Ƙirƙirar Runduna Mai Kyau, Ƙirƙirar Takaddun shaida na SSL & Maɓallai kuma Kunna Ƙofar CGI a cikin Linux Gentoo
Koyawa ta ƙarshe akan Shigar da LAMP a cikin Gentoo Linux kawai ya rufe ainihin tsarin shigarwa ba tare da ƙarin saitunan da ke akwai don Apache don sarrafa yankunan ku ba.
Wannan koyaswar tana da alaƙa sosai da wacce ta gabata akan Gentoo LAMP kuma tana tattauna ƙarin saitunan don yanayin LAMP kamar ƙirƙira Mai watsa shiri na gani akan Apache, samar da > SSL Fayilolin takaddun shaida da Maɓallai, ba da damar amintacciyar yarjejeniya ta SSL akan ma'amalar HTTP kuma yi amfani da Apache Ƙofar CGI don haka za ku iya gudanar da Perl ko Rubutun Bash akan gidan yanar gizon ku.
- Shiga LAMP a cikin Gentoo Linux
Mataki 1: Ƙirƙiri Apache Virtual Runduna
Wannan batu yana amfani da sunan yanki na karya - gentoo.lan - an kunna shi ta fayil ɗin runduna na gida, tare da fayilolin gidan yanar gizon da aka aika daga /var/www/gentoo.lan - DocumentRoot umarni, ba tare da ingantaccen rikodin DNS ba, don nuna yadda ake iya kunna Runduna Mai Kyau da yawa akan Gentoo ta amfani da Sabar gidan yanar gizo ta Apache.
1. Don farawa, buɗe fayil ɗin Gentoo runduna don gyarawa kuma ƙara sabon layi tare da sunan yankin ku.
$ sudo nano /etc/hosts
A ƙarshen fayil ɗin sanya shi yayi kama da wannan.
127.0.0.1 localhost gentoo 192.168.1.13 gentoo.lan
2. Gwada yankin ku na karya da umarnin ping kuma yankin ya kamata ya amsa da adireshin IP.
$ ping -c2 gentoo.lan
3. Tsarin kunna Apache Virtual Runduna abu ne mai sauƙi. Kawai bude Apache tsoho fayil ɗin runduna da ke kan /etc/apache2/vhosts.d/ hanya kuma kafin bayanin na ƙarshe, shigar da sabon ma'anar Mai watsa shiri na Virtual wanda ke rufe a ƙarƙashin … umarni. c
Ya ƙunshi saitunanku na al'ada kamar ServerName da hanyar DocumentRoot. Yi amfani da samfurin fayil ɗin mai zuwa azaman jagora don sabon Mai watsa shiri na Kaya kuma haɗa shi kan fayil ɗin 00_default_vhost.conf (don gidajen yanar gizo marasa SSL).
$ sudo nano /etc/apache2/vhosts.d/00_default_vhost.conf
## Another Virtual hosts statemes ending in </VirtualHost> ### <VirtualHost *:80> ServerName gentoo.lan DocumentRoot "/var/www/gentoo.lan" <Directory "/var/www/gentoo.lan" Options Indexes FollowSymLinks ExecCGI MultiViews # AllowOverride controls what directives may be placed in .htaccess files. AllowOverride All # Controls who can get stuff from this server file Order allow,deny Allow from all </Directory> <IfModule mpm_peruser_module> ServerEnvironment apache apache </IfModule> </VirtualHost> ## Another Virtual hosts statemes ### ## LAST STATEMENT which closes virtual hosts file ## </IfDefine>
Kamar yadda kuke gani ta hanyar hangen nesa wannan abun cikin fayil ɗin, fayil ɗin yana da sharhi sosai tare da bayani kuma yana kiyaye localhost Ma'anar Mai watsa shiri na Virtual - wanda zaku iya amfani dashi azaman jagora.
4. Bayan gama gyara fayil ɗin tare da Mai watsa shiri na al'ada, sake kunna Apache don amfani da saituna kuma tabbatar da cewa kun ƙirƙiri DocumentRoot directory idan kun canza wannan umarnin kuma hanyar ba ta wanzu ta tsohuwa ( in an canza wannan shari'ar zuwa /var/www/gentoo.lan). Na kuma ƙirƙiri ƙaramin fayil ɗin PHP don gwada saitunan sabar gidan yanar gizo.
