====== Apache2 + SSL ======
http://billcho.twbbs.org/~bill/wordpress/?p=38
==== 安裝套件 ====
# apt-get install apache2
# apt-get install openssl ssl-cert
# apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi php5
==== 產生 certificate file ====
# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
# chmod 600 /etc/apache2/apache.pem
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taoyuan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SARS TW
Organizational Unit Name (eg, section) []:wiki
Common Name (eg, YOUR name) []:wiki.sars.tw
Email Address []:webmaster@localhost
==== 開啟port ====
確認 /etc/apache2/ports.conf 內容如下:
Listen 80
Listen 443
==== 修改 /etc/apache2/sites-available/default ====
加入列幾行(實際上此例是直接複製本 port 80的部份, 差只在於將port改成443)
NameVirtualHost *:443
ServerAdmin webmaster@localhost
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
DocumentRoot /var/www/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2’s default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ “/usr/share/doc/”
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
==== 設定 https 的目錄路徑 ====
設定 http.conf
# Inside the subarea any Intranet access is allowed
# but from the Internet only HTTPS + Strong-Cipher + Password
# or the alternative HTTPS + Strong-Cipher + Client-Certificate
# If HTTPS is used, make sure a strong cipher is used.
# Additionally allow client certs as alternative to basic auth.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +FakeBasicAuth +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# Force clients from the Internet to use HTTPS
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
RewriteCond %{HTTPS} !=on
RewriteRule .* - [F]
# Allow Network Access and/or Basic Auth
#Satisfy any
# Network Access Control
Order allow,deny
Allow from all
#Allow from 192.168.1.0/24
# HTTP Basic Authentication
==== enable ssl & rewrite.load modules ====
(建立softlink,mods-enabled -> mods-available)
# a2enmod ssl
需要啟動apache2
===== 自動導向 https =====
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/~somewhere/$1 [L,R]
====== Log 分析 ======
===== GoAccess=====
http://goaccess.prosoftcorp.com/
http://www.openfoundry.org/index.php?option=com_content&task=view&id=8228&Itemid=4
====== 使用Apache自動判別語系 ======
http://casper.tiger2.net/blog/2006/04/23/apache/
httpd.conf內容如下:
DirectoryIndex index.html index.html.var index.php index.php3 index.php4
AddHandler type-map var
index.html.var內容如下:
URI: index.en.html
Content-language: en
Content-type: text/html
URI: index.zh-tw.html
Content-language: tw, zh-tw
Content-type: text/html
URI: index.zh-cn.html
Content-language: cn, zh-cn
Content-type: text/html
這樣一來, 當browser連線上來時, Apache便會去判別browser的預設語言. 若是英語, 則轉到index.en.html, 若是zh-tw, 則轉到index.zh-tw.html
不過有個問題, 如果browser的語言不在上面, 在Apache 2.0測試的結果是會抓第一個, 而Apache 2.2測試會出現錯誤訊息, 說找不到語言檔.
2006/06/03 Update:
今天才注意到, 是因為 Apache 2.2 的 language 設定檔放到 conf/extra/httpd-languages.conf, 然後我忘了把httpd.conf裡面的include打開了. 而當browser設定的語言都找不到時, Apache 會根據LanguagePriority (在httpd-languages.conf)的順序顯示. (其實這地方似乎只有第一個會用到吧? 什麼情況下會用到後面的語言呢?)
又, 看了一下Apache的manual目錄, 才注意到有另外的方法可以設定, 有興趣的可以參考conf/extra/httpd-manual.conf和manual下面的任何一個.html檔案. 下次再找機會研究一下, 看有什麼不同.