Veebiserveri labor: Difference between revisions
No edit summary |
|||
(102 intermediate revisions by 17 users not shown) | |||
Line 21: | Line 21: | ||
=Töö käik= | =Töö käik= | ||
Logime ennast root kasutajaks: | |||
<pre> | |||
sudo -i | |||
</pre> | |||
Enne installerimist tasub uuendada tarkvara nimekirja: | |||
<pre> | |||
apt-get update | |||
</pre> | |||
Testimiseks paigalda links veebisirvija | |||
<pre> | |||
apt-get install links | |||
</pre> | |||
=Veebiserveri installeerimine= | =Veebiserveri installeerimine= | ||
Installeerimine apt abil: | |||
<pre> | |||
apt-get install apache2 | |||
</pre> | |||
Teenuse taaskäivitamine: | |||
<pre> | |||
/etc/init.d/apache2 restart | |||
</pre> | |||
=MySQL installeerimine= | =MySQL installeerimine= | ||
MySQL installeerimiseks tuleb sisestada Shelli käsk: | |||
<pre> | |||
apt-get install mysql-server | |||
</pre> | |||
Installeerimisel küsitakse MySQL root parooli määramist. | |||
=phpMyAdmin installeerimine= | =phpMyAdmin installeerimine= | ||
Allpool toodud käsud tuleb sisestada root kasutaja alt. Root kasutajaks saab: | |||
<pre>sudo -i</pre> | |||
== Paigaldamine == | |||
<pre>apt-get install phpmyadmin</pre> | |||
Installeerimise käigus palutakse valida:<br /> | |||
1) veebiserver, millele phpMyAdmin paigalda - vali apache2<br /> | |||
2) administraatori parool<br /> | |||
3) kas paigaldada vaikimisi seadistusega andmebaas - yes | |||
== Seadistamine == | |||
Muudame Apache konfiguratsioonifaili '''/etc/apache2/apache2.conf''' | |||
<pre>nano /etc/apache2/apache2.conf</pre> | |||
Lisa sinna rida: | |||
<pre>Include /etc/phpmyadmin/apache.conf</pre> | |||
Apache teenus tuleb taaskäivitada: | |||
<pre>/etc/init.d/apache2 restart</pre> | |||
== Kontroll == | |||
Kontrollida saab käsureaga: | |||
<pre>links http://masinanimi_või_IP/phpmyadmin</pre> | |||
==Alternatiivne seadistamine== | |||
Include lause lisamise asemel võib lihtsalt linkida phpmyadmin konfiguratsioonifaili Apache seadistuste kataloogi: | |||
<pre>ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf</pre> | |||
=Nimelahenduse loomine= | =Nimelahenduse loomine= | ||
1) Uurida välja oma masina IP käsuga <pre>ifconfig</pre> | |||
2) Muuta 'hosts' faili käsuga <pre> nano /etc/hosts</pre> | |||
3) Lisada read | |||
<pre><MasinaIP> www.firma.ee | |||
<MasinaIP> sales.firma.ee</pre> | |||
4) Testimiseks pingida www.firma.ee ja sales.firma.ee | |||
Kui ping vastab, on nimelahendus õigesti seadistatud | |||
=Nimepõhiste virtuaalserverite loomine = | =Nimepõhiste virtuaalserverite loomine = | ||
*Loo kataloogid www ja sales /var/www kausta. | |||
<pre> | |||
mkdir -p /var/www/www /var/www/sales | |||
</pre> | |||
*Kopeeri /etc/apache2/sites-available kaustas oleva default konfiguratsiooni faili ning loo koopiad www ja sales nimedega. | |||
<pre> | |||
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/sales | |||
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/www | |||
</pre> | |||
*Ava sales konfiguratsiooni faili nanoga. | |||
<pre> | |||
nano /etc/apache2/sites-available/sales | |||
</pre> | |||
*Muudetud sales fail peaks välja nägema selline : | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerAdmin webmaster@localhost | |||
ServerName sales.firma.ee #Lisa see rida siia | |||
DocumentRoot /var/www/sales #Seda rida tuleb muuta | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride None | |||
</Directory> | |||
<Directory /var/www/sales> #Seda rida tuleb muuta | |||
Options Indexes FollowSymLinks MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
allow from all | |||
</Directory> | |||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | |||
<Directory "/usr/lib/cgi-bin"> | |||
AllowOverride None | |||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
