Apache + SSL

Posted at 2009. 11. 12. 09:01 | Posted in Server/Ubuntu
http://seoeun25.tistory.com/405



ssl module 사용

# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!

private key 생성

# cd /etc/apache2/conf.d

/etc/apache2/conf.d# openssl genrsa -rand rand.dat -des3 -out ssl.nerv-team.key
218 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
.....++++++++++++
.......................................++++++++++++
e is 65537 (0x10001)
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
Verifying - Enter pass phrase for ssl.nerv-team.key:비밀번호입력

csr 생성

/etc/apache2/conf.d# openssl req -new -key ssl.nerv-team.key -out ssl.nerv-team.csr
Enter pass phrase for ssl.nerv-team.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

csr 파일 확인

/etc/apache2/conf.d# openssl req -noout -text -in ssl.nerv-team.csr

crt 생성

/etc/apache2/conf.d# openssl req -new -x509 -days 365 -key ssl.nerv-team.key -out ssl2009.crt
Enter pass phrase for ssl.nerv-team.key:비밀번호입력
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KO
State or Province Name (full name) [Some-State]:SEOUL
Locality Name (eg, city) []:SEOUL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nerv-team
Organizational Unit Name (eg, section) []:nerv
Common Name (eg, YOUR name) []:antop
Email Address []:antop@nerv-team.co.kr

파일 백업 / 이동

/etc/apache2/conf.d# rm rand.dat   # 불필요한 파일 삭제

/etc/apache2/conf.d# mv ssl.nerv-team.* /opt/ssl   # 백업

# cp /opt/ssl/ssl.nerv-team.crt /etc/ssl/certs   # csr 파일 위치
# cp /opt/ssl/ssl.nerv-team.key /etc/ssl/private   # private key 파일 위치

apache2 ssl 설정

# vi /etc/apache2/mods-enabled/ssl.conf

<IfModule mod_ssl.c>
....

# 추가
SSLCertificateFile /etc/ssl/certs/ssl.nerv-team.crt
SSLCertificateKeyFile /etc/ssl/private/ssl.nerv-team.key
</IfModule>

# vi /etc/apache2/sites-enabled/000-default

# 추가
# https
<VirtualHost *:443>
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combinded
        SSLEngine on
        SSLCertificateFile "/etc/ssl/certs/ssl.nerv-team.crt"
        SSLCertificateKeyFile "/etc/ssl/private/ssl.nerv-team.key"
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/usr/lib/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        # tomcat connecter
        Include /etc/apache2/mods-enabled/jk_mount.conf
</VirtualHost>

apache2 재시작

# /etc/init.d/apache2 restart
 * Restarting web server apache2
Apache/2.2.12 mod_ssl/2.2.12 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server nerv-team.co.kr:443 (RSA)
Enter pass phrase:비밀번호입력
OK: Pass Phrase Dialog successful.
                                                                                             [ OK ]

테스트


'Server > Ubuntu' 카테고리의 다른 글

Openfire  (0) 2010.05.25
Webmin  (0) 2009.11.18
Squirrelmail  (0) 2009.11.12
SparkWeb  (0) 2009.11.12
Cacti  (0) 2009.11.12
Apache + SSL  (0) 2009.11.12
Oracle Express Edition 10g  (0) 2009.11.11
Apache + Tomcat with Tomcat Connector  (0) 2009.11.11
Apache + PHP + MySQL  (0) 2009.11.11
bind9 - domain name service  (0) 2009.11.11
Ubuntu 9.10 Desktop  (0) 2009.11.11
tag: Apache, SSL, ubuntu

댓글 (Comment)

Name*

Password*

Link (Your Website)

Comment

SECRET | 비밀글로 남기기

Apache + Tomcat with Tomcat Connector

Posted at 2009. 11. 11. 09:01 | Posted in Server/Ubuntu

http://www.jopenbusiness.com/tc/oss/162



jdk 1.6

# apt-get install sun-java6-jdk

테스트

# javac -version
javac 1.6.0_15

# java -version
java version "1.6.0_15"
Java(TM) SE Runtime Environment (build 1.6.0_15-b03)
Java HotSpot(TM) Client VM (build 14.1-b02, mixed mode, sharing)




apache2 - http://antop.tistory.com/37


tomcat6

# apt-get install tomcat6

환경 설정

# vi /etc/tomcat6/server.xml

<!-- URIEncoding="UTF-8" 추가 -->
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
           connectionTimeout="20000"
           redirectPort="8443" />

<!-- 주석을 제가하고 URIEncoding="UTF-8" enableLookups="false" 추가 -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" enableLookups="false" />