$ sudo mkdir /var/www/gentoo.lan $ su "echo '<?php phpinfo(); ?>' > /var/www/gentoo.lan/info.php" $ sudo /etc/init.d/apache2 restart
5. Don tabbatar da shi, buɗe mashigar bincike sannan ka nuna masa sunan yankinka na gaskiya http://gentoo.lan/info.php.
Yin amfani da wannan hanya za ku iya ƙara yawan gidajen yanar gizo marasa SSL kamar yadda kuke so ta amfani da Apache Virtual Hosts, amma don ainihin na'ura mai fuskantar Intanet tabbatar da cewa kuna da rajistar yankunan ku kuma kuna amfani da bayanan sabar DNS mai inganci.
Don cire Mai watsa shiri na Farko kawai yin sharhi ko share umarninsa da ke ƙarƙashin … akan fayil 00_default_vhost.conf.
Mataki 2: Ƙirƙirar Takaddun shaida na SSL da Maɓallai don Runduna Mai Kyau
SSL ƙa'idar sirri ce da ake amfani da ita don musanya bayanai akan amintacciyar tashar sadarwa a Intanet ko cikin cibiyoyin sadarwa ta amfani da Takaddun shaida da Maɓallai masu simmetric/asymmetric.
6. Don sauƙaƙe Takaddun shaida da tsarin tsara maɓalli yi amfani da rubutun Bash mai zuwa wanda ke aiki azaman umarni kuma ta atomatik ƙirƙirar duk abin da kuke buƙata tare da saitunan sunan yankin ku na SSL.
Fara farawa ta hanyar ƙirƙirar rubutun Bash ta amfani da umarni mai zuwa.
$ sudo nano /usr/local/bin/apache_gen_ssl
Ƙara abun cikin fayil mai zuwa.
#!/bin/bash mkdir /etc/apache2/ssl cd /etc/apache2/ssl echo -e "Enter a name for this certificate:\nEx: mydomain.lan" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate $cert has been generated!\nPlease link it to Apache SSL website!" ls -all /etc/apache2/ssl/ exit 0
7. Bayan an ƙirƙiri fayil ɗin, ƙara aiwatar da izini akansa kuma gudanar da shi don samar da Maɓallan SSL da Takaddun shaida.
$ sudo chmod +x /usr/local/bin/apache_gen_ssl $ sudo apache_gen_ssl
Lokacin da kuka kunna shi a farkon lokaci, zai tambaye ku don shigar da sunan ku na yanki. Shigar da sunan yankin wanda kuke ƙirƙirar saitunan SSL kuma ku cika Takaddun shaida tare da bayanan da ake buƙata, mafi mahimmanci, Sunan gama gari, yi amfani da uwar garken FQDN.
Tsohuwar wurin inda duk Takaddun shaida da Maɓallai ke karbar bakuncin ta amfani da wannan hanyar shine /etc/apache2/ssl/.
8. Yanzu lokaci ya yi da za a ƙirƙira gentoo.lan Mai watsa shiri SSL daidai. Yi amfani da hanya iri ɗaya da waɗanda ba na SSL Virtual Hosts ba amma wannan lokacin gyara /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf fayil tare da ɗan canje-canje.
Da farko bude fayil don gyarawa kuma yi canje-canje masu zuwa.
$ sudo nano /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf
Karkashin Saurari 443 umarnin ƙara abun ciki mai zuwa.
NameVirtualHost *:443
Yi amfani da samfuri mai zuwa don sabon Mai watsa shiri na Kaya kuma ƙara sabon Takaddun shaida na SSL + Hanyar maɓalli da sunaye.
## Another Virtual hosts statemes ending in </VirtualHost> ### <VirtualHost *:443> ServerName gentoo.lan DocumentRoot "/var/www/gentoo.lan" ErrorLog /var/log/apache2/gentoo.lan-ssl_error_log <IfModule log_config_module> TransferLog /var/log/apache2/gentoo.lan-ssl_access_log </IfModule> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL ## Edit with new generated SSL certificate and key and change path to /etc/apache2/ssl/ SSLCertificateFile /etc/apache2/ssl/gentoo.lan.crt SSLCertificateKeyFile /etc/apache2/ssl/gentoo.lan.key <Directory "/var/www/gentoo.lan"> Options Indexes FollowSymLinks ExecCGI MultiViews Includes AllowOverride All Order allow,deny Allow from all </Directory> <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/var/www/gentoo.lan "> SSLOptions +StdEnvVars </Directory> <IfModule setenvif_module> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfModule> <IfModule log_config_module> CustomLog /var/log/apache2/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </IfModule> </VirtualHost> ## Another Virtual hosts statements ###
Ma'anar Runduna Mai Runduna dole ne su ƙare kafin wannan kalamai uku na ƙarshe.
