Linuxでapacheをインストール、バーチャルホスト、SSLの設定
1.yumでhttpdをインストール
yum install httpd
構成ファイルを設定
vim /etc/httpd/conf/httpd.conf
ServerName ホスト名:80
apacheが起動
service httpd start
2.ファイルのアクセス権限を設定
2.1 ディレクトリを作成
cd /var/www/html
mkdir admin
mkdir blog
vim blog/index.html
welcome to tokyo
vim /etc/httpd/conf/httpd.conf
<Directory “/var/www/html/admin">
Options none
Allowoverride AuthConfig
AuthType Basic
AuthName “ログイン情報"
AuthUserFile /etc/httpd/conf/.httpasswd
Require valid-user
</Directory>
ユーザー名とパスワードを設定
htpasswd -c -m /etc/httpd/conf/.httpasswd startnews24_user
startnews24_user
startnews24_user
htpasswd -m /etc/httpd/conf/.httpasswd startnews24_pwd
startnews24_pwd
startnews24_pwd
httpdが再起動
service httpd reload
3.グループのアクセス権限を設定
vim /etc/httpd/conf/.httpgroup
test_startnews24:startnews24_user
2の設定ファイルを変更
vim /etc/httpd/conf/httpd.conf
<Directory “/var/www/html/admin">
Options none
Allowoverride AuthConfig
AuthType Basic
AuthName “ログイン情報"
AuthUserFile /etc/httpd/conf/.httpasswd
AuthGroupFile /etc/httpd/conf/.httpgroup
Require group test_starttnews24
</Directory>
httpdが再起動
service httpd reload
4.ポートに基づいてバーチャルホストを設定
vim /etc/httpd/conf/httpd.conf
//追記
Listen 8080 //8080を開放
#DocumentRoot “/var/www/html"
<VirtualHost 172.16.229.25:80>
ServerName sns.arkgame.com
DocumentRoot “/web/hosta"
</VirtualHost>
<VirtualHost 172.16.229.25:8080>
ServerName sns.arkgame.com
DocumentRoot “/web/hostb"
</VirtualHost>
設定ファイルの文法をチェックする
httpd -t
必要なディレクトリとテストファイルを作成
mkdir -pv /web/host{a,b}
vim /web/hosta/index.html
hosta 豚肉秋以後も高値
vim /web/hostb/index.html
hostb 消費低迷浮き彫り
httpdが再起動
service httpd restart
5.SSlに基づいて設定
CAを作成
[root@jsh ~]# cd /etc/pki/CA/
キーファイルを作成
[root@jsh CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
自己署名証明書を作成
[root@jsh CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1000
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:shinaka
Organization Name (eg, company) [Default Company Ltd]:startnews24
Organizational Unit Name (eg, section) []:startnews24
Common Name (eg, your name or your server’s hostname) []:caserver.arkgame.com
Email Address []:
初期化
[root@jsh CA]# touch serial index.txt
[root@jsh CA]# echo 00 > serial
別のhttpサーバーでキーファイルを作成
[root@jsh ~]# cd /etc/httpd/
[root@jsh httpd]# mkdir ssl
[root@jsh httpd]# cd ssl
[root@jsh ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
要求説明書を作成
[root@jsh ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:startnews24
Organizational Unit Name (eg, section) []:startnews24
Common Name (eg, your name or your server’s hostname) []:startnews24
Email Address []:
Please enter the following 'extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
証明書を署名
[root@jsh ssl]# openssl ca -in httpd.csr -out httpd.crt -days 1000
設定ファイルを編集
[root@jsh ssl]# cd /etc/httpd/conf.d/
[root@jsh conf.d]# vim ssl.conf
443ポートをリスニング
SSLCertificateFile/etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile/etc/httpd/ssl/httpd.key
DocumentRoot “/web/vhosta"
[root@jsh conf.d]#