ErrorLog /var/log/apache2/sales.error.log #Seda rida tuleb muuta | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
LogLevel warn | |||
CustomLog /var/log/apache2/sales.access.log combined #Seda rida tuleb muuta | |||
Alias /doc/ "/usr/share/doc/" | |||
<Directory "/usr/share/doc/"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order deny,allow | |||
Deny from all | |||
Allow from 127.0.0.0/255.0.0.0 ::1/128 | |||
</Directory> | |||
</VirtualHost> | |||
</pre> | |||
*Ava www konfiguratsiooni faili nanoga. | |||
<pre> | |||
nano /etc/apache2/sites-available/www | |||
</pre> | |||
*Muudetud www fail peaks välja nägema selline : | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerAdmin webmaster@localhost | |||
ServerName www.firma.ee #Lisa see rida siia | |||
DocumentRoot /var/www/www #Seda rida tuleb muuta | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride None | |||
</Directory> | |||
<Directory /var/www/www> #Seda rida tuleb muuta | |||
Options Indexes FollowSymLinks MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
allow from all | |||
</Directory> | |||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | |||
<Directory "/usr/lib/cgi-bin"> | |||
AllowOverride None | |||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
ErrorLog /var/log/apache2/www.error.log #Seda rida tuleb muuta | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
LogLevel warn | |||
CustomLog /var/log/apache2/www.access.log combined #Seda rida tuleb muuta | |||
Alias /doc/ "/usr/share/doc/" | |||
<Directory "/usr/share/doc/"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order deny,allow | |||
Deny from all | |||
Allow from 127.0.0.0/255.0.0.0 ::1/128 | |||
</Directory> | |||
</VirtualHost> | |||
</pre> | |||
*sales ja www virtualhostide kasutamiseks tuleb keelata default lehekülg ja lubada sales ning www, sisestades käsurealt järgmised käsud: | |||
<pre> | |||
a2ensite sales | |||
a2ensite www | |||
a2dissite default | |||
/etc/init.d/apache2 reload | |||
</pre> | |||
*Testimine | |||
Testimiseks tuleb luua index.html fail nii www kui ka sales kataloogi. | |||
Selleks tegutse järgmiselt: | |||
**Loo fail www kataloogi | |||
<pre> | |||
nano /var/www/www/index.html | |||
</pre> | |||
***Kirjuta faili | |||
<pre> | |||
<h1>Firma pealeht</h1> | |||
</pre> | |||
**Loo fail sales kataloogi | |||
<pre> | |||
nano /var/www/sales/index.html | |||
</pre> | |||
***Kirjuta faili | |||
<pre> | |||
<h1>Myygiosakond</h1> | |||
</pre> | |||
*Kontrollimiseks mine veebilehitsejaga järgmistele aadressidele: | |||
<pre> | |||
links http://www.firma.ee | |||
links http://sales.firma.ee | |||
</pre> | |||
=phpinfo lehe loomine= | =phpinfo lehe loomine= | ||
Loo fail | |||
<pre> | |||
nano /var/www/www/phpinfo.php | |||
</pre> | |||
Kirjuta faili | |||
<pre> | |||
<?php | |||
phpinfo(); | |||
?> | |||
</pre> | |||
Kontrollimiseks mine veebilehitsejaga aadressile | |||
<pre> | |||
links http://www.firma.ee/phpinfo.php | |||
</pre> | |||
Peaks nägema standartset phpinfo lehte. | |||
=SSL keskkonna loomine= | =SSL keskkonna loomine= | ||
==Sertifikaadi genereerimine== | ==Sertifikaadi genereerimine== | ||
Kõik allpool toodud käsud teha root kasutaja alt. Root kasutajaks saab käsuga: | |||
<pre>sudo -i</pre> | |||
Kõigepealt liikuda kataloogi /etc/apache2/ ja siis genereerida '''www.firma.ee''' võtmed | |||
<pre>cd /etc/apache2/</pre> | |||
Käivitada seal käsk: | |||
<pre>openssl req -nodes -new -keyout www.firma.ee.key -newkey rsa:1024 > www.firma.ee.csr </pre> | |||
<p>Küsimustele vastata nii nagu allpool näidatud.</p> | |||
<pre>Country Name (2 letter code) [AU]:EE | |||
State or Province Name (full name) [Some-State]:Tallinn | |||
