1.インストール作業
2.OpenSSLの導入作業
3.ドキュメントルートの変更(home内に作成)
(ダウンロードサイト)http://nagoya.apache.org/mirror/httpd/
![[TGZ]](compressed.gif)
apache_1.3.27.tar.gz をダウンロード 03-Oct-2002 11:51 2.2M Current Release
1.3.27
*作業場所 /usr/local/src で実施
| 作業内容 | コマンド | 参考 |
| 解凍作業 | # tar -zxvf apache_1.3.27.tar.gz | |
| 解凍の確認 | # ls apache_1.3.27 apache_1.3.27.tar.gz |
|
| ディレクトの移動 | # cd apache_1.3.27 | |
| インストール作業 | # ./configure # ./configure --enable-module=so # make # make install |
|
| apacheの起動 | # /usr/local/apache/bin/apachectl start /usr/local/apache/bin/apachectl start: httpd started *再起動 restart 停止 stop |
|
| apacheの起動確認 | ブラウザーにて起動を確認 http://(IPアドレス)/ |
(ダウンロードサイト)
(ダウロードファイル)
*作業場所 /usr/local/src で実施(同一フォルダにapache、opennssl、modsslがあることを確認して下さい。)
| 作業内容 | コマンド | 参考 |
| httpd.confのバックアップ作成 | # cd /usr/local/apache/conf/ # ls access.conf httpd.conf.default mime.types srm.conf.default access.conf.default magic mime.types.default httpd.conf magic.default srm.conf # mv httpd.conf httpd.conf.20030325 # ls access.conf httpd.conf.default mime.types srm.conf.default access.conf.default magic mime.types.default httpd.conf.20030325 magic.default srm.conf |
バックアップを作成する。「必ず」 |
| インストール前確認作業 | # cd /usr/local/src # ls apache_1.3.27 mod_ssl-2.8.14-1.3.27.tar.gz apache_1.3.27.tar.gz openssl-0.9.7a.tar.gz |
apache、openssl、modsslがあるか 確認 |
| 解凍及びインストール作業 | # tar zxvf openssl-0.9.7a.tar.gz # tar zxvf mod_ssl-2.8.14-1.3.27.tar.gz # tar zxvf apache_1.3.27.tar.gz # cd openssl-0.9.7a # ./config no-threads -fPIC # make # make test # cd .. # cd mod_ssl-2.8.14-1.3.27 #./configure --with-apache=../apache_1.3.27 --with-ssl=../openssl-0.9.7a --prefix=/usr/local/apache --enable-module=so --enable-shared=ssl # cd ../apache_1.3.27 # make # make install |
|
| 起動コマンド | # /usr/local/apache/bin/apachectl startssl /usr/local/apache/bin/apachectl startssl: httpd (pid 16149) already running |
この時点ではhttpsで みえません。 |
| ダミーの鍵と証明書の削除 | # rm /usr/local/apache/conf/ssl.key/server.key rm: remove `/usr/local/apache/conf/ssl.key/server.key'? y # rm /usr/local/apache/conf/ssl.crt/server.crt rm: remove `/usr/local/apache/conf/ssl.crt/server.crt'? y |
|
| 鍵ファイルの作成 | # cat /var/log/*.log > random.dat # /usr/bin/openssl genrsa -rand random.bat -des3 1024 > /usr/lo cal/apache/conf/ssl.key/server.key 0 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus .................................++++++ .........................++++++ e is 65537 (0x10001) Enter PEM pass phrase:(パスワード?) Verifying password - Enter PEM pass phrase:(パスワード?) [root@kita01 apache_1.3.26]# rm random.dat rm: remove `random.dat'? y |
|
| 証明書の発行 | # /usr/bin/openssl req -new -key /usr/local/apache/conf/ssl .key/server.key -x509 -days 365 -out /usr/local/apache/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase:(パスワード入力) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:JP State or Province Name (full name) [Berkshire]:(都市名) Locality Name (eg, city) [Newbury]:(住所詳細) Organization Name (eg, company) [My Company Ltd]:kkataru Organizational Unit Name (eg, section) []:web team Common Name (eg, your name or your server's hostname) []:kkataru.mine.nu Email Address []:postmaster@kkataru.mine.nu [root@kita01 ssl.crt]# /usr/local/apache/bin/apachectl stop /usr/local/apache/bin/apachectl stop: httpd stopped [root@kita01 ssl.crt]# /usr/local/apache/bin/apachectl startssl [Mon Aug 26 16:06:34 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server kita01:443 (RSA) Enter pass phrase:(パスワード?) Ok: Pass Phrase Dialog successful. /usr/local/apache/bin/apachectl startssl: httpd started |
3.ドキュメントルートの変更(home内に作成) [▲TOP]
*Web管理を複数で実施する場合はHome内に共通ユーザを作成して管理するほうが管理しやすいのでこの方法を説明します。
| # vi /usr/local/apache/conf/httpd.conf | このファイルの修正します。 |
| # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # ##DocumentRoot "/usr/local/apache/htdocs" DocumentRoot "/home/webteam/htdocs" (sslを使用する場合の修正場所) ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host ##DocumentRoot "/usr/local/apache/htdocs" DocumentRoot "/home/webteam/htdocs" ServerName ***.***.***.*** ServerAdmin root@***.****.*** ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log |
この個所を訂正します。 なお、元の行はコメントにしておいたほうが 後で見直す時にわかりやすいよ思います。 |
| # chmod 755 /home/webteam | 読み込み可能にする。 |
| # /usr/local/apache/bin/apachectl stop /usr/local/apache/bin/apachectl stop: httpd stopped # /usr/local/apache/bin/apachectl start /usr/local/apache/bin/apachectl start: httpd started |
apache停止、起動 |
[▲TOP]