Yadda ake Saita Sabar Apache ta Standalone tare da Hosting na tushen Suna tare da Certificate SSL - Sashe na 4
A LFCE (gajeren Linux Foundation Certified Engineer) ƙwararren ƙwararren ƙwararren ƙwararren ne wanda ke da ƙwarewa don shigarwa, sarrafawa, da magance ayyukan cibiyar sadarwa a cikin tsarin Linux, kuma shine ke kula da ƙira, aiwatarwa da ci gaba da kiyaye tsarin gine-ginen.
A cikin wannan labarin za mu nuna muku yadda ake saita Apache don yin hidima ga abun cikin gidan yanar gizo, da kuma yadda ake saita runduna masu kama da suna da SSL, gami da takardar shedar sa hannu.
Gabatar da Shirin Takaddun Shaida na Gidauniyar Linux (LFCE).
Lura: Wannan labarin bai kamata ya zama cikakken jagora akan Apache ba, amma a maimakon haka mafari ne don nazarin kai game da wannan batu don jarrabawar LFCE. Don haka ba ma rufe ma'aunin nauyi tare da Apache a cikin wannan koyawa ko dai.
Wataƙila kun riga kun san wasu hanyoyin da za ku iya aiwatar da ayyuka iri ɗaya, wanda shine Ok la’akari da cewa Takaddun Takaddun Gidauniyar Linux ta dogara ne akan aiki. Don haka, idan dai kuna ‘samu aikin, kuna da kyakkyawar damar cin jarrabawar.
Da fatan za a koma zuwa Sashe na 1 na jerin na yanzu (\Shigar da Sabis na Yanar Gizo da Tsabtace Farawa Ta atomatik a Boot) don umarni kan shigarwa da farawa Apache.
Zuwa yanzu, yakamata a shigar da sabar gidan yanar gizo na Apache kuma yana gudana. Kuna iya tabbatar da wannan tare da umarni mai zuwa.
# ps -ef | grep -Ei '(apache|httpd)' | grep -v grep
Lura: Cewa umarnin da ke sama yana bincika kasancewar ko dai apache ko httpd (sunaye na yau da kullun na daemon yanar gizo) a cikin jerin hanyoyin tafiyarwa. Idan Apache yana gudana, zaku sami fitarwa mai kama da masu zuwa.
Babbar hanyar gwada shigarwar Apache da duba ko yana gudana shine ƙaddamar da mai binciken gidan yanar gizo kuma yana nuna IP na sabar. Ya kamata a gabatar da mu tare da allon mai zuwa ko aƙalla saƙo mai tabbatar da cewa Apache yana aiki.
Ana saita Apache
Babban fayil ɗin sanyi na Apache na iya kasancewa a cikin kundayen adireshi daban-daban dangane da rarrabawar ku.
/etc/apache2/apache2.conf [For Ubuntu] /etc/httpd/conf/httpd.conf [For CentOS] /etc/apache2/httpd.conf [For openSUSE]
An yi sa'a a gare mu, umarnin daidaitawa an rubuta su sosai a cikin rukunin yanar gizon aikin Apache. Za mu yi nuni ga wasu daga cikinsu a cikin wannan labarin.
Mafi mahimmancin amfani da Apache shine yin hidimar shafukan yanar gizo a cikin uwar garken kadaici inda ba a saita runduna ta yau da kullun ba tukuna. Umarnin DocumentRoot yana ƙayyadaddun kundin adireshi wanda Apache zai yi amfani da takaddun shafukan yanar gizo daga ciki.
Lura cewa ta tsohuwa, ana ɗaukar duk buƙatun daga wannan jagorar, amma kuma kuna iya amfani da hanyoyin haɗin yanar gizo da/ko laƙabi don nunawa wasu wurare kuma.
Sai dai idan an yi daidai da umarnin Alias (wanda ke ba da damar adana takardu a cikin tsarin fayil na gida maimakon ƙarƙashin kundin adireshi da DocumentRoot kayyade), uwar garken yana ƙara hanyar daga URL ɗin da ake nema. zuwa tushen daftarin aiki don yin hanyar zuwa takaddar.
Misali, an ba da mai zuwa DocumentRoot:
Lokacin da burauzar gidan yanar gizo ke nunawa [Server IP ko hostname]/lfce/tecmint.html, uwar garken zai buɗe /var/ www/html/lfce/tecmint.html(zaton cewa akwai irin wannan fayil ɗin) kuma ajiye taron zuwa wurin shigansa tare da amsa 200 (OK).
