Document Actions
Webサーバー構築(Apache)
Webサーバー用のデーモン Apacheの設定と暗号化SSLの設定
■Webサーバー設定
[root@linux ~]# vi /etc/httpd/conf/httpd.conf
← httpd設定ファイル編集
ServerTokens Prod
← エラーページ等でOS名を非表示
ServerAdmin webmaster@tsunpa.dyndns.org
← エラーページ等の管理者メールアドレスを指定
ServerName tsunpa.dyndns.org:80
← サーバー名を指定
#
<Directory "/var/www/html">
Options Includes ExecCGI FollowSymLinks
← CGI,SSIの許可
#
AllowOverride All
← .htaccessの許可
ServerSignature Off
← エラーページ等でApacheのVersion非表示
#AddDefaultCharset UTF-8
← コメントアウト
AddHandler cgi-script .cgi .pl
← CGIスクリプトに.plを追加
■Perlコマンド設定
[root@linux ~]# ln -s /usr/bin/perl /usr/local/bin/perl
← /usr/local/bin/perlから/usr/bin/perlへリンクをはる
[root@linux ~]# whereis perl
← Perlのパスを確認
perl: /usr/bin/perl /usr/local/bin/perl /usr/share/man/man1/perl.1.gz
← Perlのパスに/usr/local/bin/perlが表示されることを確認
■Webサーバー起動
[root@linux ~]# /etc/init.d/httpd start ← httpd起動
httpd を起動中: [ OK ]
■Webサーバー自動起動設定
[root@linux ~]# chkconfig httpd on
← httpd自動起動設定
[root@linux ~]# chkconfig --list httpd
← httpd自動起動設定確認
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
← ランレベル2~5のonを確認
■サーバー用秘密鍵作成
[root@linux ~]# cd /usr/share/ssl/certs/
[root@linux certs]# ls
Makefile cyrus-imapd.pem make-dummy-cert
ca-bundle.crt dovecot.pem slapd.pem
[root@linux certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key
Generating RSA private key, 1024 bit long modulus
............++++++
..++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@linux certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@linux certs]#
■サーバー用公開鍵作成
[root@linux certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:Tokyo
Locality Name (eg, city) [Newbury]:Chiyoda
Organization Name (eg, company) [My Company Ltd]:tsunpa.dyndns.org
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:tsunpa.dyndns.org
Email Address []:webmaster@tsunpa.dyndns.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <=なし
An optional company name []: <=なし
[root@linux certs]#
■サーバー用証明書作成
[root@linux certs]# openssl x509 -in server.csr -out \
server.pem -req -signkey server.key -days 365 <=ホントは改行無し
Signature ok
subject=/C=JP/ST=Tokyo/L=Kiyose/O=tsunpa.dyndns.org**************
Getting Private key
[root@linux certs]# chmod 400 server.*
[root@linux certs]#
■SSL設定
[root@linux certs]# mv server.* /etc/httpd/conf/
[root@linux certs]# vi /etc/httpd/conf.d/ssl.conf
下記を修正
SSLCertificateFile /etc/httpd/conf/server.pem
SSLCertificateKeyFile /etc/httpd/conf/server.key
Webサーバー設定反映
[root@linux certs]# /etc/init.d/httpd restart
← Webサーバー再起動
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]
