Ƙirƙirar Runduna Mai Kyau, Ƙirƙirar Takaddun shaida na SSL & Maɓallai kuma Kunna Ƙofar CGI a cikin Linux Gentoo


Koyawa ta ƙarshe akan Shigar da LAMP a cikin Gentoo Linux kawai ya rufe ainihin tsarin shigarwa ba tare da ƙarin saitunan da ke akwai don Apache don sarrafa yankunan ku ba.

Wannan koyaswar tana da alaƙa sosai da wacce ta gabata akan Gentoo LAMP kuma tana tattauna ƙarin saitunan don yanayin LAMP kamar ƙirƙira Mai watsa shiri na gani akan Apache, samar da > SSL Fayilolin takaddun shaida da Maɓallai, ba da damar amintacciyar yarjejeniya ta SSL akan ma'amalar HTTP kuma yi amfani da Apache Ƙofar CGI don haka za ku iya gudanar da Perl ko Rubutun Bash akan gidan yanar gizon ku.

  1. Shiga LAMP a cikin Gentoo Linux

Mataki 1: Ƙirƙiri Apache Virtual Runduna

Wannan batu yana amfani da sunan yanki na karya - gentoo.lan - an kunna shi ta fayil ɗin runduna na gida, tare da fayilolin gidan yanar gizon da aka aika daga /var/www/gentoo.lan - DocumentRoot umarni, ba tare da ingantaccen rikodin DNS ba, don nuna yadda ake iya kunna Runduna Mai Kyau da yawa akan Gentoo ta amfani da Sabar gidan yanar gizo ta Apache.

1. Don farawa, buɗe fayil ɗin Gentoo runduna don gyarawa kuma ƙara sabon layi tare da sunan yankin ku.

$ sudo nano /etc/hosts

A ƙarshen fayil ɗin sanya shi yayi kama da wannan.

127.0.0.1 localhost gentoo
192.168.1.13  gentoo.lan

2. Gwada yankin ku na karya da umarnin ping kuma yankin ya kamata ya amsa da adireshin IP.

$ ping -c2 gentoo.lan

3. Tsarin kunna Apache Virtual Runduna abu ne mai sauƙi. Kawai bude Apache tsoho fayil ɗin runduna da ke kan /etc/apache2/vhosts.d/ hanya kuma kafin bayanin na ƙarshe, shigar da sabon ma'anar Mai watsa shiri na Virtual wanda ke rufe a ƙarƙashin umarni. c

Ya ƙunshi saitunanku na al'ada kamar ServerName da hanyar DocumentRoot. Yi amfani da samfurin fayil ɗin mai zuwa azaman jagora don sabon Mai watsa shiri na Kaya kuma haɗa shi kan fayil ɗin 00_default_vhost.conf (don gidajen yanar gizo marasa SSL).

$ sudo nano /etc/apache2/vhosts.d/00_default_vhost.conf
## Another Virtual hosts statemes ending in </VirtualHost> ###

<VirtualHost *:80>
        ServerName gentoo.lan
        DocumentRoot "/var/www/gentoo.lan"
                        <Directory "/var/www/gentoo.lan"
                Options Indexes FollowSymLinks ExecCGI MultiViews
         # AllowOverride controls what directives may be placed in .htaccess files.       
                        AllowOverride All
        # Controls who can get stuff from this server file
                        Order allow,deny
                        Allow from all
        </Directory>
        <IfModule mpm_peruser_module>
                ServerEnvironment apache apache
        </IfModule>
</VirtualHost>

## Another Virtual hosts statemes ###
## LAST STATEMENT which closes virtual hosts file ##

</IfDefine>

Kamar yadda kuke gani ta hanyar hangen nesa wannan abun cikin fayil ɗin, fayil ɗin yana da sharhi sosai tare da bayani kuma yana kiyaye localhost Ma'anar Mai watsa shiri na Virtual - wanda zaku iya amfani dashi azaman jagora.

4. Bayan gama gyara fayil ɗin tare da Mai watsa shiri na al'ada, sake kunna Apache don amfani da saituna kuma tabbatar da cewa kun ƙirƙiri DocumentRoot directory idan kun canza wannan umarnin kuma hanyar ba ta wanzu ta tsohuwa ( in an canza wannan shari'ar zuwa /var/www/gentoo.lan). Na kuma ƙirƙiri ƙaramin fayil ɗin PHP don gwada saitunan sabar gidan yanar gizo.

