2005-12-12 Mon
ApacheのSSL証明書更新
- ApacheのSSL証明書更新後はrestartでは再起動できない
以下のエラーが発生
[06/Dec/2005 00:01:03 10178] [error] Init: (www.example.com:443) You have to perform a *full* server restart when you added or removed a certificate and/or key file
# apachectl stop
# apachectl startssl
が必要
2005-11-28 Mon
Apacheのチューニング
- Summary
負荷テストには ab (Apache Bench) を用いる.
- Reference
@IT - Apacheパフォーマンス・チューニングのポイント (2/2)
http://www.atmarkit.co.jp/flinux/rensai/apache15/apache15b.html
Apacheのチューニング
http://tech.bayashi.net/svr/doc/apache/tune.html
2005-11-18 Fri
ApacheでBasic認証とDigest認証
- Reference
@IT:Apacheでユーザー認証を行うには(Digest認証編)
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/699apachedigest.html
@IT:Apacheでユーザー認証を行うには(Basic認証編)
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/698apachebasic.html
2005-11-18 Fri
ApacheでWebDAV + SSL + Basic認証
- Reference
@IT:WebDAVサーバにSSLとBasic認証を適用するには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/712davssl.html
@IT:WebDAVサーバを構築するには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/707webdavserver.html
@IT:WebDAVサーバにアクセスするには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/708webdavclient.html
2005-11-07 Mon
移転に伴う Apache , AWStats の設定
- httpd.conf
NameVirtualHost * <VirtualHost *:80> DocumentRoot /var/www ServerName xight.org </VirtualHost> <VirtualHost *:80> DocumentRoot /home/yoshiki/public_html/chalow ServerName memo.xight.org ServerAlias memo CustomLog /var/log/apache/memo.access.log combined ErrorLog /var/log/apache/memo.error.log </VirtualHost>
- AWStats
confファイルを分割
# mv awstats.conf awstats.xight.conf
# cp awstats.xight.conf awstats.memo.conf
/etc/awstats/awstats.xight.conf
LogFile="/var/log/apache/access.log.enc" SiteDomain="xight.org"
/etc/awstats/awstats.memo.conf
LogFile="/var/log/apache/memo.access.log.enc" SiteDomain="memo.xight.org"
解析結果画面は
http://example.com/cgi-bin/awstats.pl?config=xight
http://example.com/cgi-bin/awstats.pl?config=memo
で確認できる.
- crontab
45 * * * * /home/yoshiki/bin/conv_weblog_to_utf8.pl < /var/log/apache/access.log > /var/log/apache/access.log.enc
45 * * * * /home/yoshiki/bin/conv_weblog_to_utf8.pl < /var/log/apache/memo.access.log > /var/log/apache/memo.access.log.enc
0 * * * * /usr/lib/cgi-bin/awstats.pl -config=xight -update > /dev/null 2>&1
0 * * * * /usr/lib/cgi-bin/awstats.pl -config=memo -update > /dev/null 2>&1
- Reference
バーチャルホストによる複数サイトの同時運用 (1/2)
http://www.atmarkit.co.jp/flinux/rensai/apache08/apache08a.html
バーチャルホストによる複数サイトの同時運用 (2/2)
http://www.atmarkit.co.jp/flinux/rensai/apache08/apache08b.html
AWStatsでのW3C拡張ログ形式の解析方法
http://shattered04.myftp.org/pc_31.html
2005-10-11 Tue
動的ページを静的ページに見せかける
- 環境変数PATH_INFOで動的ページを静的ページに見せかける
http://exam.su-jine.com/path_info/path/info.html
http://blog.su-jine.net/archives/2004/08/_path_info.html
http://ezaffiliate.net/mailmag/0048.htm
- mod_rewrite で動的ページを静的ページに見せかける
http://blog.su-jine.net/archives/2004/08/_mod_rewrite.html
2005-10-07 Fri
リダイレクトの問題
mod_rewriteを利用する場合
# For sites running on a port other than 80 RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteCond %{SERVER_PORT} !^80$ RewriteRule ^/(.*) http://www.example.com:%{SERVER_PORT}/$1 [L,R] # And for a site running on port 80 RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) http://www.example.com/$1 [L,R]
RewriteEngine on RewriteCond %{HTTP_HOST} ^(example\.lolipop\.jp|www\.example\.com)(:80)? RewriteRule ^(.*) http://example.com/$1 [R,L]"
- name-based virtual hosting
NameVirtualHost * <VirtualHost *> ServerName www.example.net ServerAlias example.com Redirect permanent / http://www.example.com/ </VirtualHost> <VirtualHost *> ServerName www.example.com DocumentRoot /usr/local/apache/htdocs </VirtualHost>
- Reference
Apache Server Frequently Asked Questions - Configuration Questions - My site is accessible under many different hostnames; how do I redirect clients so that they see only a single name?
