Ṣiṣẹda Awọn ogun ti o foju, Ṣe ina Awọn iwe-ẹri SSL & Awọn bọtini ati Mu Ẹnu-ọna CGI ṣiṣẹ ni Linux Linux
Ikẹkọ ti o kẹhin lori Fifi atupa ni Gentoo Linux kan kan bo ilana ilana fifi sori ẹrọ laisi awọn eto afikun ti o wa fun Apache lati ṣakoso awọn ibugbe rẹ daradara.
Ikẹkọ yii ni asopọ pẹkipẹki pẹlu iṣaaju lori Gentoo LAMP ati ijiroro awọn eto afikun fun LAMP ayika bii ṣiṣẹda Awọn alejo gbigba Foju lori Apache, ṣe ina > SSL Awọn faili ijẹrisi ati Awọn bọtini, mu aabo aabo SSL ṣiṣẹ lori awọn iṣowo HTTP ati lo Apache CGI Gateway nitorinaa o le ṣiṣe Perl tabi Awọn iwe afọwọkọ Bash lori oju opo wẹẹbu rẹ.
- Fi atupa sori ẹrọ ni Linux Linux
Igbesẹ 1: Ṣẹda Awọn ile-iṣẹ foju Afun
Koko yii lo orukọ ìkápá iro - gentoo.lan - ti ṣiṣẹ nipasẹ faili awọn alejo agbegbe, pẹlu awọn faili aaye ayelujara ti a ṣiṣẹ lati /var/www/gentoo.lan - DocumentRoot itọsọna, laisi igbasilẹ DNS ti o wulo, lati ṣe afihan bi o ṣe le jẹ ki Awọn ogun Agbaye pupọ ṣiṣẹ lori Gentoo nipa lilo Apamọ wẹẹbu Apache.
1. Lati bẹrẹ, ṣii faili awọn ọmọ-ogun Gentoo fun ṣiṣatunkọ ati ṣafikun laini tuntun pẹlu orukọ ibugbe rẹ.
$ sudo nano /etc/hosts
Ni opin faili naa jẹ ki o dabi iru eyi.
127.0.0.1 localhost gentoo 192.168.1.13 gentoo.lan
2. Ṣe idanwo ibi-aṣẹ iro rẹ pẹlu pipaṣẹ ping ati pe agbegbe naa yẹ ki o dahun pẹlu adirẹsi IP rẹ.
$ ping -c2 gentoo.lan
3. Ilana ti Ṣiṣẹ Awọn ogun Foju Apẹẹrẹ jẹ ohun rọrun. O kan ṣii faili awọn ọmọ ogun foju fojuṣe Apache ti o wa lori ọna /etc/apache2/vhosts.d/ ọna ati ṣaaju alaye to kẹhin, tẹ asọye Alejo Foju tuntun rẹ ti o wa labẹ … awọn itọsọna. c
Ti o ni awọn eto aṣa rẹ bi ServerName ati ọna DocumentRoot . Lo awoṣe faili atẹle bi itọsọna fun Ile-iṣẹ foju Foju tuntun ati ṣafikun lori faili 00_default_vhost.conf (fun awọn aaye ayelujara ti kii ṣe SSL).
$ sudo nano /etc/apache2/vhosts.d/00_default_vhost.conf
## Another Virtual hosts statemes ending in </VirtualHost> ###
<VirtualHost *:80>
ServerName gentoo.lan
DocumentRoot "/var/www/gentoo.lan"
<Directory "/var/www/gentoo.lan"
Options Indexes FollowSymLinks ExecCGI MultiViews
# AllowOverride controls what directives may be placed in .htaccess files.
AllowOverride All
# Controls who can get stuff from this server file
Order allow,deny
Allow from all
</Directory>
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>
</VirtualHost>
## Another Virtual hosts statemes ###
## LAST STATEMENT which closes virtual hosts file ##
</IfDefine>
Bi o ṣe le rii nipa wiwo ojulowo akoonu faili yii, faili naa ni asọye gaan pẹlu awọn alaye ati pe o tun tọju localhost Itumọ Olugbe Foju - eyiti o le lo bi itọsọna kan.
4. Lẹhin ti pari faili ṣiṣatunkọ pẹlu aṣa Alejo ti aṣa rẹ, tun bẹrẹ Apache lati lo awọn eto ati rii daju pe o ṣẹda DocumentRoot itọsọna bi o ba jẹ pe o ti yipada itọsọna yii ati pe ọna naa ko si tẹlẹ nipasẹ aiyipada (ni a ti yi ẹjọ yii pada si /var/www/gentoo.lan ). Mo ti tun ṣẹda faili PHP kekere kan lati ṣe idanwo awọn atunto webserver.