$ sudo mkdir /var/www/gentoo.lan
$ su "echo '<?php phpinfo(); ?>' > /var/www/gentoo.lan/info.php"
$ sudo /etc/init.d/apache2 restart

5. Don tabbatar da shi, buɗe mashigar bincike sannan ka nuna masa sunan yankinka na gaskiya http://gentoo.lan/info.php.

Yin amfani da wannan hanya za ku iya ƙara yawan gidajen yanar gizo marasa SSL kamar yadda kuke so ta amfani da Apache Virtual Hosts, amma don ainihin na'ura mai fuskantar Intanet tabbatar da cewa kuna da rajistar yankunan ku kuma kuna amfani da bayanan sabar DNS mai inganci.

Don cire Mai watsa shiri na Farko kawai yin sharhi ko share umarninsa da ke ƙarƙashin akan fayil 00_default_vhost.conf.

Mataki 2: Ƙirƙirar Takaddun shaida na SSL da Maɓallai don Runduna Mai Kyau

SSL ƙa'idar sirri ce da ake amfani da ita don musanya bayanai akan amintacciyar tashar sadarwa a Intanet ko cikin cibiyoyin sadarwa ta amfani da Takaddun shaida da Maɓallai masu simmetric/asymmetric.

6. Don sauƙaƙe Takaddun shaida da tsarin tsara maɓalli yi amfani da rubutun Bash mai zuwa wanda ke aiki azaman umarni kuma ta atomatik ƙirƙirar duk abin da kuke buƙata tare da saitunan sunan yankin ku na SSL.

Fara farawa ta hanyar ƙirƙirar rubutun Bash ta amfani da umarni mai zuwa.

$ sudo nano /usr/local/bin/apache_gen_ssl

Ƙara abun cikin fayil mai zuwa.

#!/bin/bash
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
echo -e "Enter a name for this certificate:\nEx: mydomain.lan"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The certificate $cert has been generated!\nPlease link it to Apache SSL website!"
ls -all /etc/apache2/ssl/
exit 0

7. Bayan an ƙirƙiri fayil ɗin, ƙara aiwatar da izini akansa kuma gudanar da shi don samar da Maɓallan SSL da Takaddun shaida.

$ sudo chmod +x /usr/local/bin/apache_gen_ssl
$ sudo apache_gen_ssl

Lokacin da kuka kunna shi a farkon lokaci, zai tambaye ku don shigar da sunan ku na yanki. Shigar da sunan yankin wanda kuke ƙirƙirar saitunan SSL kuma ku cika Takaddun shaida tare da bayanan da ake buƙata, mafi mahimmanci, Sunan gama gari, yi amfani da uwar garken FQDN.

Tsohuwar wurin inda duk Takaddun shaida da Maɓallai ke karbar bakuncin ta amfani da wannan hanyar shine /etc/apache2/ssl/.

8. Yanzu lokaci ya yi da za a ƙirƙira gentoo.lan Mai watsa shiri SSL daidai. Yi amfani da hanya iri ɗaya da waɗanda ba na SSL Virtual Hosts ba amma wannan lokacin gyara /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf fayil tare da ɗan canje-canje.

Da farko bude fayil don gyarawa kuma yi canje-canje masu zuwa.

$ sudo nano /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf

Karkashin Saurari 443 umarnin ƙara abun ciki mai zuwa.

NameVirtualHost *:443

Yi amfani da samfuri mai zuwa don sabon Mai watsa shiri na Kaya kuma ƙara sabon Takaddun shaida na SSL + Hanyar maɓalli da sunaye.

## Another Virtual hosts statemes ending in </VirtualHost> ###

<VirtualHost *:443>
                ServerName gentoo.lan
    DocumentRoot "/var/www/gentoo.lan"
                ErrorLog /var/log/apache2/gentoo.lan-ssl_error_log
                <IfModule log_config_module>
                                TransferLog /var/log/apache2/gentoo.lan-ssl_access_log
                </IfModule>

                SSLEngine on
                SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

## Edit with new generated SSL certificate and key and change path to /etc/apache2/ssl/

		SSLCertificateFile /etc/apache2/ssl/gentoo.lan.crt
		SSLCertificateKeyFile /etc/apache2/ssl/gentoo.lan.key

                <Directory "/var/www/gentoo.lan">
                                Options Indexes FollowSymLinks ExecCGI MultiViews Includes
                                AllowOverride All
			        Order allow,deny
        			Allow from all
                </Directory>

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>

                <Directory "/var/www/gentoo.lan ">
                                SSLOptions +StdEnvVars
                </Directory>

                <IfModule setenvif_module>
                                BrowserMatch ".*MSIE.*" \
                                                nokeepalive ssl-unclean-shutdown \
                                                downgrade-1.0 force-response-1.0
                </IfModule>

                <IfModule log_config_module>
                                CustomLog /var/log/apache2/ssl_request_log \
                                                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                </IfModule>
</VirtualHost>

## Another Virtual hosts statements ###

Ma'anar Runduna Mai Runduna dole ne su ƙare kafin wannan kalamai uku na ƙarshe.

