Ȼ/07

Top / Ȼ / 07

24ŸäƤ櫓ǤϤʤФˤĤƤο

μȤǡƥкȤƤ OS, Ports/Pacages ȾưŪȼˤĤƳؤ24ŸäƤȾưŪ˾åǤƤ륷ƥǤϤʤ, ȾưͭǤϤʤ.
ĤޤꡤŸ줿Ȥ˥ƥξåԤʤ.
ư˼ưŪ˹Ԥ褦ˤƤ褤ǤγؽƤ褫ƴñǽưŪ˹ԤȤͤ褦.

notes.png ŪˤϡŸ줿ʤ٤ϰʲκȤԤ.

(OS ΥС󤬸ŤʤΥå˻Ȥ)

 freebsd-update fetch 

(󥹥ȡ뤵Ƥ Ports/Packages ȼΥå)

 portaudit -adF  

(Ports ι)

 portsnap fetch
 portsnap update

(󥹥ȡ뤵Ƥ Ports/Packages ɤ줯餤Ťλͤ. ϻ֤ΤǾ˱.)

 portupgrade -na 

Хӥ: web ФˤĤƳ

ơͥåȥӥǤܤץ Web ФºݤưƤߤ褦.


Web Фؤ³ͻ
[Web Фؤ³ͻ]




Web ȤȤߤϥץǤ褦߷פ줿ΤǤΤǡοޤˤߤ褦˴ܹ¤ϤȤƤ򤷤䤹.
warning.png ܤϥץʤΤξŸƤѵѤϺȤʤäƤϷ빽ʣǡƤİϴñǤϤʤ.
warning.png ܺ٤ϸ뤬̤ Port 80 ̾ Web Τ(HTTP)˻ȤPort 443 SSL Ǥ web ΤȤ(HTTPS)˻Ȥ뤳Ȥ¿.

ȤȤǡ Web ФѰդưƤߤ.

Web Хեȥ Apache

web ФȤˤ꤫ĺǤɤȤΤϸǤApache*1 Ǥ.
Apache Software Foundation( http://www.apache.orghttp://www.apache.jp 򻲾Ȥ)dzȯƤ.
ȼä˽Ȥʤ꤬ webХץȤƤϡֹȤƤơ᤯ΤפΤȤΤ褤.

󥹥ȡν

ѤΥ饤󥹳ǧ

notes.png եȥƳȤϡޤϤȤ⤫饤󥹤ǧ褦. Ūˤ Apache Software Foundation Web ܤõɤ⤦*2.

󥹥ȡ뤵Ƥʤå

notes.png Web Ф˥󥹥ȡ뤵ƤꡤưƤꤷʤå褦. Ūˤϡ

  • ޤ/etc/rc.conf ɤߡޤ/usr/local/etc/rc.d (ǥ쥯ȥ)򸫤ơapache httpd ʤɤε/¸ߤʤɤ̵å.
  • ˡ
     pkg_info | grep -i apache
    νϷ̤ߤ, Ports/Packages Ȥ Apache 󥹥ȡ뤵Ƥʤå.
    ⤷⥤󥹥ȡ뤵Ƥ褦ʤСκȤΤˤΥСֹ򹵤Ƥ
  • ˡ
     ps -axuww | grep -i http
    νϷ̤ߤ, web server तưƤʤ(֤ httpd Ȥ̾ưƤ뤿)å.
  • ˡ
     lsof -i4 | grep -i http
    νϷ̤ߤ, ͥåȥӥȤ httpd ưƤʤå.

嵭Ƥޤå褦.
ΤĤ꤬ʤΤ apache 󥹥ȡ뤵ƤȤ褦ʾ硤
ΥС 1.3 Ϥ 2.0 ϤȾ䥳Τǡǰΰ٤ˤä󥢥󥤥ȡ뤷Ƥ( pkg_deinstall ȤФ褤)

󥹥ȡ뤹٤Сİ

ȤꤢǿСǤ褤褦˻פ줰餤礭ʥեȥȤ⤤ʤȤ⤢.
ǡ礶äѤǤ褤ΤǥСˤ㤤ɤʤΤĴ٤Ƥ.
ޤʬ apache ˤϸߤ 1.32.02.23ĤΥС󤬤.

notes.png ˤɤΤ褦ʰ㤤Τ礶äѤˤǤ褤ΤǤ٤. λܤ٤ݥȤϡ

  • ǽѹϤɤ Ȥơ
  • 饤󥹤ѹϤʤ
  • ѤǤĶ(OS äȤʤ륽եȥΥС)ѹϤɤ
  • ꤷưƤ
  • ޥ˥奢Ͻ¤Ƥ뤫

ʤɤˤʤ.