Ana samun log ɗin shiga yawanci a cikin /var/log ƙarƙashin sunan wakilci, kamar access.log ko access_log. Kuna iya samun ma wannan log ɗin (da kuma bayanan kuskuren) a cikin babban kundin adireshi (misali, /var/log/httpd a cikin CentOS). In ba haka ba, har ila yau za a shigar da abin da ya gaza shiga cikin rajistar shiga amma tare da amsa 404 (Ba a samo ba).
Bugu da ƙari, za a rubuta abubuwan da suka gaza a cikin kuskure log:
Tsarin Log shiga ana iya keɓance shi gwargwadon buƙatunku ta amfani da umarnin LogFormat a cikin babban fayil ɗin daidaitawa, alhali ba za ku iya yin haka tare da kuskuren log ɗin ba. .
Tsoffin tsarin access log shine kamar haka:
LogFormat "%h %l %u %t \"%r\" %>s %b" [nickname]
Inda kowane haruffan da ke gaba da alamar kashi yana nuna uwar garken don shiga wani yanki na bayanai:
da laƙabin laƙabi laƙabi ne na zaɓi wanda za a iya amfani da shi don keɓance wasu rajistan ayyukan ba tare da sake shigar da dukkan igiyoyin daidaitawa ba.
Kuna iya komawa ga umarnin LogFormat [Sashen Tsarin log ɗin Custom] a cikin takaddun Apache don ƙarin zaɓuɓɓuka.
Duk fayilolin log ɗin biyu (access da kuskure) suna wakiltar babban hanya don yin nazari da sauri a kallon abin da ke faruwa akan sabar Apache. Ba lallai ba ne a faɗi, su ne kayan aiki na farko da mai gudanar da tsarin ke amfani da shi don magance matsalolin.
A ƙarshe, wani muhimmin umarni shine Saurara, wanda ke gaya wa uwar garken don karɓar buƙatun masu shigowa akan ƙayyadadden tashar tashar jiragen ruwa ko haɗin adireshi/tashar:
Idan kawai an ayyana lambar tashar tashar jiragen ruwa, Apache zai saurari tashar da aka bayar akan duk hanyoyin sadarwa na cibiyar sadarwa (alamar kati * ana amfani da ita don nuna 'duk hanyoyin sadarwa').
Idan an ƙayyade adireshin IP da tashar jiragen ruwa, to apache zai saurari haɗin da aka ba da tashar jiragen ruwa da cibiyar sadarwa.
Da fatan za a lura (kamar yadda za ku gani a cikin misalan da ke ƙasa) cewa ana iya amfani da umarnin Sauraro da yawa a lokaci guda don tantance adireshi da tashoshin jiragen ruwa da yawa don saurare. Wannan zaɓi yana umurtar uwar garken don amsa buƙatun daga kowane adireshi da mashigai da aka jera.
Ƙirƙirar Ƙwaƙwalwar Ƙwaƙwalwar Suna
Manufar runduna ta kama-da-wane tana bayyana wani rukunin mutum ɗaya (ko yanki) wanda injin zahiri ɗaya ke aiki. A haƙiƙa, ana iya ba da shafuka/yankuna da yawa daga sabar guda ɗaya \ainihin a matsayin uwar garken kama-da-wane. Wannan tsari a bayyane yake ga mai amfani na ƙarshe, wanda ya bayyana cewa ana ba da rukunin shafuka daban-daban ta musamman. sabobin yanar gizo.
Haɗin kai na tushen suna yana ba uwar garken damar dogara ga abokin ciniki don ba da rahoton sunan mai masaukin a matsayin wani ɓangare na taken HTTP. Don haka, ta amfani da wannan fasaha, yawancin runduna daban-daban na iya raba adireshin IP iri ɗaya.
