Alias /images "/var/www/html/im"
<Directory "/var/www/html/im">
Require all granted
</Directory>
↓結果
[root@ora12ee02 ~]# curl http://192.168.100.111/images/images.html
images.html
●Redirect
Redirect permanent /from.html https://httpd.apache.org/
●AllowOverride
<Directory "/var/www/html/mydir">
AllowOverride All
Require all granted
</Directory>
[root@ora12ee01 mydir]# cat /var/www/html/mydir/.htaccess
DirectoryIndex abc.html
[root@ora12ee01 mydir]# cat abc.html
abc.html
↑設定 ↓テスト
[root@ora12ee02 ~]# curl http://192.168.100.111/mydir/
abc.html
●Basic認証
<Directory "/var/www/html/private-area">
AuthType Basic
AuthName "Enter ID/PW"
AuthUserFile /etc/httpd/conf/htpasswd
Require valid-user
</Directory>
[root@ora12ee01 private-area]# htpasswd -c /etc/httpd/conf/htpasswd scott
New password:
Re-type new password:
Adding password for user scott
[root@ora12ee01 private-area]# cat /etc/httpd/conf/htpasswd
scott:$apr1$u8nzOFFR$BWvIaf8iKexqtd1JLh4Rp/
↓結果
IE,chromeからアクセスすると成功した。curlはNG
●ダイジェスト認証
<Directory "/var/www/html/private-area">
AuthType Digest
AuthName "secret-area"
AuthUserFile /etc/httpd/conf/htdigestfile
Require valid-user
</Directory>
[root@ora12ee01 private-area]# htdigest -c /etc/httpd/conf/htdigestfile secret-area scott
Adding password for scott in realm secret-area.
New password:
Re-type new password:
[root@ora12ee01 private-area]# cat /etc/httpd/conf/htdigestfile
scott:secret-area:009656defa2ba2a89650a3e3f0267865
↓結果
IE,chromeからアクセスすると成功した。curlはNG
IEからアクセスすると、ダイジェスト認証でもAuthNameが表示された。
●Order allow deny
<Directory "/var/www/html/order">
Order allow,deny
Allow from 192.168.100.112
</Directory>
[root@ora12ee01 order]# cat /var/www/html/order/or.html
or.html
↓結果
[root@ora12ee01 order]# curl http://192.168.100.111/order/or.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /order/or.html
on this server.</p>
</body></html>
[root@ora12ee02 ~]# curl http://192.168.100.111/order/or.html
or.html
●Require
<Directory "/var/www/html/order">
<RequireAll>
Require all granted
Require not ip 192.168.56
</RequireAll>
</Directory>
[root@ora12ee02 ~]# curl http://192.168.100.111/order/or.html
or.html
●名前ベースのバーチャルホスト
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.tld
ServerAlias domain.tld *.domain.tld
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:80>
ServerName www.otherdomain.tld
DocumentRoot /var/www/html2
</VirtualHost>
[root@ora12ee02 ~]# cat /etc/hosts
192.168.100.111 www.otherdomain.tld www.domain.tld domain.tld w.domain.tld wwww
[root@ora12ee02 ~]# curl http://www.domain.tld/
main.html
[root@ora12ee02 ~]# curl http://domain.tld/
main.html
[root@ora12ee02 ~]# curl http://w.domain.tld/
main.html
[root@ora12ee02 ~]# curl http://wwww/
main.html
[root@ora12ee02 ~]# curl http://www.otherdomain.tld/
/var/www/html2/main.html
●IPベースのバーチャルホスト
Listen 192.168.100.111:80
Listen 192.168.56.111:80
<VirtualHost 192.168.100.111:80>
ServerName www.domain.tld
ServerAlias domain.tld *.domain.tld
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost 192.168.56.111:80>
ServerName www.otherdomain.tld
DocumentRoot /var/www/html2
</VirtualHost>
[root@ora12ee01 html2]# curl http://192.168.100.111/
main.html
[root@ora12ee01 html2]# curl http://192.168.56.111/
/var/www/html2/main.html
●SSL
[root@ora12ee01 ~]# yum install mod_ssl
↓ここから独自の認証局を作成する
[root@ora12ee01 ~]# cd /etc/pki/tls/misc/
[root@ora12ee01 misc]# ./CA -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 2048 bit RSA private key
.............................................+++
...+++
writing new private key to '/etc/pki/CA/private/./cakey.pem'
Enter PEM pass phrase:password
Verifying - Enter PEM pass phrase:password
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Shinjuku
Organization Name (eg, company) [Default Company Ltd]:Example Corp
Organizational Unit Name (eg, section) []:Network
Common Name (eg, your name or your server's hostname) []:ora12ee01.oradomain
Email Address []:root@ora12ee01.oradomain
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(Enter)
An optional company name []:(Enter)
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/./cakey.pem:password
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
d0:89:e9:5c:a4:f6:16:5e
Validity