Locality Name (eg, city) []:Tallinn | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Firma | |||
Organizational Unit Name (eg, section) []: | |||
Common Name (eg, YOUR name) []:www.firma.ee | |||
Email Address []: | |||
A challenge password []: | |||
An optional company name []: | |||
</pre> | |||
Käivitada need käsud | |||
<pre>openssl x509 -req -days 3650 -in www.firma.ee.csr -signkey www.firma.ee.key -out www.firma.ee.crt</pre> | |||
<pre>openssl x509 -in www.firma.ee.crt -noout -text</pre> | |||
Nüüd genereerime '''sales.firma.ee''' võtmed | |||
<pre>cd /etc/apache2/</pre> | |||
Käivitada seal käsk: | |||
<pre>openssl req -nodes -new -keyout sales.firma.ee.key -newkey rsa:1024 > sales.firma.ee.csr </pre> | |||
<p>Küsimustele vastata nii nagu allpool näidatud.</p> | |||
<pre>Country Name (2 letter code) [AU]:EE | |||
State or Province Name (full name) [Some-State]:Tallinn | |||
Locality Name (eg, city) []:Tallinn | |||
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Firma | |||
Organizational Unit Name (eg, section) []: | |||
Common Name (eg, YOUR name) []:sales.firma.ee | |||
Email Address []: | |||
A challenge password []: | |||
An optional company name []: | |||
</pre> | |||
Käivitada need käsud | |||
<pre>openssl x509 -req -days 3650 -in sales.firma.ee.csr -signkey sales.firma.ee.key -out sales.firma.ee.crt</pre> | |||
<pre>openssl x509 -in sales.firma.ee.crt -noout -text</pre> | |||
==SSL seadistamine== | ==SSL seadistamine== | ||
SSL mooduli lubamiseks järgmine käsk | |||
<pre> | |||
a2enmod ssl | |||
</pre> | |||
Seejärel restardime apache | |||
<pre>/etc/init.d/apache2 restart</pre> | |||
Seadistame apache2. | |||
<pre>nano /etc/apache2/ports.conf</pre> | |||
Failis ports.conf peab <IfModule mod_ssl.c> ja </IfModule> tagide vahel olema ainult järgmised read. | |||
<pre> | |||
Listen 443 | |||
Listen 444 | |||
</pre> | |||
Järgnevalt muuta faili /etc/apache2/sites-enabled/www/ | |||
<pre>nano /etc/apache2/sites-enabled/www</pre> | |||
Lisada faili lõppu peale viimast </VirtualHost> rida järgnev uus Virtualhosti sektsioon. | |||
Jälgida, et crt ja key failid oleks vastavates kataloogides. | |||
<pre> | |||
<VirtualHost *:443> | |||
ServerAdmin webmaster@localhost | |||
ServerName www.firma.ee | |||
DocumentRoot /var/www/www | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride None | |||
</Directory> | |||
<Directory /var/www/www> | |||
Options Indexes FollowSymLinks MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
allow from all | |||
</Directory> | |||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | |||
<Directory "/usr/lib/cgi-bin"> | |||
AllowOverride None | |||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
ErrorLog /var/log/apache2/www.error.log | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
LogLevel warn | |||
CustomLog /var/log/apache2/www.access.log combined | |||
Alias /doc/ "/usr/share/doc/" | |||
<Directory "/usr/share/doc/"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order deny,allow | |||
Deny from all | |||
Allow from 127.0.0.0/255.0.0.0 ::1/128 | |||
</Directory> | |||
ErrorLog /var/log/apache2/www.firma.ee-ssl-error.log | |||
TransferLog /var/log/apache2/www.firma.ee-ssl-access.log | |||
SSLEngine on | |||
SSLCertificateFile /etc/apache2/www.firma.ee.crt | |||
SSLCertificateKeyFile /etc/apache2/www.firma.ee.key | |||
SSLOptions +StdEnvVars | |||
</VirtualHost> | |||
</pre> | |||
Nüüd tuleb muuta '''sales''' faili | |||
<pre>nano /etc/apache2/sites-enabled/sales</pre> | |||
Lisada faili lõppu peale viimast </VirtualHost> rida järgnev uus Virtualhosti sektsioon. | |||
Jälgida, et crt ja key failid oleks vastavates kataloogides. | |||
<pre> | |||
<VirtualHost *:444> | |||
ServerAdmin webmaster@localhost | |||
