
$ rpmbuild -tb --clean httpd-2.2.26.tar.gz
~
+''インストール''
$ cd /home/rpmdevel/rpm/RPMS/i686
$ sudo rpm -Uvh httpd-2.2.26-1.i686.rpm
$ sudo rpm -Uvh httpd-devel-2.2.26-1.i686.rpm
$ sudo rpm -Uvh mod_ssl-2.2.26-1.i686.rpm
~
*初期設定 [#j2088014]
-''httpd.confの設定''
# vi /etc/httpd/conf/httpd.conf
ユーザーとグループの変更
User daemon
Group daemon
↓
User apache
Group apache
サーバー名の設定
ServerName www.example.com:80
↓
ServerName XXXXXXXXXXX:80
*SSL対応設定 [#ea529495]
**認証局(CA)の構築 [#qb4ba4f0]
-秘密鍵と証明書の作成~
CA.shという用意されたスクリプトを使用
# cd /etc/pki/tls
# cp misc/CA .
# ./CA -newca
CA certificate filename (or enter to create) ...
Making CA certificate ...
Generating a 1024 bit RSA private key
.....++++++
................++++++
writing new private key to '/etc/pki/CA/private/./cakey....
Enter PEM pass phrase: ...
Verifying password - Enter PEM pass phrase: ...
-----
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
Enter pass phrase for /etc/pki/CA/private/./cakey.pem: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
以上の処理により、~
~
/etc/pki/CA/cacert.pem ← 自己署名型CA証明書~
/etc/pki/CA/private/cakey.pem ← 秘密鍵~
~
が作成される。~
秘密鍵は他人に見られないように
# chmod 600 /etc/pki/CA/private/cakey.pem
# chmod 700 /etc/pki/CA/private
とパーミッションを設定しておく。~
証明書を確認するには以下のようにする。
# openssl x509 -in /etc/pki/CA/cacert.pem -text
**SSLサーバ構築 [#p4db68bc]
-サーバ秘密鍵の作成
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modules
.............++++++
....++++++
e is 65537 (0x10001)
確認
# ls
server.key
-証明書署名要求(CSR)の作成
# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will...
into your certificate request.
What you are about to enter is what is called a Distingu...
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: ...
State or Province Name (full name) [Some-State]: ...
Locality Name (eg, city) []: ...
Organization Name (eg, company) [Internet Widgits Pty Lt...
Organizational Unit Name (eg, section) []: ...
Common Name (eg, YOUR name) []: ...
Email Address []: ...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ...
An optional company name []: ...
(※)サーバのURL(またはサーバ名?)にしないとApacheLogに警...
確認
# ls
server.key server.csr
-証明書への自己署名
# echo 01 > ca-cert.srl
# openssl x509 -CA ../CA/cacert.pem -CAkey ../CA/private...
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem: ← ...
確認
# ls
server.key server.csr server.crt
秘密鍵と証明書を移動する。
# mkdir /etc/httpd/conf/ssl
# mv server.key /etc/httpd/conf/ssl
# mv server.crt /etc/httpd/conf/ssl
**Apacheへの埋め込み [#fb362adc]
-''httpd-ssl.confの設定''
# vi /etc/httpd/conf/extra/httpd-ssl.conf
サーバー名
<VirtualHost _default_:443>
ServerName www.example.com:443
↓
ServerName XXXXXXXXXXXXXXX:443
サーバー証明書のパス
SSLCertificateFile "/etc/httpd/conf/server.crt"
↓
SSLCertificateFile "/etc/httpd/conf/ssl/server.crt"
秘密鍵のパス
SSLCertificateKeyFile "/etc/httpd/conf/server.key"
↓
SSLCertificateKeyFile "/etc/httpd/conf/ssl/server.key"
-''httpd.confの設定''
SSL用設定ファイルの有効化
# vi /etc/httpd/conf/httpd.conf
SSL設定ファイルのリンク
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
↓
Include conf/extra/httpd-ssl.conf ← コメント外す
確認
# /usr/sbin/apachectl configtest
Syntax OK
*起動 [#l58249df]
下記のコマンドで起動、停止、再起動を行う
# /usr/sbin/apachectl start ← 起動
# /usr/sbin/apachectl stop ← 停止
# /usr/sbin/apachectl restart ← 再起動
*動作確認 [#z82ab4b3]
http,httpsでそれぞれアクセスし「It works!」が表示されれば...
~
*自動起動設定 [#l37381a1]
# chkconfig httpd on
~
*有効にしているモジュール [#ye1b3c2d]
大層な数のモジュールが動作しているので、下記に限定して他...
(とりあえず)~
LoadModule authz_host_module /usr/lib/httpd/modules/mod_...
→[[authz_host_module>http://httpd.apache.org/docs/2.2/ja/...
~
LoadModule log_config_module /usr/lib/httpd/modules/mod_...
→[[log_config_module>http://httpd.apache.org/docs/2.2/ja/...
~
LoadModule setenvif_module /usr/lib/httpd/modules/mod_se...
→[[setenvif_module>http://httpd.apache.org/docs/2.2/ja/mo...
~
LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so
→[[ssl_module>http://httpd.apache.org/docs/2.2/ja/mod/mod...
~
LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so
→[[mime_module>http://httpd.apache.org/docs/2.2/ja/mod/mo...
~
LoadModule dav_module /usr/lib/httpd/modules/mod_dav.so
→[[dav_module>http://httpd.apache.org/docs/2.2/ja/mod/mod...
~
LoadModule dav_fs_module /usr/lib/httpd/modules/mod_dav_...
→[[dav_fs_module>http://httpd.apache.org/docs/2.2/ja/mod/...
~
LoadModule rewrite_module /usr/lib/httpd/modules/mod_rew...
→[[rewrite_module>http://httpd.apache.org/docs/2.2/ja/mod...
~
LoadModule dav_svn_module /usr/lib/httpd/modules/mod_dav...
→[[dav_svn_module>http://www.caldron.jp/~nabetaro/svn/svn...
~
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
