Apache HTTP Server 2 在 openSUSE 安裝的方式:
sudo zypper in apache2
如果要啟動 Apache 2:
sudo systemctl start apache2
如果要停止 Apache 2:
sudo systemctl stop apache2
如果要開機的時候就啟動服務,使用:
sudo chkconfig apache2 on
如果不要,使用:
sudo chkconfig apache2 off
如果需要公開在網路上,還需要設定防火牆,否則只能在 localhost 使用。
再來安裝 Apache Rivet,如果要在 openSUSE 安裝,先設定軟體庫:
sudo zypper addrepo https://download.opensuse.org/repositories/Apache:/Modules/openSUSE_Leap_42.3/ Apache-Modules
更新軟體庫:
sudo zypper refresh
更新以後,使用下列的指令安裝:
sudo zypper install apache2-mod_rivet
加入 Apache Rivet module 到 Apache 2:
sudo a2enmod rivet
(* 如果要移除,使用 sudo a2dismod rivet 來移除) 接下來重新啟動 Apache 2:
sudo systemctl restart apache2
到 /srv/www/htdocs/ 目錄下,建立 hello.rvt,內容如下:
<? set hello_message "Hello world" ?>
<html>
<head>
<title><?= $hello_message ?></title>
</head>
<body><?= [::rivet::html $hello_message pre b] ?></body>
</html>
瀏覽 http://localhost/hello.rvt,如果有看到訊息表示成功安裝。再來設定 Apache2 HTTPS 的部份。一開始先確定 mod_ssl 有開啟:
sudo a2enmod ssl
再來是設定 Self-Signed Certificates 的部份,在 Linux 上使用 OpenSSL 建立。Create a config file for your certificate :
[req]
default_bits = 2048
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = New York
localityName = Locality Name (eg, city)
localityName_default = Rochester
organizationName = Organization Name (eg, company)
organizationName_default = localhost
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
Run the following 2 commands using OpenSSL to create a self-signed certificate in openSUSE with OpenSSL :sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -passin pass:YourSecurePassword
sudo openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
然後將我們製造的檔案複製到 Apache 的目錄下:
sudo cp localhost.crt /etc/apache2/ssl.crt/server.crt
sudo cp localhost.key /etc/apache2/ssl.key/server.key
如果是 Officially Signed Certificate,可以參考 OpenSUSE: Setting Up a Secure Web Server with SSL。
再來修改 /etc/sysconfig/apache2 的設定,
APACHE_START_TIMEOUT="10"
APACHE_SERVER_FLAGS="SSL"
複製 /etc/apache2/vhost.d/vhost-ssl.template 到 /etc/apache2/vhost.d/vhost-ssl.conf,主要的設定如下:
<IfDefine SSL>
<IfDefine !NOSSL>
##
## SSL Virtual Host Context
##
<VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
#ServerName www.example.com:443
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# You can use per vhost certificates if SNI is supported.
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
接下來讓 main site 使用 HTTPS,編輯 /etc/apache2/default-server.conf,加入下面的設定:
IncludeOptional /etc/apache2/conf.d/*.conf
IncludeOptional /etc/apache2/vhosts.d/*.conf
接下來重新開啟 Apache 2,
sudo systemctl restart apache2
瀏覽 https://localhost/hello.rvt, 如果有看到訊息表示成功安裝(PS. 因為是 Self-Signed Certificates,所以 Firefox 會看到警告訊息)。
若要強制使用 SSL,需要開啟 mod_rewrite 才行。
sudo a2enmod rewrite
再來修改 /etc/apache2/vhost.d/vhost-ssl.conf
<VirtualHost *:80> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] </VirtualHost> <VirtualHost *:443> # General setup for the virtual host DocumentRoot "/srv/www/htdocs" #ServerName www.example.com:443 #ServerAdmin webmaster@example.com ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # You can use per vhost certificates if SNI is supported. SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key #SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost>
* 2017/11/18 更新:更新 rewrite 的規則
接下來重新開啟 Apache 2,
sudo systemctl restart apache2
這樣就會強制都使用 HTTPS 瀏覽。
沒有留言:
張貼留言