󥹥ȡ

ơ󥤥󥹥ȡ뤹С 2.2 ȤƤ. äϤʤϤ.

Ports Ѥƥ󥹥ȡ

ƥ󥹥ȡ ports Υ󥹥ȡǤ褤ĤȤ줬褤.

notes.png ޤĤΤ褦ˡ

 portsnap fetch
 portsnap update

Ȥǰΰ٤ ports ǿΤΤˤƤ顤psearch Ȥä apache ɤˤ뤫Ĵ٤褦
¿ʬʤ顤õ٤ "apache22" Ǥ뤳Ȥ򶵤Ƥ

ơĤΤ褦 portinstall Ȥäƥ󥹥ȡ뤹.

 cd /usr/ports
 portinstall www/apache22

ver. 2.2.13 Υ󥹥ȡ뤬Ϥޤ(μ½٤ƹԤͤˤäƤ 2.2.14 ˤʤäƤ뤫).
ʤŤС󤬴˥󥹥ȡ뤵Ƥͤ portinstall ǤϤʤ portupgrade ǥС󥢥åפƤ

Ф餯ȡApache Υ󥹥ȡ륪ץ
01.png
ʹƤ뤳ȤΤǡϡ

  • IPv6 Υå򳰤 (μȤǤ IPv6 ϻȤʤΤ)

ѹ뤰餤ǡȤϤΤޤޤǿʤƤ褤(mod_dav mod_dav_fs ⳰Ƥ褤⤷ʤ).

warning.png Ports Υ󥹥ȡ륪ץϰꤹȵϿ졤Ϥ꤬Ȥ褦ˤʤäƤ.
Τᡤְ㤨򤷤ƤޤäΤǥ󥹥ȡľȤ褦ʾϺ.
ϡ/var/db/ports βˤ륪ץ󤬵Ͽ줿ե options õƤ饤󥹥ȡ뤷褦. кƤӥץҤͤƤ.

warning.png 礭ʥեȥǤ, 󥹥ȡ˽פʤɤ̤˽Ϥ.
ƨѤʤȤˤʤ뤳Ȥ⤢Τǡ̤ܤ̤Ȥ˺ƤϤʤ.
뤬®¿ʬɤߤʤPorts ǥ󥹥ȡ뤷ϡĤ褦˰ꤷƤΤǡΥ򥤥󥹥ȡ뤬äȤˤäɤФ褤.
Ports Υ󥹥ȡϡ̤ʤ /var/log/ports ʲˤϤ.

notes.png 󥹥ȡ뤬ä顤󥹥ȡɤǡʤɤʤå褦.
Apache Υ󥹥ȡɬפʡ¾Υեȥפ˥󥹥ȡ뤵, ˤĤ¸ߤ뤳ȤͤΤǡ

 cd /var/log/ports
 ls -lgaF

ʤɤȤƥեդåơApache Ȱ˥󥹥ȡ뤵줿Ȼפ뿷եȤΥեƤˤʤ٤ܤ̤.

ºݡΥǥ쥯ȥˤ www::apache22.log ɤ(եκǽʬϤФ餯ϥץ̤ΤΥץ󥹤ɤߤˤؿʤ)
åսʬȴФȰʲΤ褦ˤʤ.


(: ץľ夰餤)

To enable a module category: WITH_<CATEGORY>_MODULES

To disable a module category: WITHOUT_<CATEGORY>_MODULES

Per default categories are:

AUTH AUTHN AUTHZ DAV CACHE MISC

Categories available:

AUTH AUTHN AUTHZ CACHE DAV EXPERIMENTAL LDAP MISC PROXY SSL SUEXEC THREADS

To see all available knobs, type make show-options

To see all modules in different categories, type make show-categories

You can check your modules configuration by using make show-modules

ץ On/Off 丽꤬ɤʤäƤ뤫Τˡ.
ϤȤꤢˤʤƤ褤.