</IfModule>
</IfDefine>
</IfDefine>

9. Bayan gama gyara fayil ɗin Mai watsa shiri na Virtual, sake kunna sabis na Apache kuma ka tura mai bincikenka zuwa yankinka ta amfani da HTTPS protocol https://gentoo.lan.

$ sudo /etc/init.d/apache2 restart

Amfani da wannan hanya, zaku iya ƙara shafukan yanar gizo na SSL tare da Takaddun shaida da Maɓallai ta amfani da Apache Virtual Hosts. Don cire SSL Virtual Hosts yin sharhi ko share umarninsa da ke ƙarƙashin akan /etc/apache2/vhosts.d/00_default_ssl_vhosts.conf fayil.

Mataki 3: Kunna CGI Interface

The CGI (Common Gateway Interface) yana ba Apache damar yin hulɗa tare da shirye-shiryen waje, na farko wanda ya ƙunshi rubutun Perl ko BASH, wanda zai iya ƙara abun ciki mai ƙarfi zuwa gidan yanar gizon ku.

10. Kafin kunna ƙofofin CGI tabbatar da an haɗa Apache da Amfani CGI modules goyan bayan tutocin Portage make.conf fayil: cgi cgid. Don ba da damar tallafin GCI don Apache buɗe /etc/conf.d/apache2 fayil kuma saka tsarin CGI akan layin APACHE2_OPTS.

$ sudo nano /etc/conf.d/apache2

Tabbatar cewa wannan layin yana da irin wannan abun ciki.

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D STATUS -D CGI"

11. Bayan CGI modules an kunna, bude your website definition host kana so ka kunna CGI interface da kuma ƙara da wadannan abun ciki a cikin Virtual Host umarnin.

<Directory "/var/www/gentoo.lan">
	Options Indexes +ExecCGI MultiViews
        AddHandler cgi-script .cgi .pl
	DirectoryIndex index.cgi index.php index.html index.pl
        AllowOverride All
        Order allow,deny
        Allow from all
</Directory>

12. Idan kana da kundin adireshi a cikin DocumentRoot (/var/www/gentoo.lan/) hanyar da ke riƙe da rubutun CGI za ka iya ba da damar kawai wannan littafin don yin hidimar rubutun Perl ko Bash mai ƙarfi.

ScriptAlias /cgi-bin/ /var/www/gentoo.lan/cgi-bin/

<Location /cgi-bin>
                Options +ExecCGI
AddHandler cgi-script .cgi .pl
 DirectoryIndex index.cgi index.php index.html index.pl
</Location>

13. Don SSI (Server Side ya haɗa da) ƙara +Haɗa sanarwa akan Zaɓuɓɓuka kuma ƙara .shtml tsawo na fayil.

<Directory "/var/www/gentoo.lan">
                                Options Indexes +ExecCGI +Includes
                                AddHandler cgi-script .cgi .pl
                AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
        DirectoryIndex index.shtml index.cgi index.pl index.php index.html
                AllowOverride All
                Order allow,deny
                Allow from all
</Directory>

14. Don gwada wasu sauƙaƙan rubutun .cgi da .pl akan ƙofar Apache CGI ƙirƙira waɗannan rubutun a cikin ku Mai Runduna Mai Runduna DocumentRoot (/var/www/gentoo. zan/).

$ sudo nano /var/www/gentoo.lan/env.pl

Ƙara abun cikin Perl mai zuwa.

#!/usr/bin/perl
print "Content-type: text/html\n\n"; foreach my $keys (sort keys %ENV) { print "$keys =
$ENV{$keys}<br/>\n";
}
$ sudo nano /var/www/gentoo.lan/run.cgi

Ƙara abun ciki na Bash mai zuwa.

#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "---------------------------------------------------------------------------------"
              ./env.pl 
echo "---------------------------------------------------------------------------------"

15. Bayan an ƙirƙiri fayilolin, sanya su aiwatarwa, sake kunna Apache daemon kuma nuna mai binciken ku zuwa URL masu zuwa.

$ sudo chmod +x /var/www/gentoo.lan/run.cgi
$ sudo chmod +x /var/www/gentoo.lan/env.pl
$ sudo /etc/init.d/apache2 restart
https://gentoo.lan/run.cgi 

OR

https://gentoo.lan/env.pl

Yanzu zaku iya canza Gentoo zuwa dandamali mai ƙarfi na yanar gizo tare da kyawawan saitunan daidaitawa don aikin tsarin ku da matsakaicin iko akan duk yanayin ku.