Not Before: Jan 27 15:21:51 2019 GMT
Not After : Jan 26 15:21:51 2022 GMT
Subject:
countryName = JP
stateOrProvinceName = Tokyo
organizationName = Example Corp
organizationalUnitName = Network
commonName = ora12ee01.oradomain
emailAddress = root@ora12ee01.oradomain
X509v3 extensions:
X509v3 Subject Key Identifier:
07:A6:85:6C:DD:FD:D0:21:E6:03:DD:A4:6E:5E:F0:E0:1A:78:5C:58
X509v3 Authority Key Identifier:
keyid:07:A6:85:6C:DD:FD:D0:21:E6:03:DD:A4:6E:5E:F0:E0:1A:78:5C:58
X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until Jan 26 15:21:51 2022 GMT (1095 days)
Write out database with 1 new entries
Data Base Updated
↓自己署名証明書
/etc/pki/CA/cacert.pem
↓秘密鍵
/etc/pki/CA/private/cakey.pem
↓HTTPSサーバの秘密鍵を作成する
[root@ora12ee01 CA]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
........................+++
e is 65537 (0x10001)
↓認証局に対して、証明書の発行を依頼する証明書発行要求書(CSR)を作成する
[root@ora12ee01 CA]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Shinjuku
Organization Name (eg, company) [Default Company Ltd]:Example Corp
Organizational Unit Name (eg, section) []:Network
Common Name (eg, your name or your server's hostname) []:ora12ee01.oradomain
Email Address []:root@ora12ee01.oradomain
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(Enter)
An optional company name []:(Enter)
↓証明書発行要求ファイルに対して認証局が署名を行い、サーバ証明書server.crtを作成する
[root@ora12ee01 CA]# openssl ca -out server.crt -infiles /etc/pki/CA/server.csr
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:password
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
d0:89:e9:5c:a4:f6:16:5f
Validity
Not Before: Jan 27 15:37:40 2019 GMT
Not After : Jan 27 15:37:40 2020 GMT
Subject:
countryName = JP
stateOrProvinceName = Tokyo
organizationName = Example Corp
organizationalUnitName = Network
commonName = ora12ee01.oradomain
emailAddress = root@ora12ee01.oradomain
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
3A:AD:0E:5E:1E:A9:36:2A:EC:4D:63:7C:AE:86:34:66:DE:23:29:AC
X509v3 Authority Key Identifier:
keyid:07:A6:85:6C:DD:FD:D0:21:E6:03:DD:A4:6E:5E:F0:E0:1A:78:5C:58
Certificate is to be certified until Jan 27 15:37:40 2020 GMT (365 days)
Sign the certificate? [y/n]:y
Write out database with 1 new entries
Data Base Updated
[root@ora12ee01 conf]# vi /etc/httpd/conf.d/ssl.conf
[root@ora12ee01 conf]# diff /etc/httpd/conf.d/ssl.conf.bk /etc/httpd/conf.d/ssl.conf
59,60c59,60
< #DocumentRoot "/var/www/html"
< #ServerName www.example.com:443
---
> DocumentRoot "/var/www/html"
> ServerName www2.oradomain:443
100c100
< SSLCertificateFile /etc/pki/tls/certs/localhost.crt
---
> SSLCertificateFile /etc/httpd/conf/certs/server.crt
107c107
< SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
---
> SSLCertificateKeyFile /etc/httpd/conf/private/server.key
●server-status,server-info
<Location /server-status>
SetHandler server-status
</Location>
<Location /server-info>
SetHandler server-info
</Location>
●モジュールリスト
[root@ora12ee01 mydir]# httpd -l
Compiled in modules:
core.c
mod_so.c
http_core.c
[root@ora12ee01 mydir]# httpd -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
systemd_module (shared)
cgi_module (shared)
Alias /images "/tmp/images"
<Directory "/tmp/images">
Require all granted
</Directory>
↓上手くいく
●設定
ServerTokens Prod
ServerRoot "/etc/httpd"
ServerName www.oradomain:80
ServerAdmin root@localhost
StartServers 5
MinSpareServers 5 待機の子プロセスの最小
MaxSpareServers 5 待機の子プロセスの最大
ServerLimit 5 子プロセスの合計の最大
MaxRequestWorkers 5 最大同時リクエスト数
MaxConnectionsPerChild 1000 子プロセスの寿命(1000リクエストで再生される)
Timeout 300
KeepAlive on
KeepAliveTimeout 60 60秒何もしなければTCP接続が切れる
MaxKeepAliveRequests 1000 1回のTCP接続での最大リクエスト数
Listen 80
User apache
Group apache
DocumentRoot "/var/www/html"
DirectoryIndex main.html
ErrorLog "logs/error_log"
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
ErrorDocument 404 /missing.html
ErrorDocument 404 "404 Not Found"
AccessFileName .htaccess
ServerSignature On
●UserDir
LoadModule userdir_module modules/mod_userdir.so
UserDir public_html
<Directory "/home/*/public_html">
Require all granted
</Directory>
●HostnameLookups
HostnameLookups on
# curl http://192.168.100.111/
↓アクセスログが名前解決される
ora12ee011 - - [22/Jan/2019:00:41:37 +0900] "GET / HTTP/1.1" 200 10 "-" "curl/7.29.0"
●Alias
↓上手くいかない。対処方法不明