(: ºݤΥ󥹥ȡ뤬ϤޤäƤ)

Package openssl was not found in the pkg-config search path.

Perhaps you should add the directory containing `openssl.pc'

to the PKG_CONFIG_PATH environment variable

No package 'openssl' found

forcing SSL_LIBS to "-lssl -lcrypto -lcrypt -lpthread"

openssl package äƤʤ? Ȥå
ǽ餫饷ƥäƤФȤꤢʤΤǡΤޤޤǤ褤(⤷äƤʤФ˰㤦åϤ)




----------------------------------------------------------------------

Libraries have been installed in:

/usr/local/lib

If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

- add LIBDIR to the `LD_LIBRARY_PATH' environment variable

during execution

- add LIBDIR to the `LD_RUN_PATH' environment variable

during linking

- use the `-Wl,-rpath -Wl,LIBDIR' linker flag

See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

󥹥ȡ뤵줿饤֥򼫺եȤǻȤФȤä.
⺣ϤȤꤢˤʤƤ褤.




(󥹥ȡºȤΤΤۤܽäȤ)

To run apache www server from startup, add apache22_enable="YES"

in your /etc/rc.conf. Extra options can be found in startup script.

Apache 򡤥еư(ưŪ)ư褦ˤФޤ٤ץϵưץȤ˽񤤤ƤϤȤä.
warning.png 빽פʥå. ƨʤ褦ˤ褦.
warning.png ưץȥեϡƤ /usr/local/etc/rc.d Ȥǥ쥯ȥ֤.



Your hostname must be resolvable using at least 1 mechanism in

/etc/nsswitch typically DNS or /etc/hosts or apache might

have issues starting depending on the modules you are using.

ޥΥۥȥ͡ब /etc/nsswitch.conf ǻꤵ줿ˡDzǤ(=ۥȥ͡फ IP 狼Ȥ̣)褦ˤƤ衤Ǥʤ apache ꤬뤫衤Ȥä
ǧȤΤǤС

 dig `hostname`

ȤơʬΥޥ IP Ϥ褦ʤפ
ǥʤ顤/etc/hosts įƤߤơ˾󤬽񤤤Ƥ뤫å롥񤤤ƤФޤס
Ǥʤ顤ޤǤ꤬뤫ΥФ꤬Τǡ TA ˿Ҥͤ褦




(ۤܺǸ)

This port has installed the following files which may act as network

servers and may therefore pose a remote security risk to the system.

/usr/local/lib/libapr-1.so.3

This port has installed the following startup scripts which may cause

these network services to be started at boot time.

/usr/local/etc/rc.d/apache22

/usr/local/etc/rc.d/htcacheclean

If there are vulnerabilities in these programs there may be a security

risk to the system. FreeBSD makes no guarantee about the security of

ports included in the Ports Collection. Please type 'make deinstall'

to deinstall the port if this is a concern.

For more information, and contact details about the security

status of this software, see the following webpage:

http://httpd.apache.org/

ƥŪ˥ꥹʬˤĤ.
ñˡ֤ǽΤꤦץեȤ饤֥꤬Ū󤵤ʤΤǤߤƤˤɤȤΤǤϤʤȤꤢܤ̤Ƥ٤.

Apache εư

ư

notes.png ޤ OS ֡Ȼ Apache ư褦ˤ褦.
˻ꤵ줿褦˺Ȥ򤷤Ƥ顤֡Ȥ褦.

ưå

ơǴ˵ư Apache ư褦ˤʤäƤϤ.

notes.png ǡΤ˵ưƤ뤫ǧ褦.

  • ޤϾǥ󥹥ȡ˥å lsof ˡȤΤ褤.
  • ˡưƤʤФ (lynx, w3m, firefox ) Web Browser http://localhost/ ˥Ƥߤ褦. "It Works!" ʤɤɽ Apache μ¤ưƤ.

warning.png ưƤʤϤɤäƸͤߤФ褤?
㤨СνĴ٤Ф褽ͤߤ褦.