ServerName sales.firma.ee | |||
DocumentRoot /var/www/sales | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride None | |||
</Directory> | |||
<Directory /var/www/sales> | |||
Options Indexes FollowSymLinks MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
allow from all | |||
</Directory> | |||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | |||
<Directory "/usr/lib/cgi-bin"> | |||
AllowOverride None | |||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | |||
Order allow,deny | |||
Allow from all | |||
</Directory> | |||
ErrorLog /var/log/apache2/sales.error.log | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
LogLevel warn | |||
CustomLog /var/log/apache2/sales.access.log combined | |||
Alias /doc/ "/usr/share/doc/" | |||
<Directory "/usr/share/doc/"> | |||
Options Indexes MultiViews FollowSymLinks | |||
AllowOverride None | |||
Order deny,allow | |||
Deny from all | |||
Allow from 127.0.0.0/255.0.0.0 ::1/128 | |||
</Directory> | |||
ErrorLog /var/log/apache2/sales.firma.ee-ssl-error.log | |||
TransferLog /var/log/apache2/sales.firma.ee-ssl-access.log | |||
SSLEngine on | |||
SSLCertificateFile /etc/apache2/sales.firma.ee.crt | |||
SSLCertificateKeyFile /etc/apache2/sales.firma.ee.key | |||
SSLOptions +StdEnvVars | |||
</VirtualHost> | |||
</pre> | |||
Seejärel restardime apache | |||
<pre>/etc/init.d/apache2 restart</pre> | |||
Testimiseks käivitame järgmised käsud | |||
<pre> | |||
links http://www.firma.ee | |||
links http://sales.firma.ee | |||
links https://www.firma.ee:443 | |||
links https://sales.firma.ee:444 | |||
</pre> | |||
Kui tulevad õiged lehed ette ja erroreid ei viska, siis on kõik OK. | |||
=Teenuse start/stop/restart= | =Teenuse start/stop/restart= | ||
Apache2 | |||
/etc/init.d/apache2 {start | stop | restart} | |||
Mysql-server | |||
/etc/init.d/mysql {start | stop | restart} | |||
=Varukoopiate tegemine= | =Varukoopiate tegemine= | ||
Veebide sisu backup siit | |||
/var/www/www | |||
Veebi sales.firma backup siit | |||
/var/www/sales | |||
Apache2 konfiguratsiooni kausta backup siit | |||
/etc/apache2 | |||
Apache2 log failide backup teha siit | |||
/var/log/apache2 | |||
=Taastamine= | =Taastamine= | ||
Veebi sisu andmed taasta kataloogi backupist | |||
/var/www | |||
sales.firma andmed taasta kataloogi backupist | |||
/var/www/sales | |||
Veebiserveri upgrades tulnud tõrked taasta varasem konfiguratsioon kataloogi backupist | |||
/etc/apache2 | |||
logifailid taasta kataloogi backupist | |||
/var/log/apache2 | |||
=Lingid= | =Lingid= |
Latest revision as of 15:25, 15 January 2015
Legend
Firmale on vaja luua kaks veebilehte:
- www.firma.ee
- sales.firma.ee
Mõlemal lehel saab kasutada php'd
Lisaks tuleb konfigureerida mysql ja phpMyAdmin andmebaaside seadistamiseks
Tulemuse kontroll
Tuleb luua test.php leht, mille vaatamisel kuvatakse phpinfo funktsiooni väljund.
Minnes links abil lehele www.firma.ee peab kuvatama leht sisuga "firma pealeht". Selle lehe log failid salvestada www.firma.ee.access.log ja www.firma.ee.error.log failidesse.
Minnes links abil lehele sales.firma.ee peab kuvatama leht sisuga "müügiosakond" Logfailid analoogselt eelnevaga (sales.firma.ee.access.log jne)
phpMyAdmin abil peab saama luua andmebaase ja tabeleid
Töö käik
Logime ennast root kasutajaks:
sudo -i
Enne installerimist tasub uuendada tarkvara nimekirja:
apt-get update
Testimiseks paigalda links veebisirvija
apt-get install links
Veebiserveri installeerimine
Installeerimine apt abil:
apt-get install apache2
Teenuse taaskäivitamine:
/etc/init.d/apache2 restart
MySQL installeerimine
MySQL installeerimiseks tuleb sisestada Shelli käsk:
apt-get install mysql-server
Installeerimisel küsitakse MySQL root parooli määramist.