$ sudo mkdir /var/www/gentoo.lan $ su "echo '<?php phpinfo(); ?>' > /var/www/gentoo.lan/info.php" $ sudo /etc/init.d/apache2 restart
5. Lati ṣayẹwo rẹ, ṣii ẹrọ aṣawakiri kan ki o tọka si orukọ ašẹ rẹ foju http://gentoo.lan/info.php .
Lilo ilana yii o le ṣafikun ọpọlọpọ awọn oju opo wẹẹbu ti kii ṣe SSL bi o ṣe fẹ ni lilo Awọn alejo gbigba Apache, ṣugbọn fun ẹrọ ti nkọju si Intanẹẹti gidi ni idaniloju pe o ti forukọsilẹ awọn ibugbe rẹ ati pe o lo awọn igbasilẹ olupin DNS to wulo.
Lati yọ Alejo Foju kan ṣe asọye tabi pa awọn itọsọna rẹ ti o wa labẹ … lori faili 00_default_vhost.conf .
Igbesẹ 2: Genereate Awọn iwe-ẹri SSL ati Awọn bọtini fun Awọn alejo gbigba foju
SSL jẹ ilana-iṣe cryptographic kan ti a lo lati ṣe paṣipaarọ alaye lori ikanni ibaraẹnisọrọ to ni aabo ni Intanẹẹti tabi inu awọn nẹtiwọọki nipa lilo Awọn iwe-ẹri ati aami-ori/Awọn aami asymmetric.
6. Lati ṣe simplify Awọn iwe-ẹri ati ilana iran awọn bọtini lo iwe afọwọkọ Bash wọnyi ti o ṣe bi aṣẹ kan ati ṣẹda laifọwọyi gbogbo ohun ti o nilo pẹlu awọn eto orukọ orukọ-ašẹ SSL rẹ.
Akọkọ bẹrẹ nipa ṣiṣẹda iwe afọwọkọ Bash nipa lilo pipaṣẹ atẹle.
$ sudo nano /usr/local/bin/apache_gen_ssl
Ṣafikun akoonu faili atẹle.
#!/bin/bash mkdir /etc/apache2/ssl cd /etc/apache2/ssl echo -e "Enter a name for this certificate:\nEx: mydomain.lan" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate $cert has been generated!\nPlease link it to Apache SSL website!" ls -all /etc/apache2/ssl/ exit 0
7. Lẹhin ti a ti ṣẹda faili, append ṣiṣẹ awọn igbanilaaye lori rẹ ki o ṣiṣẹ lati ṣe ina Awọn bọtini SSL ati Awọn iwe-ẹri.
$ sudo chmod +x /usr/local/bin/apache_gen_ssl $ sudo apache_gen_ssl
Nigbati o ba ṣiṣẹ ni igba akọkọ, yoo beere lọwọ rẹ lati tẹ orukọ ašẹ rẹ sii. Tẹ orukọ ašẹ rẹ sii fun eyiti o ṣe agbekalẹ awọn eto SSL ki o fọwọsi Ijẹrisi pẹlu alaye ti a beere, eyi ti o ṣe pataki julọ, Orukọ Tuntun , lo olupin rẹ FQDN.
Ipo aiyipada nibiti gbogbo Awọn iwe-ẹri ati Awọn bọtini rẹ ti gbalejo nipa lilo ọna yii jẹ /etc/apache2/ssl/.
8. Bayi o to akoko lati ṣẹda gentoo.lan Foju Gbalejo SSL deede. Lo ọna kanna bii fun Awọn alejo gbigba Aṣoju ti kii ṣe SSL ṣugbọn ṣiṣatunkọ akoko yii /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf faili pẹlu awọn ayipada diẹ.
Ni akọkọ ṣii faili fun ṣiṣatunkọ ati ṣe awọn ayipada wọnyi.
$ sudo nano /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf
Labẹ itọsọna Tẹtisi 443 ṣafikun akoonu atẹle.
NameVirtualHost *:443
Lo awoṣe atẹle fun Alejo Foju tuntun kan ki o si fi SSL ijẹrisi + Ọna bọtini ati awọn orukọ kun.
## Another Virtual hosts statemes ending in </VirtualHost> ###
<VirtualHost *:443>
ServerName gentoo.lan
DocumentRoot "/var/www/gentoo.lan"
ErrorLog /var/log/apache2/gentoo.lan-ssl_error_log
<IfModule log_config_module>
TransferLog /var/log/apache2/gentoo.lan-ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
## Edit with new generated SSL certificate and key and change path to /etc/apache2/ssl/
SSLCertificateFile /etc/apache2/ssl/gentoo.lan.crt
SSLCertificateKeyFile /etc/apache2/ssl/gentoo.lan.key
<Directory "/var/www/gentoo.lan">
Options Indexes FollowSymLinks ExecCGI MultiViews Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/gentoo.lan ">
SSLOptions +StdEnvVars
</Directory>
<IfModule setenvif_module>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule log_config_module>
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
## Another Virtual hosts statements ###
Awọn asọye Awọn ọmọ ogun foju gbọdọ pari ṣaaju awọn alaye mẹta to kẹhin yii.