http://www.apache.jp/docs/misc/FAQ.html#canonical-hostnames
独自ドメイン運営助け合い掲示板 - サブドメインのアドレスを
http://lolipoking.lolipop.jp/domain/patio.cgi?mode=view&no=4
2005-10-05 Wed
コンテントネゴシエーション - Content Negotiation
- Reference
コンテントネゴシエーション - Apache HTTP サーバ
http://httpd.apache.org/docs/2.1/ja/content-negotiation.html
コンテントネゴシエーションによる無拡張子とSEOの関係
http://www.arielworks.net/articles/2004/0122a
URIあれこれ
http://www.arielworks.net/articles/2004/0113b
2005-10-03 Mon
mod_rewrite で Canonical Hostnames
- xxx.example.com から www.example.comへのリダイレクト方法の例
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) http://www.example.com/$1 [L,R=301]
- xxx.example.com から example.comへのリダイレクト方法の例
RewriteCond %{HTTP_HOST} !^example\.com [NC] RewriteCond %{HTTP_HOST} !^$ RewriteRule ^/(.*) http://example.com/$1 [L,R=301]
- Reference
Apache module mod_rewrite
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
Apache URL Rewriting Guide
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html
Apache URL Rewriting Guide (和訳)
http://japache.infoscience.co.jp/rewriteguide/
2005-09-29 Thu
ホストによるアクセス制限 + Basic認証
1. .htpasswd の作成
% htpasswd -c .htpasswd username
New password: xxxxxxxx
Re-type new password: xxxxxxxx
Adding password for user username
3. .htaccess の作成,又は httpd.conf の編集
AuthType Basic AuthUserFile /path/to/.htpasswd AuthGroupFile /dev/null AuthName "Please input ID,Password" Order deny,allow Deny from all Allow from example.com example.org Require valid-user
- Reference
ore.dyndns.org - Limitは使うな
http://ore.dyndns.org/web/limit.html
ore.dyndns.org - ドキュメントを読まない輩 - Limitの危険
http://ore.dyndns.org/web/RTFM.html#limit
ore.dyndns.org - 太古の<Limit>
http://ore.dyndns.org/web/limit-ncsa.html
2005-09-16 Fri
Debian で Apache + mod_ssl
- インストール
# aptitude install libapache-mod-ssl
# aptitude install libapache-mod-ssl-doc
# cat /usr/share/doc/libapache-mod-ssl-doc/examples/mod-ssl.conf >> /etc/apache/conf.d/ssl.conf
# zcat /usr/share/doc/libapache-mod-ssl-doc/examples/vhost.conf.gz >> /etc/apache/conf.d/vhost.conf
# apachectl configtest
- 鍵を作る
# mod-ssl-makecert
What type of certificate do you want to create?
1. dummy (dummy self-signed Snake Oil cert)
2. test (test cert signed by Snake Oil CA)
3. custom (custom cert signed by own CA)
4. existing (existing cert)
Use dummy when you are a vendor package maintainer,
test when you are an admin but want to do tests only,
custom when you are an admin willing to run a real server
existing when you are an admin who upgrades a server.
Normally you would choose 2.
your choice: 2
Which algorithm should be used to generate required key(s)?
1. RSA
2. DSA
Normally you would choose 1.
your choice: 1
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________
STEP 1: Generating RSA private key (1024 bit) [server.key]
1261417 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.++++++
....++++++
e is 65537 (0x10001)
______________________________________________________________________
STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
1. Country Name (2 letter code) [XY]:JP
2. State or Province Name (full name) [Snake Desert]:Tokyo
3. Locality Name (eg, city) [Snake Town]:Itabashi-ku
4. Organization Name (eg, company) [Snake Oil, Ltd]:Example Co.,Ltd.
5. Organizational Unit Name (eg, section) [Webserver Team]:Web Contents Group
6. Common Name (eg, FQDN) [www.snakeoil.dom]:example.com
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:admin@example.com
8. Certificate Validity (days) [365]:
______________________________________________________________________
STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=JP/ST=Tokyo/L=Itabashi-ku/O=Example Co.,Ltd./OU=Web Contents
Group/CN=example.com/emailAddress=admin@example.com
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
/etc/apache/ssl.crt/server.crt: OK
______________________________________________________________________
STEP 4: Enrypting RSA private key with a pass phrase for security
[server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________
RESULT: Server Certification Files
o /etc/apache/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o /etc/apache/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o /etc/apache/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the /etc/apache/ssl.crt/server.crt file.
