close

Apache Web Server

Packages: httpd, httpd-devel, httpd-manual
Daemon: /usr/sbin/httpd
Scripts: /etc/init.d/httpd
Ports: 80(http), 443(https)
Conriguration: /etc/httpd/*, /var/www/*
Related: mod_ssl (for https)

%SElinux
所有/var/www/html/* 下的指紋都必須符合, 才能在Web Server上正常顯示
若有新增file必須執行 restorecon, 寫回正確的指紋
#restorecon -R /var/www/html
或手動更改指紋
#semanage fcontext -l |grep /var/www/html
#chcon -t XXXX a.file

%iptables必須開放Ports: 80, 443

%User個人網頁預設放在 $Home/public_html
(新增檔案後, 記得要執行#restorecon, 才可以正常顯示)
(#chmod 701 /home/student/ [給其他user:x的權限, 有cd的權限, other user才可以進入public.html]

1. Apache Encrypted Web Server
SSL: https(443)
Packages: mod_ssl
/etc/httpd/conf.d/ssl.conf

Encryption Configuration:
certificate: /etc/pki/tls/certs/your-host.crt
private key: /etc/pki/tls/certs/your-host.key

generation
#cd /etc/pki/tls/certs
#make testcert.crt
[root@server118 certs]# make testcert.crt
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > testcert.key
Generating RSA private key, 1024 bit long modulus
.......++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase: [enter your password]
Verifying - Enter pass phrase: [enter your password]
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key testcert.key -x509 -days 365 -out testcert.crt -set_serial 0
Enter pass phrase for testcert.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:Example,Inc.
Organizational Unit Name (eg, section) []:MisGroup
Common Name (eg, your name or your server's hostname) []:server118.example.com
Email Address []:root@server118.example.com

#vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/testcert.crt
SSLCertificateKeyFile /etc/pki/tls/certs/testcert.key

重新啟動httpd
[root@server118 certs]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server server118.example.com:443 (RSA)
Enter pass phrase: [enter you password]

OK: Pass Phrase Dialog successful.
[ OK ]


arrow
arrow
    全站熱搜
    創作者介紹
    創作者 aquatower 的頭像
    aquatower

    2006隨手札記

    aquatower 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