# vi /etc/init.d/tomcat6

# 추가
JAVA_OPTS="$JAVA_OPTS -Djava.endorsed.dirs=$CATALINA_HOME/endorsed -Dcatalina.base=$CATALINA_BASE -Dcatalina.home=$CATALINA_HOME -Djava.io.tmpdir=$JVM_TMP -Dfile.encoding=8859_1 -Dfile.client.encoding=8859_1 -Dclient.encoding.override=8859_1"

tomcat6 재시작

# /etc/init.d/tomcat6 restart

테스트





tomcat connecter

# apt-get install libapache2-mod-jk

# vi /etc/apache2/mods-enabled/jk.conf

# 생성
# ServerName nerv-team.co.kr
JkWorkersFile   /etc/apache2/mods-enabled/workers.properties
JkShmFile       /var/log/apache2/mod_jk.shm
JkLogFile       /var/log/apache2/mod_jk.log
JkLogLevel      debug
JkLogStampFormat   "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"

# vi /etc/apache2/mods-enabled/jk_mount.conf

# 생성
# Apache Tomcat에서 처리할 URL 패턴을 등록
JkMount /*.jsp          worker1
JkMount /servlet/*      worker1
JkMount /*.do           worker1
JkMount /*.action       worker1

# vi /etc/apache2/mods-enabled/workers.properties

# 생성
workers.tomcat_home=/usr/share/tomcat6
workers.java_home=/usr/lib/jvm/java-6-sun
ps=/

worker.list=worker1
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.type=ajp13
worker.worker1.lbfactor=50
worker.worker1.socket_keepalive=1
worker.worker1.socket_timeout=60

# vi /etc/apache2/sites-enabled/000-default

# 원하는 호스트 부분에 추가
# www.nerv-team.co.kr
<VirtualHost *:80>
        ServerAdmin antop@nerv-team.co.kr
        ServerName www.nerv-team.co.kr
        ServerAlias nerv-team.co.kr
        DocumentRoot /var/www
        # tomcat connecter
        Include /etc/apache2/mods-enabled/jk_mount.conf
...
</VirtualHost>

# vi /etc/tomcat6/server.xml

<Host name="www.nerv-team.co.kr" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
  <Context path="/" docBase="/var/www" reloadable="true" />
</Host>

tomcat6 재시작

# /etc/init.d/tomcat6 restart

apache2 재시작 (tomcat6 부터 재시작 한다)

# /etc/init.d/apache2 restart

테스트

# echo '<%="Hello World"%>' > /var/www/jspinfo.jsp







java.security.AccessControlException: access denied

예) test.jsp

<%=System.getProperty("java.class.path") %>

에서 에러가 났다면 "/etc/java-6-sun/security/java.policy" 파일에서 접근 권한이 있는지 확인한다.

// 추가
permission java.util.PropertyPermission "java.class.path", "read";



WEB-INF/lib 참조 못하는 에러 해결(권한 문제)

# vi /etc/tomcat6/policy.d/04webapps.policy

// 추가
grant codeBase "file:/home/-" {
        permission java.security.AllPermission;
};


그래도 안되면 수동으로 하는 수밖에...

※ 웹어플 하나 추가할때마다 서버 재시작해줘야 할지도... -0- 비추..

# vi /etc/init.d/tomcat6

# tomcat 라이브러리 등록
JSVC_CLASSPATH=$JSVC_CLASSPATH:.:`echo $CATALINA_HOME/lib/*.jar | tr ' ' ':'`
# 가상 호스팅 classes, lib 등록
home_root="/home"
public_html="public_html"
for home_name in $(ls "$home_root")
  do
    if [ -d "$home_root/$home_name/$public_html" ]; then
      for context_name in $(ls "$home_root/$home_name/$public_html")
        do
          if [ -d "$home_root/$home_name/$public_html/$context_name/WEB-INF" ]; then
            # classes 폴더 등록
            if [ -d "$home_root/$home_name/$public_html/$context_name/WEB-INF/classes" ]; then
              JSVC_CLASSPATH="$JSVC_CLASSPATH:$home_root/$home_name/$public_html/$context_name/WEB-INF/classes"
            fi
            # lib 폴더안의 jar 파일 전부 등록
            if [ -d "$home_root/$home_name/$public_html/$context_name/WEB-INF/lib" ]; then
              for jar_file in $(ls "$home_root/$home_name/$public_html/$context_name/WEB-INF/lib")
                do
                  JSVC_CLASSPATH="$JSVC_CLASSPATH:$home_root/$home_name/$public_html/$context_name/WEB-INF/lib/$jar_file"
                # end for
              done
            fi
          fi
        # end for
      done
    fi
  # end for
done


'Server > Ubuntu' 카테고리의 다른 글

Openfire  (0) 2010.05.25
Webmin  (0) 2009.11.18
Squirrelmail  (0) 2009.11.12
SparkWeb  (0) 2009.11.12
Cacti  (0) 2009.11.12
Apache + SSL  (0) 2009.11.12
Oracle Express Edition 10g  (0) 2009.11.11
Apache + Tomcat with Tomcat Connector  (0) 2009.11.11
Apache + PHP + MySQL  (0) 2009.11.11
bind9 - domain name service  (0) 2009.11.11
Ubuntu 9.10 Desktop  (0) 2009.11.11

