memo.xight.org

日々のメモ

カテゴリ : Apache

2ページ目 / 全3ページ

ApacheのSSL証明書更新

ApacheのSSL証明書更新後はrestartでは再起動できない

以下のエラーが発生

[06/Dec/2005 00:01:03 10178] [error] Init: (www.example.com:443) You have to perform a *full* server restart when you added or removed a certificate and/or key file


# apachectl stop
# apachectl startssl

が必要

ApacheでWebDAV + SSL + Basic認証

Reference

@IT:WebDAVサーバにSSLとBasic認証を適用するには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/712davssl.html
@IT:WebDAVサーバを構築するには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/707webdavserver.html
@IT:WebDAVサーバにアクセスするには
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/708webdavclient.html

移転に伴う Apache , AWStats の設定

httpd.conf

NameVirtualHost *

<VirtualHost *:80>
	DocumentRoot	/var/www
	ServerName	xight.org
</VirtualHost>

<VirtualHost *:80>
	DocumentRoot	/home/yoshiki/public_html/chalow
	ServerName	memo.xight.org
	ServerAlias	memo
	CustomLog /var/log/apache/memo.access.log combined
	ErrorLog /var/log/apache/memo.error.log
</VirtualHost>


AWStats

  confファイルを分割

# mv awstats.conf awstats.xight.conf
# cp awstats.xight.conf awstats.memo.conf


  /etc/awstats/awstats.xight.conf

LogFile="/var/log/apache/access.log.enc"
SiteDomain="xight.org"

  /etc/awstats/awstats.memo.conf

LogFile="/var/log/apache/memo.access.log.enc"
SiteDomain="memo.xight.org"

  解析結果画面は
  http://example.com/cgi-bin/awstats.pl?config=xight
  http://example.com/cgi-bin/awstats.pl?config=memo
  で確認できる.

crontab

45 * * * * /home/yoshiki/bin/conv_weblog_to_utf8.pl < /var/log/apache/access.log > /var/log/apache/access.log.enc
45 * * * * /home/yoshiki/bin/conv_weblog_to_utf8.pl < /var/log/apache/memo.access.log > /var/log/apache/memo.access.log.enc
0 * * * * /usr/lib/cgi-bin/awstats.pl -config=xight -update > /dev/null 2>&1
0 * * * * /usr/lib/cgi-bin/awstats.pl -config=memo -update > /dev/null 2>&1


Reference

バーチャルホストによる複数サイトの同時運用 (1/2)
http://www.atmarkit.co.jp/flinux/rensai/apache08/apache08a.html

バーチャルホストによる複数サイトの同時運用 (2/2)
http://www.atmarkit.co.jp/flinux/rensai/apache08/apache08b.html

AWStatsでのW3C拡張ログ形式の解析方法
http://shattered04.myftp.org/pc_31.html

動的ページを静的ページに見せかける

環境変数PATH_INFOで動的ページを静的ページに見せかける

  http://exam.su-jine.com/path_info/path/info.html
  http://blog.su-jine.net/archives/2004/08/_path_info.html
  http://ezaffiliate.net/mailmag/0048.htm

mod_rewrite で動的ページを静的ページに見せかける

  http://blog.su-jine.net/archives/2004/08/_mod_rewrite.html

リダイレクトの問題

  mod_rewriteを利用する場合
# For sites running on a port other than 80
RewriteCond %{HTTP_HOST}   !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^/(.*)         http://www.example.com:%{SERVER_PORT}/$1 [L,R]
# And for a site running on port 80
RewriteCond %{HTTP_HOST}   !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://www.example.com/$1 [L,R]


RewriteEngine on
RewriteCond %{HTTP_HOST} ^(example\.lolipop\.jp|www\.example\.com)(:80)?
RewriteRule ^(.*) http://example.com/$1 [R,L]"


name-based virtual hosting

NameVirtualHost *

<VirtualHost *>
  ServerName www.example.net
  ServerAlias example.com
  Redirect permanent / http://www.example.com/
</VirtualHost>

<VirtualHost *>
  ServerName www.example.com
  DocumentRoot /usr/local/apache/htdocs
</VirtualHost>


Reference

Apache Server Frequently Asked Questions - Configuration Questions - My site is accessible under many different hostnames; how do I redirect clients so that they see only a single name?
http://www.apache.jp/docs/misc/FAQ.html#canonical-hostnames
独自ドメイン運営助け合い掲示板 - サブドメインのアドレスを
http://lolipoking.lolipop.jp/domain/patio.cgi?mode=view&no=4

mod_rewrite で Canonical Hostnames

xxx.example.com から www.example.comへのリダイレクト方法の例

RewriteCond %{HTTP_HOST}   !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://www.example.com/$1 [L,R=301]


xxx.example.com から example.comへのリダイレクト方法の例

RewriteCond %{HTTP_HOST}   !^example\.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://example.com/$1 [L,R=301]