Ana saita kowane mai masaukin baki a cikin kundin adireshi a cikin DocumentRoot. Dangane da yanayin mu, za mu yi amfani da waɗannan wuraren dummy masu zuwa don saitin gwaji, kowanne yana cikin kundin adireshi:
- ilovelinux.com - /var/www/html/ilovelinux.com/public_html
- linuxrocks.org - /var/www/html/linuxrocks.org/public_html
Domin a nuna shafuna daidai, za mu chmod kowane adireshin VirtualHost zuwa 755:
# chmod -R 755 /var/www/html/ilovelinux.com/public_html # chmod -R 755 /var/www/html/linuxrocks.org/public_html
Na gaba, ƙirƙiri samfurin index.html a cikin kowane kundin adireshin public_html:
<html>
<head>
<title>www.ilovelinux.com</title>
</head>
<body>
<h1>This is the main page of www.ilovelinux.com</h1>
</body>
</html>
A ƙarshe, a cikin CentOS da openSUSE ƙara sashe mai zuwa a kasan /etc/httpd/conf/httpd.conf ko / etc/apache2/httpd.conf, bi da bi, ko kawai gyara shi idan ya riga ya kasance.
<VirtualHost *:80>
ServerAdmin [email
DocumentRoot /var/www/html/ilovelinux.com/public_html
ServerName www.ilovelinux.com
ServerAlias www.ilovelinux.com ilovelinux.com
ErrorLog /var/www/html/ilovelinux.com/error.log
LogFormat "%v %l %u %t \"%r\" %>s %b" myvhost
CustomLog /var/www/html/ilovelinux.com/access.log myvhost
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email
DocumentRoot /var/www/html/linuxrocks.org/public_html
ServerName www.linuxrocks.org
ServerAlias www.linuxrocks.org linuxrocks.org
ErrorLog /var/www/html/linuxrocks.org/error.log
LogFormat "%v %l %u %t \"%r\" %>s %b" myvhost
CustomLog /var/www/html/linuxrocks.org/access.log myvhost
</VirtualHost>
Da fatan za a lura cewa za ku iya ƙara kowane ma'anar runduna mai kama-da-wane a cikin fayiloli daban-daban a cikin /etc/httpd/conf.d directory. Idan kun zaɓi yin haka, kowane fayil ɗin sanyi dole ne a sanya suna kamar haka:
/etc/httpd/conf.d/ilovelinux.com.conf /etc/httpd/conf.d/linuxrocks.org.conf
A wasu kalmomi, kuna buƙatar ƙara .conf zuwa rukunin yanar gizon ko sunan yanki.
A cikin Ubuntu, kowane fayil ɗin daidaitawa suna suna /etc/apache2/sites-available/[site name].conf. Ana kunna ko kashe kowane rukunin yanar gizon tare da umarnin a2ensite ko a2dissite, bi da bi, kamar haka.
# a2ensite /etc/apache2/sites-available/ilovelinux.com.conf # a2dissite /etc/apache2/sites-available/ilovelinux.com.conf # a2ensite /etc/apache2/sites-available/linuxrocks.org.conf # a2dissite /etc/apache2/sites-available/linuxrocks.org.conf
Umurnin a2ensite da a2dissite suna ƙirƙirar hanyoyin haɗin kai zuwa fayil ɗin daidaitawar runduna kuma sanya (ko cire su) a cikin /etc/apache2/sites-enabled > directory.
Don samun damar yin lilo zuwa rukunin yanar gizon guda biyu daga wani akwatin Linux, kuna buƙatar ƙara layin masu zuwa a cikin fayil ɗin /etc/hosts a cikin wannan injin don tura buƙatun zuwa waɗannan wuraren zuwa takamaiman IP. adireshin
[IP address of your web server] www.ilovelinux.com [IP address of your web server] www.linuxrocks.org
A matsayin ma'aunin tsaro, SELinux ba zai ƙyale Apache ya rubuta rajistan ayyukan zuwa kundin adireshi ban da tsoho /var/log/httpd.
Kuna iya ko dai musaki SELinux, ko saita mahallin tsaro daidai:
# chcon system_u:object_r:httpd_log_t:s0 /var/www/html/xxxxxx/error.log
inda xxxxxx shine kundin adireshi a cikin /var/www/html inda kuka ayyana ma'aikatan rundunan ku.
Bayan sake kunna Apache, yakamata ku ga shafi mai zuwa a adiresoshin da ke sama:
Shigarwa da Sanya SSL tare da Apache
A ƙarshe, za mu ƙirƙira kuma za mu shigar da takardar shedar mai sanya hannu don amfani da Apache. Irin wannan saitin yana da karɓa a cikin ƙananan wurare, kamar LAN mai zaman kansa.