WARNING: Do not use this for real-life/production systems
- 鍵を隠す
# chmod 600 /etc/apache/ssl.key/server.key
- apacheの再起動
# apachectl stop
# apachectl start
- Reference
http://shiro.pochi.cc/~sasaki/chalow/2004-12-09.html#2004-12-09-4
http://oceanicsky.dyndns.org/pukiwiki/?libapache-mod-ssl
2005-09-07 Wed
サーバの移転 - 恒久的な移転だがLocationが変わる場合
RedirectMatch permanent /path/to/(.*)$ http://example.com/
- Reference
Apache.org - mod_alias
http://httpd.apache.org/docs-2.0/ja/mod/mod_alias.html#redirectmatch
2005-09-07 Wed
Apacheの設定 - IIS狙いのアクセスを自分宛に
- Summary
IIS狙いのアクセスを127.0.0.1へリダイレクト
<IfModule mod_rewrite.c> # http://www.microsoft.com ? # http://127.0.0.1/ ? RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/default.ida(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/msadc\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)\/x90\/(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)Admin.dll(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)cmd.exe(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)null.ida(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)NULL.IDA(.*)$ http://127.0.0.1/$1 RedirectMatch permanent (.*)root.exe(.*)$ http://127.0.0.1/$1 </IfModule>
- Reference
http://online.spacetag.jp/board.php?lang=JPN&bid=5&mode=view&uid=151
2005-08-19 Fri
Limit は使うな
- Reference
http://ore.dyndns.org/web/limit.html
- via
cl.pocari.org - 2005-05-12
http://cl.pocari.org/2005-05-12-8.html
2005-08-12 Fri
.htaccess 関連
- Reference
Apache.org - htaccess
http://httpd.apache.org/docs/2.1/ja/howto/htaccess.html
.htaccess実践活用術
http://www.shtml.jp/htaccess/
ミケネコの htaccess リファレンス
http://mikeneko.creator.club.ne.jp/~lab/web/htaccess/
2005-07-19 Tue
Apache の conf.d ディレクトリを活用する
- /etc/apache/httpd.confの変更
最終行に以下を追加(されていた)
Include /etc/apache/conf.d- 用途に応じたconfファイルを作成
/etc/apache/conf.d/php4.conf
/etc/apache/conf.d/awstats.conf
/etc/apache/conf.d/xoops.conf
/etc/apache/conf.d/phpmyadmin.conf
/etc/apache/conf.d/chalow.conf
2005-03-09 Wed
Referer による直リンク禁止
- .htaccess に以下を記述
SetEnvIf Referer "^http://example\.com/" ref_ok order deny,allow deny from all allow from env=ref_ok
2004-10-05 Tue
PHP + Apacheのチューニング
- PHPのコンパイル
いらないものはdisable.
ApacheはDSOにしない.
必要なextensionでもたまにしか使わない物はshared objectにしてdl()する.
./configure --with-apache=../apache_1.3.29 --with-mysql=/usr
--enable-mbstring --disable-ipv6 --disable-xml --disable-ctype
--disable-tokenizer --disable-path-info-check --disable-overload
--disable-posix --disable-cli --disable-cgi
- Apacheのコンパイル
まず src/include/httpd.h の HARD_SERVER_LIMIT 256 を 2048 へ変更
その後configure.
いらない物は入れない.
DSOにしない.
./configure --disable-module=actions --disable-module=alias
--disable-module=asis --disable-module=autoindex --disable-module=cgi
--disable-module=imap --disable-module=include
--disable-module=setenvif --disable-module=status
--disable-module=userdir --activate-module=src/modules/php4/libphp4.a
- httpd.confの主要な部分の変更
StartServers → リクエスト数の半分くらい?
MaxClients → サーバーが処理できる最大プロセス数の半分以下くらい?
AllowOverride → none (.htaccessを使用しない)
ServerSignature → off (ちょこっとだけ無駄を省く)
- mmcacheをインストールしてphp.iniを編集
session.save_handler = mmcache (sessionはmmcacheにおまかせする)
mmcache.sessions="shm_only" (セッション情報は全てメモリ上に)
mmcache.shm_only="1" (キャッシュも全てメモリ上に)
output_buffering = On (ためてWrite()のコールを少なくする)
register_globals = Off
expose_php = Off (ちょこっとだけ無駄を省く)
register_argc_argv = Off
- Reference
PHP-J.com ブログ
http://phpj.jugem.cc/?eid=6