phpMyAdmin installeerimine
Allpool toodud käsud tuleb sisestada root kasutaja alt. Root kasutajaks saab:
sudo -i
Paigaldamine
apt-get install phpmyadmin
Installeerimise käigus palutakse valida:
1) veebiserver, millele phpMyAdmin paigalda - vali apache2
2) administraatori parool
3) kas paigaldada vaikimisi seadistusega andmebaas - yes
Seadistamine
Muudame Apache konfiguratsioonifaili /etc/apache2/apache2.conf
nano /etc/apache2/apache2.conf
Lisa sinna rida:
Include /etc/phpmyadmin/apache.conf
Apache teenus tuleb taaskäivitada:
/etc/init.d/apache2 restart
Kontroll
Kontrollida saab käsureaga:
links http://masinanimi_või_IP/phpmyadmin
Alternatiivne seadistamine
Include lause lisamise asemel võib lihtsalt linkida phpmyadmin konfiguratsioonifaili Apache seadistuste kataloogi:
ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
Nimelahenduse loomine
1) Uurida välja oma masina IP käsuga
ifconfig
2) Muuta 'hosts' faili käsuga
nano /etc/hosts
3) Lisada read
<MasinaIP> www.firma.ee <MasinaIP> sales.firma.ee
4) Testimiseks pingida www.firma.ee ja sales.firma.ee Kui ping vastab, on nimelahendus õigesti seadistatud
Nimepõhiste virtuaalserverite loomine
- Loo kataloogid www ja sales /var/www kausta.
mkdir -p /var/www/www /var/www/sales
- Kopeeri /etc/apache2/sites-available kaustas oleva default konfiguratsiooni faili ning loo koopiad www ja sales nimedega.
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/sales cp /etc/apache2/sites-available/default /etc/apache2/sites-available/www
- Ava sales konfiguratsiooni faili nanoga.
nano /etc/apache2/sites-available/sales
- Muudetud sales fail peaks välja nägema selline :
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName sales.firma.ee #Lisa see rida siia DocumentRoot /var/www/sales #Seda rida tuleb muuta <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/sales> #Seda rida tuleb muuta Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/sales.error.log #Seda rida tuleb muuta # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/sales.access.log combined #Seda rida tuleb muuta Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
- Ava www konfiguratsiooni faili nanoga.
nano /etc/apache2/sites-available/www
- Muudetud www fail peaks välja nägema selline :
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.firma.ee #Lisa see rida siia DocumentRoot /var/www/www #Seda rida tuleb muuta <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/www> #Seda rida tuleb muuta Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/www.error.log #Seda rida tuleb muuta # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/www.access.log combined #Seda rida tuleb muuta Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
- sales ja www virtualhostide kasutamiseks tuleb keelata default lehekülg ja lubada sales ning www, sisestades käsurealt järgmised käsud:
a2ensite sales a2ensite www a2dissite default /etc/init.d/apache2 reload
- Testimine
Testimiseks tuleb luua index.html fail nii www kui ka sales kataloogi. Selleks tegutse järgmiselt:
- Loo fail www kataloogi
nano /var/www/www/index.html
- Kirjuta faili
<h1>Firma pealeht</h1>
- Loo fail sales kataloogi
nano /var/www/sales/index.html
- Kirjuta faili
<h1>Myygiosakond</h1>
- Kontrollimiseks mine veebilehitsejaga järgmistele aadressidele:
links http://www.firma.ee links http://sales.firma.ee
phpinfo lehe loomine
Loo fail
nano /var/www/www/phpinfo.php
Kirjuta faili
<?php phpinfo(); ?>
Kontrollimiseks mine veebilehitsejaga aadressile
links http://www.firma.ee/phpinfo.php
Peaks nägema standartset phpinfo lehte.
SSL keskkonna loomine
Sertifikaadi genereerimine
Kõik allpool toodud käsud teha root kasutaja alt. Root kasutajaks saab käsuga:
sudo -i
Kõigepealt liikuda kataloogi /etc/apache2/ ja siis genereerida www.firma.ee võtmed
cd /etc/apache2/
Käivitada seal käsk:
openssl req -nodes -new -keyout www.firma.ee.key -newkey rsa:1024 > www.firma.ee.csr
Küsimustele vastata nii nagu allpool näidatud.
