差異處

這裏顯示兩個版本的差異處。

--- service:apache [2007/02/05 22:54]
wenpei 建立
+++ service:apache [2011/06/20 17:29] (目前版本)
wenpei GoAccess
@@ 行 1: / 行 1: @@
+====== Apache2 + SSL ======
+http://billcho.twbbs.org/~bill/wordpress/?p=38
+==== 安裝套件 ====
+  # apt-get install apache2
+  # apt-get install openssl ssl-cert
+  # apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi php5
+==== 產生 certificate file ====
+  # openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
+  # chmod 600 /etc/apache2/apache.pem
+<code>
+Country Name (2 letter code) [AU]:TW
+State or Province Name (full name) [Some-State]:Taiwan
+Locality Name (eg, city) []:Taoyuan
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:SARS TW
+Organizational Unit Name (eg, section) []:wiki
+Common Name (eg, YOUR name) []:wiki.sars.tw
+Email Address []:webmaster@localhost
+</code>
+==== 開啟port ====
+確認 /etc/apache2/ports.conf 內容如下：
+<code>
+Listen 80
+<IfModule mod_ssl.c>
+    Listen 443
+</IfModule>
+</code>
+==== 修改 /etc/apache2/sites-available/default ====
+加入列幾行(實際上此例是直接複製本 port 80的部份, 差只在於將port改成443)
+<code>
+NameVirtualHost *:443
+<VirtualHost *:443>
+ServerAdmin webmaster@localhost
+SSLEngine on
+SSLCertificateFile /etc/apache2/apache.pem
+DocumentRoot /var/www/
+<Directory />
+Options FollowSymLinks
+AllowOverride None
+</Directory>
+<Directory /var/www/>
+Options Indexes FollowSymLinks MultiViews
+AllowOverride None
+Order allow,deny
+allow from all
+# This directive allows us to have apache2’s default start page
+# in /apache2-default/, but still have / go to the right place
+#RedirectMatch ^/$ /apache2-default/
+</Directory>
+ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+<Directory “/usr/lib/cgi-bin”>
+AllowOverride None
+Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
+Order allow,deny
+Allow from all
+</Directory>
+ErrorLog /var/log/apache2/error.log
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+CustomLog /var/log/apache2/access.log combined
+ServerSignature On
+Alias /doc/ “/usr/share/doc/”
+<Directory “/usr/share/doc/”>
+Options Indexes MultiViews FollowSymLinks
+AllowOverride None
+Order deny,allow
+Deny from all
+Allow from 127.0.0.0/255.0.0.0 ::1/128
+</Directory>
+</VirtualHost>
+</code>
+==== 設定 https 的目錄路徑 ====
+設定 http.conf
+<code>
+<Directory /var/www/test/subdir>
+# Inside the subarea any Intranet access is allowed
+# but from the Internet only HTTPS + Strong-Cipher + Password
+# or the alternative HTTPS + Strong-Cipher + Client-Certificate
+# If HTTPS is used, make sure a strong cipher is used.
+# Additionally allow client certs as alternative to basic auth.
+SSLVerifyClient optional
+SSLVerifyDepth 1
+SSLOptions +FakeBasicAuth +StrictRequire
+SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
+# Force clients from the Internet to use HTTPS
+RewriteEngine on
+RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
+RewriteCond %{HTTPS} !=on
+RewriteRule .* - [F]
+# Allow Network Access and/or Basic Auth
+#Satisfy any
+# Network Access Control
+Order allow,deny
+Allow from all
+#Allow from 192.168.1.0/24
+# HTTP Basic Authentication
+</Directory>
+</code>
+==== enable ssl & rewrite.load modules ====
+(建立softlink，mods-enabled -> mods-available)
+  # a2enmod ssl
+需要啟動apache2
+===== 自動導向 https =====
+  RewriteEngine On
+  RewriteCond %{SERVER_PORT} !^443$
+  RewriteRule ^(.*)$ https://%{SERVER_NAME}/~somewhere/$1 [L,R]
+====== Log 分析 ======
+===== GoAccess=====
+http://goaccess.prosoftcorp.com/
+http://www.openfoundry.org/index.php?option=com_content&task=view&id=8228&Itemid=4
 ====== 使用Apache自動判別語系 ======
 http://casper.tiger2.net/blog/2006/04/23/apache/

Sars' History

使用者工具

網站工具

差異處

頁面工具