基本的に備忘録として使います。 ほとんど更新はありませんのでご了承ください。
apacheのサイトからソースを頂きます。
今回頂いたのは、httpd-2.2.8.tar.gz です。
インストール先を/opt/apacheとする前提でコンパイルします。
# tar zxvf httpd-2.2.8.tar.gz
# cd httpd-2.2.8/srclib/apr # ./configure --prefix=/opt/apache/apr-httpd/ # make && make install
# cd httpd-2.2.8/srclib/apr-util # ./configure --prefix=/opt/apache/apr-util-httpd/ --with-apr=/opt/apache/apr-httpd/ # make && make install
# cd httpd-2.2.8 # ./configure --prefix=/opt/apache --enable-rule=SHARED_CORE --enable-module=so \ # --enable-module=most --enable-access=shared --enable-auth=shared --enable-auth_anon=shared \ # --enable-auth_dbm=shared --enable-auth_digest=shared --enable-include=shared \ # --enable-log_config=shared --enable-env=shared --enable-mime_magic=shared \ # --enable-cern_meta=shared --enable-expires=shared --enable-deflate=shared \ # --enable-headers=shared --enable-usertrack=shared --enable-setenvif=shared \ # --enable-mime=shared --enable-dav=shared --enable-status=shared \ # --enable-autoindex=shared --enable-asis=shared --enable-info=shared \ # --enable-dav_fs=shared --enable-vhost_alias=shared --enable-negotiation=shared \ # --enable-dir=shared --enable-imap=shared --enable-actions=shared \ # --enable-speling=shared --enable-userdir=shared --enable-alias=shared \ # --enable-rewrite=shared --enable-proxy=shared --enable-proxy_ftp=shared \ # --enable-proxy_http=shared --enable-proxy_connect=shared --enable-cache=shared \ # --enable-suexec=shared --enable-disk_cache=shared --enable-file_cache=shared \ # --enable-mem_cache=shared --enable-cgi=shared --enable-proxy_balancer=shared \ # --enable-proxy_ajp=shared --enable-ssl=shared --enable-shared=max \ # --with-apr=/opt/apache/apr-httpd --with-apr-util=/opt/apache/apr-util-httpd # make && make install
# chown -R apache:apache /opt/apache
OS起動時にApacheが自動起動するように設定します。
#!/bin/bash # # httpd Startup script for the Apache HTTP Server # # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # config: /opt/apache/conf/httpd.conf # pidfile: /opt/apache/logs/httpd.pid # Source function library. . /etc/rc.d/init.d/functions # Start httpd in the C locale by default. HTTPD_LANG=${HTTPD_LANG-"C"} # This will prevent initlog from swallowing up a pass-phrase prompt if # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS="" # Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server # with the thread-based "worker" MPM; BE WARNED that some modules may not # work correctly with a thread-based MPM; notably PHP will refuse to start. # Path to the apachectl script, server binary, and short-form for messages. apachectl=/opt/apache/bin/apachectl httpd=${HTTPD-/opt/apache/bin/httpd} prog=httpd pidfile=${PIDFILE-/opt/apache/logs/httpd.pid} lockfile=${LOCKFILE-/opt/apache/logs/httpd.lock} RETVAL=0 # check for 1.3 configuration check13 () { CONFFILE=/opt/apache/conf/httpd.conf GONE="(ServerType|BindAddress|Port|AddModule|ClearModuleList|" GONE="${GONE}AgentLog|RefererLog|RefererIgnore|FancyIndexing|" GONE="${GONE}AccessConfig|ResourceConfig)" if LANG=C grep -Eiq "^[[:space:]]*($GONE)" $CONFFILE; then echo echo 1>&2 " Apache 1.3 configuration directives found" echo 1>&2 " please read /usr/share/doc/httpd-2.0.52/migration.html" failure "Apache 1.3 config directives test" echo exit 1 fi } # The semantics of these two functions differ from the way apachectl does # things -- attempting to start while running is a failure, and shutdown # when not running is also a failure. So we just do it the way init scripts # are expected to behave here. start() { check13 || exit 1 #LANG=$HTTPD_LANG daemon $apachectl start $apachectl start RETVAL=$? [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL } stop() { $apachectl stop RETVAL=$? [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} } # See how we were called. case "$1" in start) start ;; stop) stop ;; *) echo $"Usage: $prog {start|stop|configtest}" exit 1 esac exit $RETVAL
# chmode 755 /etc/init.d/httpd
# chkconfig --add httpd # chkconfig httpd on # chkconfig --list httpd
# service httpd start # service httpd start
OpenSSLの日本語サイトからソースを頂きます。
今回頂いたのは、openssl-0.9.6c.tar.gz です。
インストール先を/opt/opensslとする前提でインストールします。
# tar zxvf openssl-0.9.6c.tar.gz # cd openssl-0.9.6c # ./config --prefix=/opt/openssl --openssldir=/opt/openssl/ssl # make # make install
# vi /opt/openssl/ssl/openssl.cnf #dir = ./demoCA # Where everything is kept ↓基本のディレクトリを変更します。 dir = /opt/openssl/ssl # Where everything is kept #default_days = 365 # how long to certify for ↓認証の有効期間を変更します。(発行した証明書は10年有効) default_days = 3650 # how long to certify for
# touch /opt/openssl/ssl/index.txt # echo 01 > /opt/openssl/ssl/serial # mkdir /opt/openssl/ssl/{server,newcerts}
# cd /opt/openssl/ssl/ # /opt/openssl/bin/openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7300
# /opt/openssl/bin/openssl x509 -in cacert.pem -text
# cd /opt/apache/conf/cert # openssl genrsa -out server.key 1024サーバ用公開鍵の作成
# openssl req -new -key server.key -out server.csr秘密鍵からパスフレーズを削除
# mv server.key server.key_tmp # openssl rsa -in server.key_tmp -out server.key
# cd /opt/openssl/ssl/server # /opt/openssl/bin/openssl ca -policy policy_anything -out server.crt -infiles server.csr
SetEnvIfNoCase Request_URI "\.(gif)|(jpg)|(png)|(css)$" object-is-image CustomLog "logs/access_log" common CustomLog "logs/access_noimg_log" common env=!object-is-image CustomLog "logs/access_img_log" common env=object-is-image
http://○○/にアクセスしてきたときに
携帯の場合は、/mobile/ へ
PCの場合(携帯以外)の場合は、/pc/ へダイレクトする。
また、携帯サイトへは、PCからアクセスさせないようにする。
Include conf/extra/httpd-mobile.conf RewriteEngine on RewriteLog "/opt/apache/logs/rewrite.log" RewriteLogLevel 3 # ← 必要に応じて換える。デフォルトは0 RewriteCond %{HTTP_USER_AGENT} ^KDDI [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Up.Browser [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^J-PHONE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^vodafone [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SoftBank [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DoCoMo [NC] RewriteRule ^/$ mobile/ [R,L] RewriteEngine on RewriteLog "/opt/apache/logs/rewrite.log" RewriteLogLevel 3 # ← 必要に応じて換える。デフォルトは0 RewriteRule ^/$ pc/ [R]
<Location /mobile> Options Indexes FollowSymLinks Order deny,allow deny from all #For DoCoMo allow from 210.153.84.0/24 allow from 210.136.161.0/24 ・ ・ ・ここに許可する携帯のゲートウェイを書きまくる。 ・ ・ allow from 61.204.93.0/24 allow from 61.204.94.0/24 allow from 61.204.95.0/24 </Location>