  1. /var/log/ β httpd-error.log Ȥ褦ʥե뤬뤫Ĵ٤. 줬̵褦ʾϡApache ϡֵư褦Ȥ餷ʤäפȤȤʤΤǡ/etc/rc.conf ˽񤭤ʸΥڥߥʤɤȤǽ⤤.
  2. /var/log/httpd-error.log ɤ. Apache εưεϿϤ. [alert] ʤɤȤĽ꤬ФŦƤĽʤΤǡΥå򤷤äɤ򤷤褦.

notes.png ˡCGI (Common Gateway Interface)ΥƥȤ³ΥåͤƺȤ褦.
Ūˤϡ

 cd /usr/local/www/apache22/cgi-bin
 chmod aog+x ./printenv

Ȥơץ cgi ưĤФƤ顤٤ http://localhost/cgi-bin/printenv ³Ƥߤ褦.

DOCUMENT_ROOT="/usr/local/www/apache22/data"

GATEWAY_INTERFACE="CGI/1.1"

HTTP_ACCEPT="text/html, text/plain, text/css, text/sgml, */*;q=0.01"

HTTP_ACCEPT_ENCODING="gzip, compress, bzip2"

HTTP_ACCEPT_LANGUAGE="en"

HTTP_HOST="localhost"

HTTP_USER_AGENT="Lynx/2.8.6rel.5 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e" web browser ξ

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin"

QUERY_STRING=""

REMOTE_ADDR="127.0.0.1" ۥ

REMOTE_PORT="53511"

REQUEST_METHOD="GET"

REQUEST_URI="/cgi-bin/printenv"

SCRIPT_FILENAME="/usr/local/www/apache22/cgi-bin/printenv"

SCRIPT_NAME="/cgi-bin/printenv"

SERVER_ADDR="127.0.0.1" ФΥɥ쥹

SERVER_ADMIN="you@example.com" Фδ

SERVER_NAME="localhost" Ф̾

SERVER_PORT="80"

SERVER_PROTOCOL="HTTP/1.0"

SERVER_SIGNATURE=""

SERVER_SOFTWARE="Apache/2.2.13 (FreeBSD) DAV/2 mod_ssl/2.2.13 OpenSSL/0.9.8e" եȥγ

UNIQUE_ID="Swzoc8CoCoIAAEP8icQAAAAE" ꥯ˰դ ID

Ȥ褦ɽФơ³ȤδĶ狼.
Web ФξɤʬʤĤȤ褦ʻϤƴܾ褦.

notes.png ʤξïˤǤ⸫ƤޤΤɤʤΤǡʲΤ褦ˤƥץ cgi ưʤ褦˸ᤷƤ.

 cd /usr/local/www/apache22/cgi-bin
 chmod aog-x ./printenv

warning.png CGI ȤϤñ˸ WebФ˥ƥоưץǤ. ƥΡַפȤʤ䤹ΤǡCGI ˤĤƤäտȤ褦.

˼ư apache ư᤿ꤹˡ񤤤Ƥ.
ưǵưʤС

 /usr/local/etc/rc.d/apache22 start

Ȥưǻߤ᤿

 /usr/local/etc/rc.d/apache22 stop

ȤФ褤.
warning.png Υץȥե(/usr/local/etc/rc.d/apache22)ɤȤ狼뤬/etc/rc.conf apache22_enable="YES" 񤤤Ƥʤ apache ưʤ褦ˤʤäƤ롥

notes.png ơapache ̵˵ưƤ뤳ȤޤdzǧǤưǤä apache 褦.
ƺƤ webbrowser http://localhost/ ˥ơ apache ޤäƤ뤳Ȥǧ褦.

Apache

¤

apache ե /usr/local/etc/apache22 ʲ֤Ƥ.
ơ¤Ԥ.

notes.png ޤweb ФȤƤδե httpd.conf ǤΤǤԽ.
warning.png ֽפʡץեԽȤϸΥեΥХååפȤäƤ. ˡϸŪǤ⹽ʤ. 㤨СŪˤϡ

 cp httpd.conf httpd.conf.ORG

ʤɤȤФ褤.

ѹΤϰʲǤ.