Country Name (2 letter code) [AU]:EE State or Province Name (full name) [Some-State]:Tallinn Locality Name (eg, city) []:Tallinn Organization Name (eg, company) [Internet Widgits Pty Ltd]:Firma Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:www.firma.ee Email Address []: A challenge password []: An optional company name []:
Käivitada need käsud
openssl x509 -req -days 3650 -in www.firma.ee.csr -signkey www.firma.ee.key -out www.firma.ee.crt
openssl x509 -in www.firma.ee.crt -noout -text
Nüüd genereerime sales.firma.ee võtmed
cd /etc/apache2/
Käivitada seal käsk:
openssl req -nodes -new -keyout sales.firma.ee.key -newkey rsa:1024 > sales.firma.ee.csr
Küsimustele vastata nii nagu allpool näidatud.
Country Name (2 letter code) [AU]:EE State or Province Name (full name) [Some-State]:Tallinn Locality Name (eg, city) []:Tallinn Organization Name (eg, company) [Internet Widgits Pty Ltd]:Firma Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:sales.firma.ee Email Address []: A challenge password []: An optional company name []:
Käivitada need käsud
openssl x509 -req -days 3650 -in sales.firma.ee.csr -signkey sales.firma.ee.key -out sales.firma.ee.crt
openssl x509 -in sales.firma.ee.crt -noout -text
SSL seadistamine
SSL mooduli lubamiseks järgmine käsk
a2enmod ssl
Seejärel restardime apache
/etc/init.d/apache2 restart
Seadistame apache2.
nano /etc/apache2/ports.conf
Failis ports.conf peab <IfModule mod_ssl.c> ja </IfModule> tagide vahel olema ainult järgmised read.
Listen 443 Listen 444
Järgnevalt muuta faili /etc/apache2/sites-enabled/www/
nano /etc/apache2/sites-enabled/www
Lisada faili lõppu peale viimast </VirtualHost> rida järgnev uus Virtualhosti sektsioon. Jälgida, et crt ja key failid oleks vastavates kataloogides.
<VirtualHost *:443> ServerAdmin webmaster@localhost ServerName www.firma.ee DocumentRoot /var/www/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/www> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/www.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/www.access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorLog /var/log/apache2/www.firma.ee-ssl-error.log TransferLog /var/log/apache2/www.firma.ee-ssl-access.log SSLEngine on SSLCertificateFile /etc/apache2/www.firma.ee.crt SSLCertificateKeyFile /etc/apache2/www.firma.ee.key SSLOptions +StdEnvVars </VirtualHost>
Nüüd tuleb muuta sales faili
nano /etc/apache2/sites-enabled/sales
Lisada faili lõppu peale viimast </VirtualHost> rida järgnev uus Virtualhosti sektsioon. Jälgida, et crt ja key failid oleks vastavates kataloogides.
<VirtualHost *:444> ServerAdmin webmaster@localhost ServerName sales.firma.ee DocumentRoot /var/www/sales <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/sales> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/sales.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/sales.access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorLog /var/log/apache2/sales.firma.ee-ssl-error.log TransferLog /var/log/apache2/sales.firma.ee-ssl-access.log SSLEngine on SSLCertificateFile /etc/apache2/sales.firma.ee.crt SSLCertificateKeyFile /etc/apache2/sales.firma.ee.key SSLOptions +StdEnvVars </VirtualHost>
Seejärel restardime apache
/etc/init.d/apache2 restart
Testimiseks käivitame järgmised käsud
links http://www.firma.ee links http://sales.firma.ee links https://www.firma.ee:443 links https://sales.firma.ee:444
Kui tulevad õiged lehed ette ja erroreid ei viska, siis on kõik OK.
Teenuse start/stop/restart
Apache2
/etc/init.d/apache2 {start | stop | restart}
Mysql-server
/etc/init.d/mysql {start | stop | restart}
Varukoopiate tegemine
Veebide sisu backup siit
/var/www/www
Veebi sales.firma backup siit
/var/www/sales
Apache2 konfiguratsiooni kausta backup siit
/etc/apache2
Apache2 log failide backup teha siit
/var/log/apache2
Taastamine
Veebi sisu andmed taasta kataloogi backupist
/var/www
sales.firma andmed taasta kataloogi backupist
/var/www/sales
Veebiserveri upgrades tulnud tõrked taasta varasem konfiguratsioon kataloogi backupist
/etc/apache2
logifailid taasta kataloogi backupist
/var/log/apache2
Lingid
Kuutõrvaja - Apache'i veebiserver - Siit saab abi