</IfModule> </IfDefine> </IfDefine>
9. Bayan gama gyara fayil ɗin Mai watsa shiri na Virtual, sake kunna sabis na Apache kuma ka tura mai bincikenka zuwa yankinka ta amfani da HTTPS protocol https://gentoo.lan.
$ sudo /etc/init.d/apache2 restart
Amfani da wannan hanya, zaku iya ƙara shafukan yanar gizo na SSL tare da Takaddun shaida da Maɓallai ta amfani da Apache Virtual Hosts. Don cire SSL Virtual Hosts yin sharhi ko share umarninsa da ke ƙarƙashin … akan /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf fayil.
Mataki 3: Kunna CGI Interface
The CGI (Common Gateway Interface) yana ba Apache damar yin hulɗa tare da shirye-shiryen waje, na farko wanda ya ƙunshi rubutun Perl ko BASH, wanda zai iya ƙara abun ciki mai ƙarfi zuwa gidan yanar gizon ku.
10. Kafin kunna ƙofofin CGI tabbatar da an haɗa Apache da Amfani CGI modules goyan bayan tutocin Portage make.conf fayil: cgi cgid. Don ba da damar tallafin GCI don Apache buɗe /etc/conf.d/apache2 fayil kuma saka tsarin CGI akan layin APACHE2_OPTS.
$ sudo nano /etc/conf.d/apache2
Tabbatar cewa wannan layin yana da irin wannan abun ciki.
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D STATUS -D CGI"
11. Bayan CGI modules an kunna, bude your website definition host kana so ka kunna CGI interface da kuma ƙara da wadannan abun ciki a cikin Virtual Host umarnin.
<Directory "/var/www/gentoo.lan"> Options Indexes +ExecCGI MultiViews AddHandler cgi-script .cgi .pl DirectoryIndex index.cgi index.php index.html index.pl AllowOverride All Order allow,deny Allow from all </Directory>
12. Idan kana da kundin adireshi a cikin DocumentRoot (/var/www/gentoo.lan/) hanyar da ke riƙe da rubutun CGI za ka iya ba da damar kawai wannan littafin don yin hidimar rubutun Perl ko Bash mai ƙarfi.
ScriptAlias /cgi-bin/ /var/www/gentoo.lan/cgi-bin/ <Location /cgi-bin> Options +ExecCGI AddHandler cgi-script .cgi .pl DirectoryIndex index.cgi index.php index.html index.pl </Location>
13. Don SSI (Server Side ya haɗa da) ƙara +Haɗa sanarwa akan Zaɓuɓɓuka kuma ƙara .shtml tsawo na fayil.
<Directory "/var/www/gentoo.lan"> Options Indexes +ExecCGI +Includes AddHandler cgi-script .cgi .pl AddType text/html .shtml AddOutputFilter INCLUDES .shtml DirectoryIndex index.shtml index.cgi index.pl index.php index.html AllowOverride All Order allow,deny Allow from all </Directory>
14. Don gwada wasu sauƙaƙan rubutun .cgi da .pl akan ƙofar Apache CGI ƙirƙira waɗannan rubutun a cikin ku Mai Runduna Mai Runduna DocumentRoot (/var/www/gentoo. zan/).
$ sudo nano /var/www/gentoo.lan/env.pl
Ƙara abun cikin Perl mai zuwa.
#!/usr/bin/perl print "Content-type: text/html\n\n"; foreach my $keys (sort keys %ENV) { print "$keys = $ENV{$keys}<br/>\n"; }
$ sudo nano /var/www/gentoo.lan/run.cgi
Ƙara abun ciki na Bash mai zuwa.
#!/bin/bash echo "Content-type: text/html" echo "" echo "---------------------------------------------------------------------------------" ./env.pl echo "---------------------------------------------------------------------------------"
15. Bayan an ƙirƙiri fayilolin, sanya su aiwatarwa, sake kunna Apache daemon kuma nuna mai binciken ku zuwa URL masu zuwa.
$ sudo chmod +x /var/www/gentoo.lan/run.cgi $ sudo chmod +x /var/www/gentoo.lan/env.pl $ sudo /etc/init.d/apache2 restart
https://gentoo.lan/run.cgi OR https://gentoo.lan/env.pl
Yanzu zaku iya canza Gentoo zuwa dandamali mai ƙarfi na yanar gizo tare da kyawawan saitunan daidaitawa don aikin tsarin ku da matsakaicin iko akan duk yanayin ku.