ServerAdmin
web ԤΥ᡼륢ɥ쥹. ץ뤬񤤤ƤΤǤ狼.
DocumentRoot
web Υ롼ȤȤưǥ쥯ȥ.
ǥեȤǤ /usr/local/www/apache22/data ȤʤäƤ뤬apache ΥСֹ椬äƤꤷƤʤȤؤ(ޤ٤ǤϤ뤬)ƥ̤ǥեȤΤޤޤˤƤʤ褦ˤ褦.
ǡ˥ǥ쥯ȥ(㤨 /usr/local/web_dir/top ʤ)ʤɤ*3ѰդƤ, 񤭴Ƥ.
϶Ūˤ

DocumentRoot "/usr/local/www/apache22/data"

ȤԤ򤳤

DocumentRoot "/usr/local/web_dir/top"

Ƚ뤳Ȥˤʤ.
ޤDocumentRoot Ȥ˴ؤʬ <Directory "/usr/local/www/apache22/data">ʤɤ˽񤤤ƤΤǡ⼫ʬˤ碌ľƤ. Ūˤ

<Directory "/usr/local/www/apache22/data">

<Directory "/usr/local/web_dir/top">

ľȤˤʤ.
ScriptAlias
cgi ֤. ǥեȤΤޤޤǤϤʤʤΤǡŬ˿ǥ쥯ȥ(㤨 /usr/local/web_dir/cgi ʤ)äƤ顤ѹ褦. ξϡ

ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"

Ƚ񤤤Ƥʬ㤨

ScriptAlias /cgi-bin/ "/usr/local/web_dir/cgi/"

Ƚ뤳Ȥˤʤ(ǸΥå˺ʤ褦!!). ޤˤĤƤ

<Directory "/usr/local/www/apache22/cgi-bin">

<Directory "/usr/local/web_dir/cgi">

ȽʤȤȤʤΤդ褦.

notes.png Ǥϡ꤬ѹǤå褦.
ޤѰդ DocumentRoot 㤨мΤ褦ŬƤ index.html եѰդ褦.

<html>

ʤǤ褤Τǽ.Ȥꤢե٥åȤΤߤǽ񤤤褤

</html>

apache ưǵưhttp://localhost ˥ơּʬѰդ index.htmlפȤ뤳Ȥǧ褦.

notes.png ˡcgi ΰ̣ϤŪͤ cgi ΥƥȤԤ.
ޤ*4

#!/bin/csh -f

echo "Content-type: text/plain; charset=iso-8859-1"

echo ""

echo ""

/usr/games/fortune

Υե web-test Ȥ̾Τ(ʬꤷ) cgi ǥ쥯ȥ֤.
warning.png ǸιԤDzԤƤʤ fortune ¹ԤʤΤDzϤʤ. ȲԤ褦.

ˤΥեμ¹ԥѡߥåꤷ褦.

 cd (ʬꤷ cgi ǥ쥯ȥ)
 chmod aog+x ./web-test

ԤäƤ顤 http://localhost/cgi-bin/web-test ˥Ƥߤ. Τä fortune η̤ web browser ˽ϤΤ.
ޤäƤǰΰ٤˼¹ԥѡߥåȤƤ.

 cd (ʬꤷ cgi ǥ쥯ȥ)
 chmod aog-x ./web-test

ơޤǤޤä¤ OK ʤΤ apache Ƥߤ褦.

Apache εǽĤ

TLS (Transport Layer Security) / SSL (Secure Sockets Layer)

ޤǤ Apache ؤ Web ³ǤΡHTTP³פǡ(port 80 ǹԤƤ) ¤ϥǡ֤ΤޤޡץͥåȥήƤ.
Ĥޤꡤͥåȥ˵ޥʤɤ鸫ήƤǡϴݸǤꡤ̩ˤפʥǡʤɤήʤʾ֤Ǥ롥

ͥåȥ̿Ź沽ˡˤĤ¸ߤ.
ΰĤǤ TLS (Transport Layer Security) ( SSL(Secure Sockets Layer))Ȥäơweb Ѥ̿ץȥ HTTP 򤽤ξѤŹ沽 HTTP, ¨ HTTPS(HTTP over SSL) Ȥ褦ˤƤߤ褦.
warning.png TLS/SSL ŪʻȤߤǤꡤHTTP ʳ̿ܤ뤳ȤǤ.