Reference

Apache module mod_rewrite
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

Apache URL Rewriting Guide
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html

Apache URL Rewriting Guide (和訳)
http://japache.infoscience.co.jp/rewriteguide/

ホストによるアクセス制限 + Basic認証

1. .htpasswd の作成

% htpasswd -c .htpasswd username
New password: xxxxxxxx
Re-type new password: xxxxxxxx
Adding password for user username


3. .htaccess の作成,又は httpd.conf の編集

AuthType      Basic
AuthUserFile  /path/to/.htpasswd
AuthGroupFile /dev/null
AuthName      "Please input ID,Password"

Order deny,allow
Deny  from all
Allow from example.com example.org

Require valid-user


Reference

ore.dyndns.org - Limitは使うな
http://ore.dyndns.org/web/limit.html

ore.dyndns.org - ドキュメントを読まない輩 - Limitの危険
http://ore.dyndns.org/web/RTFM.html#limit

ore.dyndns.org - 太古の<Limit>
http://ore.dyndns.org/web/limit-ncsa.html

Debian で Apache + mod_ssl

インストール

# aptitude install libapache-mod-ssl
# aptitude install libapache-mod-ssl-doc
# cat /usr/share/doc/libapache-mod-ssl-doc/examples/mod-ssl.conf >> /etc/apache/conf.d/ssl.conf
# zcat /usr/share/doc/libapache-mod-ssl-doc/examples/vhost.conf.gz >> /etc/apache/conf.d/vhost.conf
# apachectl configtest


鍵を作る

# mod-ssl-makecert
What type of certificate do you want to create?

1. dummy (dummy self-signed Snake Oil cert)
2. test (test cert signed by Snake Oil CA)
3. custom (custom cert signed by own CA)
4. existing (existing cert)

Use dummy when you are a vendor package maintainer,
test when you are an admin but want to do tests only,
custom when you are an admin willing to run a real server
existing when you are an admin who upgrades a server.

Normally you would choose 2.

your choice: 2
Which algorithm should be used to generate required key(s)?

1. RSA
2. DSA

Normally you would choose 1.

your choice: 1
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________

STEP 1: Generating RSA private key (1024 bit) [server.key]
1261417 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.++++++
....++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

-
1. Country Name (2 letter code) [XY]:JP
2. State or Province Name (full name) [Snake Desert]:Tokyo
3. Locality Name (eg, city) [Snake Town]:Itabashi-ku
4. Organization Name (eg, company) [Snake Oil, Ltd]:Example Co.,Ltd.
5. Organizational Unit Name (eg, section) [Webserver Team]:Web Contents Group
6. Common Name (eg, FQDN) [www.snakeoil.dom]:example.com
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:admin@example.com
8. Certificate Validity (days) [365]:
______________________________________________________________________

STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=JP/ST=Tokyo/L=Itabashi-ku/O=Example Co.,Ltd./OU=Web Contents
Group/CN=example.com/emailAddress=admin@example.com
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
/etc/apache/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 4: Enrypting RSA private key with a pass phrase for security
[server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

RESULT: Server Certification Files

o /etc/apache/ssl.key/server.key
   The PEM-encoded RSA private key file which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o /etc/apache/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o /etc/apache/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our demonstration-only Snake Oil CA) which later can replace
   the /etc/apache/ssl.crt/server.crt file.

WARNING: Do not use this for real-life/production systems


鍵を隠す

# chmod 600 /etc/apache/ssl.key/server.key


apacheの再起動

# apachectl stop
# apachectl start


Reference

http://shiro.pochi.cc/~sasaki/chalow/2004-12-09.html#2004-12-09-4
http://oceanicsky.dyndns.org/pukiwiki/?libapache-mod-ssl

Apacheの設定 - IIS狙いのアクセスを自分宛に

Summary

IIS狙いのアクセスを127.0.0.1へリダイレクト
<IfModule mod_rewrite.c>
# http://www.microsoft.com ?
# http://127.0.0.1/ ?
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/default.ida(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)\/x90\/(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)Admin.dll(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)cmd.exe(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)null.ida(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)NULL.IDA(.*)$ http://127.0.0.1/$1
RedirectMatch permanent (.*)root.exe(.*)$ http://127.0.0.1/$1
</IfModule>

Reference

http://online.spacetag.jp/board.php?lang=JPN&bid=5&mode=view&uid=151

Apache の conf.d ディレクトリを活用する

/etc/apache/httpd.confの変更

  最終行に以下を追加(されていた)
Include /etc/apache/conf.d


用途に応じたconfファイルを作成

/etc/apache/conf.d/php4.conf
/etc/apache/conf.d/awstats.conf
/etc/apache/conf.d/xoops.conf
/etc/apache/conf.d/phpmyadmin.conf
/etc/apache/conf.d/chalow.conf