댓글 (Comment)

Name*

Password*

Link (Your Website)

Comment

SECRET | 비밀글로 남기기

Apache + PHP + MySQL

Posted at 2009. 11. 11. 08:20 | Posted in Server/Ubuntu

#  apt-get install mysql-server

utf-8, innodb 설정

# vi /etc/mysql/my.cnf

# utf-8
[client]
default-character-set=utf8  

[mysqld]   
character-set-client-handshake=FALSE  
init_connect="SET collation_connection=utf8_general_ci"  
init_connect="SET NAMES utf8"  
default-character-set=utf8  
character-set-server=utf8  
collation-server=utf8_general_ci  

# InnoDB
default-storage-engine=INNODB

# 테이블명의 대소문자를 가리지 않게 한다.
lower_case_table_names = 1

[mysqldump]    
default-character-set=utf8

[mysql]   
default-character-set=utf8

# 외부에서도 접속 가능하게 한다.
# bind-address          = 127.0.0.1

mysql 재시작

# /etc/init.d/mysql restart

설정 확인

# mysql -uroot -p비밀번호
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.1.37-1ubuntu5 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> status
--------------
mysql  Ver 14.14 Distrib 5.1.37, for debian-linux-gnu (i486) using  EditLine wrapper

Connection id:          35
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.1.37-1ubuntu5 (Ubuntu)
Protocol version:       10
Connection:             Localhost via UNIX socket
Client characterset:    utf8
Server characterset:    utf8
UNIX socket:            /var/run/mysqld/mysqld.sock
Uptime:                 1 min 59 sec

Threads: 1  Questions: 102  Slow queries: 0  Opens: 99  Flush tables: 1  Open tables: 23  ....
--------------

mysql> show engines;
| InnoDB     | DEFAULT | Supports transactions, row-level locking, and foreign keys ....

mysql> exit
Bye



apache2

# apt-get install apache2
# apt-get install libapache2-mod-auth-mysql

ServerName 등록

# vi /etc/apache2/apache2.conf

# ServerName
ServerName nerv-team.co.kr

가상 호스트 설정

#  vi /etc/apache2/sites-enabled/000-default

# nerv-team.co.kr
<VirtualHost *:80>
        ServerName nerv-team.co.kr
        Redirect / http://www.nerv-team.co.kr/
</VirtualHost>
# www.nerv-team.co.kr
<VirtualHost *:80>
        ServerAdmin antop@nerv-team.co.kr
        ServerName www.nerv-team.co.kr
        ServerAlias nerv-team.co.kr
        DocumentRoot /var/www
        ....
</VirtualHost>

http://nerv-team.co.kr 으로 접속해도 http://www.nerv-team.co.kr 으로 갈 수 있도록 수정


apache2 재시작

# /etc/init.d/apache2 restart

테스트





php5

# apt-get install php5
# apt-get install php5-gd php5-imap
# apt-get install php5-mhash
# apt-get install php5-mysql
# apt-get install php5-pgsql

설정

# vi /etc/php5/apache2/php.ini

; 추가
date.timezone = Asia/Seoul
[PHP]
default_charset = "UTF-8"
output_buffering = 4096

....

; 수정
magic_quotes_gpc = Off

apache2 재시작

# /etc/init.d/apache2 restart

테스트

# echo '<?php phpinfo(); ?>' > /var/www/phpinfo.php





phpmyadmin

# apt-get install phpmyadmin

apache2 선택



기본 http://www.nerv-team.co.kr/phpmyadmin 으로 되어 있지만 http://mysql.nerv-team.co.kr 으로 변경

# rm /etc/apache2/conf.d/phpmyadmin.conf

서브 도메인 설정

# vi /etc/apache2/sites-enabled/000-default

# 추가
# mysql.nerv-team.co.kr
<VirtualHost *:80>
        ServerName mysql.nerv-team.co.kr
        DocumentRoot /usr/share/phpmyadmin
</VirtualHost>

apache2 재시작

# /etc/init.d/apache2 restart

테스트



'Server > Ubuntu' 카테고리의 다른 글

Openfire  (0) 2010.05.25
Webmin  (0) 2009.11.18
Squirrelmail  (0) 2009.11.12
SparkWeb  (0) 2009.11.12
Cacti  (0) 2009.11.12
Apache + SSL  (0) 2009.11.12
Oracle Express Edition 10g  (0) 2009.11.11
Apache + Tomcat with Tomcat Connector  (0) 2009.11.11
Apache + PHP + MySQL  (0) 2009.11.11
bind9 - domain name service  (0) 2009.11.11
Ubuntu 9.10 Desktop  (0) 2009.11.11

댓글 (Comment)

Name*

Password*

Link (Your Website)

Comment

SECRET | 비밀글로 남기기