</IfModule> </IfDefine> </IfDefine>
9. Lẹhin ti pari ṣiṣatunkọ faili Oluṣakoso Foju, tun bẹrẹ iṣẹ Apache ki o ṣe itọsọna aṣawakiri rẹ si agbegbe rẹ ni lilo ilana HTTPS https: //gentoo.lan .
$ sudo /etc/init.d/apache2 restart
Lilo ilana yii, o le ṣafikun awọn oju opo wẹẹbu SSL pẹlu awọn Iwe-ẹri tiwọn ati Awọn bọtini ni lilo Awọn agbalejo foju Afun. Lati yọ awọn ile-iṣẹ foju foju ṣe asọye jade tabi paarẹ awọn itọsọna rẹ ti o wa labẹ … lori faili /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf faili.
Igbesẹ 3: Jeki Ọlọpọọmídíà CGI
Awọn CGI ( Iboju Ọna Iwọle Gbangba ) o fun Apache laaye lati ṣe pẹlu awọn eto itagbangba, akọkọ ti o wa ninu awọn iwe afọwọkọ Perl tabi BASH, eyiti o le ṣafikun akoonu ti o ni agbara si oju opo wẹẹbu rẹ.
10. Ṣaaju ki o to muu ẹnu-ọna CGI ṣiṣẹ rii daju pe a kojọpọ Apache pẹlu LILO CGI awọn asulu atilẹyin awọn modulu lori Portage make.conf faili: cgi cgid Lati jẹki atilẹyin GCI fun Apache ṣii /etc/conf.d/apache2 faili ki o fi modulu CGI sii lori ila APACHE2_OPTS .
$ sudo nano /etc/conf.d/apache2
Rii daju pe laini yii ni akoonu kanna.
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D STATUS -D CGI"
11. Lẹhin ti a ti mu awọn modulu CGI ṣiṣẹ, ṣii ile-iṣẹ asọye oju opo wẹẹbu rẹ ti o fẹ lati mu ki wiwo CGI ṣiṣẹ ki o ṣafikun akoonu atẹle ni inu awọn itọsọna Gbalejo foju.
<Directory "/var/www/gentoo.lan">
Options Indexes +ExecCGI MultiViews
AddHandler cgi-script .cgi .pl
DirectoryIndex index.cgi index.php index.html index.pl
AllowOverride All
Order allow,deny
Allow from all
</Directory>
12. Ti o ba ni itọsọna inu DocumentRoot rẹ ( /var/www/gentoo.lan/ ) ọna ti o mu awọn iwe afọwọkọ CGI ṣiṣẹ o le mu ki itọsọna yẹn nikan ṣiṣẹ fun awọn iwe afọwọkọ Perl tabi Bash.
ScriptAlias /cgi-bin/ /var/www/gentoo.lan/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
AddHandler cgi-script .cgi .pl
DirectoryIndex index.cgi index.php index.html index.pl
</Location>13. Fun SSI (Apakan Server Pẹlu) ṣafikun + Pẹlu alaye lori Awọn aṣayan ki o ṣafikun .shtml faili itẹsiwaju.
<Directory "/var/www/gentoo.lan">
Options Indexes +ExecCGI +Includes
AddHandler cgi-script .cgi .pl
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
DirectoryIndex index.shtml index.cgi index.pl index.php index.html
AllowOverride All
Order allow,deny
Allow from all
</Directory>14. Lati ṣe idanwo diẹ ninu awọn iwe afọwọkọ .cgi ati .pl lori ẹnu-ọna CGI afun ni ṣẹda awọn iwe afọwọkọ wọnyi ninu rẹ Virtual Host DocumentRoot (/var/www/gentoo. lan/).
$ sudo nano /var/www/gentoo.lan/env.pl
Ṣafikun akoonu Perl wọnyi.
#!/usr/bin/perl
print "Content-type: text/html\n\n"; foreach my $keys (sort keys %ENV) { print "$keys =
$ENV{$keys}<br/>\n";
}$ sudo nano /var/www/gentoo.lan/run.cgi
Ṣafikun akoonu Bash wọnyi.
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "---------------------------------------------------------------------------------"
./env.pl
echo "---------------------------------------------------------------------------------"15. Lẹhin ti a ti ṣẹda awọn faili, jẹ ki wọn ṣiṣẹ, tun bẹrẹ daemon Apache ki o tọka aṣawakiri rẹ si awọn URL wọnyi.
$ sudo chmod +x /var/www/gentoo.lan/run.cgi $ sudo chmod +x /var/www/gentoo.lan/env.pl $ sudo /etc/init.d/apache2 restart
https://gentoo.lan/run.cgi OR https://gentoo.lan/env.pl
Bayi o le yipada Gentoo sinu pẹpẹ alejo gbigba Wẹẹbu ti o lagbara pẹlu awọn eto yiyiyi to dara fun iṣẹ eto rẹ ati iṣakoso ti o pọ julọ lori gbogbo ayika rẹ.