Duk da haka, idan uwar garken ku za ta fallasa abun ciki ga duniyar waje ta Intanet, za ku so ku shigar da takardar shaidar da wani ɓangare na 3 ya rattaba hannu don tabbatar da sahihancinsa. Ko ta yaya, takaddun shaida zai ba ku damar ɓoye bayanan da aka aika zuwa, daga, ko cikin rukunin yanar gizonku.
A cikin CentOS da openSUSE, kuna buƙatar shigar da fakitin mod_ssl.
# yum update && yum install mod_ssl [On CentOS] # zypper refresh && zypper install mod_ssl [On openSUSE]
Ganin cewa a cikin Ubuntu dole ne ku kunna tsarin ssl na Apache.
# a2enmod ssl
Ana bayanin matakai masu zuwa ta amfani da uwar garken gwajin CentOS, amma saitin ku ya kamata ya zama kusan iri ɗaya a cikin sauran rabawa (idan kun ci karo da kowace irin matsala, kar ku yi shakkar barin tambayoyinku ta amfani da sharhi. form).
Mataki na 1 [Na zaɓi]: Ƙirƙiri kundin adireshi don adana takaddun shaida.
# mkdir /etc/httpd/ssl-certs
Mataki na 2: Ƙirƙiri takardar shedar sa hannu da kanka da maɓallin da zai kare ta.
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl-certs/apache.key -out /etc/httpd/ssl-certs/apache.crt
Takaitaccen bayani na zabukan da aka jera a sama:
- req -X509 yana nuna muna ƙirƙirar takaddun shaida x509.
- -nodes (NO DES) yana nufin \kada a rufaffen maɓalli.
- -days 365 shine adadin kwanakin da takardar shaidar za ta yi aiki.
- -newkey rsa:2048 yana ƙirƙirar maɓallin RSA 2048-bit.
- -keyout /etc/httpd/ssl-certs/apache.key shine cikakkiyar hanyar maɓallin RSA.
- -out /etc/httpd/ssl-certs/apache.crt ita ce cikakkiyar hanyar takardar shaidar.
Mataki na 3: Buɗe fayil ɗin daidaitawar runduna mai kama-da-wane da kuka zaɓa (ko sashin da ya dace a cikin /etc/httpd/conf/httpd.conf kamar yadda aka bayyana a baya) kuma ƙara waɗannan layikan zuwa sanarwar mai watsa shiri ta kama-da-wane tana sauraron tashar jiragen ruwa 443.
SSLEngine on SSLCertificateFile /etc/httpd/ssl-certs/apache.crt SSLCertificateKeyFile /etc/httpd/ssl-certs/apache.key
Lura cewa kuna buƙatar ƙarawa.
NameVirtualHost *:443
a saman, dama kasa
NameVirtualHost *:80
Duk umarnin biyu suna ba da umarnin apache don sauraron tashar jiragen ruwa 443 da 80 na duk hanyoyin sadarwa na cibiyar sadarwa.
Ana ɗaukar misalin mai zuwa daga /etc/httpd/conf/httpd.conf:
Sannan sake kunna Apache,
# service apache2 restart [sysvinit and upstart based systems] # systemctl restart httpd.service [systemd-based systems]
Kuma ka nuna mashin ɗinka zuwa https://www.ilovelinux.com. Za a gabatar muku da allon mai zuwa.
Ci gaba da danna kan Na fahimci kasada da kuma \Ƙara banda.
A ƙarshe, duba \A adana wannan keɓan dindindin kuma danna \Tabbatar Keɓan Tsaro.
Kuma za a tura ku zuwa shafinku ta hanyar amfani da https.
Takaitawa
A cikin wannan sakon mun nuna yadda ake saita Apache da na tushen suna hosting mai kama-da-wane tare da SSL don amintar watsa bayanai. Idan saboda wasu dalilai kun ci karo da wasu batutuwa, jin daɗin sanar da mu ta amfani da fom ɗin sharhi da ke ƙasa. Za mu yi farin ciki fiye da taimaka muku yin ingantaccen saiti.
Karanta kuma
- Apache IP Based and Name Based Virtual Hosting
- Ƙirƙirar Runduna Mai Kyau ta Apache tare da Kunna/Kashe Zaɓuɓɓukan Vhosts
- Duba \Sabar Yanar Gizo ta Apache Ta amfani da kayan aikin Apache GUI