ޤƥΤ TLS 󶡤뵡ǽñ˽Ҥ٤Ƥȡ

Ź沽
̿ƤŹ沽. ȤŹ 57٤.
θ
Ȥꤹï˲⤵ƤʤФǤ.
ǧ
³꤬̾äƤȤ꤫פ. ̾ϥ¦򸫤뤬(ɬפʤХץ)饤¦򸫤褦ˤǤ.

λǤ.
Ź沽ȲθФˤĤƤϥФȥ饤ȤδطΩ뤬
ǧڤˤĤƤϡ軰(ǧڶ)ˤ뤽ξݾڡפɬפǤ.
notes.png TLS/SSL ˤĤơ˾ܤĴ٤Ƥ.

ơHTTPS ȤϤ褦.

ˤϤޤTLS/SSL ΤΤν򤷤ʤȤʤ.
TLS/SSL ȤˤϾ3ĤεǽΤǧڤΤˡѰդʤȤʤ.
ݾڤŻҽ̾Ԥǧڶɤ˺Ȥꤹˤ̾Ѥ뤷³⤽ʤ˻.

ǡܼȤǤϼʬǼʬݾڤƾäƤޤ.
warning.png ¯˸"쥪" Ǥäơǧڤˤ꤬. ޤ finger print ϤʤɤΡְʷϩǡꤷƳǧʤɤǤΤϤǤȻפɡ ޤ̩ apache.key ΤϰŹ沽ƤʤΤǼ갷դ.

notes.png ŪˤϰʲΤ褦˺Ȥ뤳ȤǾ(apache.crt)Ǥ.

 cd /usr/local/etc/apache22
 openssl genrsa -out apache.key 1024
 openssl req -new -x509 -days 365 -key apache.key -out apache.crt  

ǸξˤĤ䤵Τǡ㤨аʲĻΤ褦Ŭڤ褦.

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:JP

State or Province Name (full name) [Some-State]:Osaka ʤ

Locality Name (eg, city) []:Toyonaka ʤ

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Osaka Univ. ʤ

Organizational Unit Name (eg, section) []:Faculty of Science ʤ

Common Name (eg, YOUR name) []:web ФȤƤ̾񤯡㤨Сq09.cl.math.sci.osaka-u.ac.jp ʤ

Email Address []:дԤΥ᡼륢ɥ쥹

ȡapache.crt Ȥ(ͭ 365Τ)ǤƤϤ.
warning.png openssl ˤĤƤ man openssl ǡopenssl req ΥץˤĤƤ man req ǥޥ˥奢ɤळȤǤ.

ǡƤٳǧƤ.

 openssl x509 -in apache.crt -text

ȤƤϤΤǡߤƤ.

notes.png ˡHTTPS եľ.
/usr/local/etc/apache22/extra/httpd-ssl.conf եʤΤǡ <VirtualHost _default_:443> ʬ褦.
ŪˤϰʲΤ褦ˤ褦.
warning.png 󤳤Υե˥ХååפäƤ.

DocumentRoot
äͳʤо DocumentRoot ƱˤƤȤ褤.
ServerName
֤ݤΡ̾ˤʤ. ϥƥȤʤΤǥޥ̾Ǥ褤. 㤨 q3000.sci.osaka-u.ac.jp ȤޥʤС

ServerName q3000.sci.osaka-u.ac.jp:443

Ƚ񤯤Ȥˤʤ. ʤߤˡꤹʤ httpd.conf ServeName ȤܤƱͤ

ServerName q3000.sci.osaka-u.ac.jp:80

ꤷƤ̷⤬ʤƤ褤.
ServerAdmin
ʬΥ᡼륢ɥ쥹ѹƤ.
SSLCertificateFile
Ǻäե "/usr/local/etc/apache22/apache.crt" ľƤ.
SSLCertificateKeyFile
Ϥäե "/usr/local/etc/apache22/apache.key" ľƤ.

ˡ/usr/local/etc/apache22/httpd.conf

# Include etc/apache22/extra/httpd-ssl.conf

Ƚ񤤤ƤԤιƬ # äƤιԤͭˤ褦.

Ͻλ. apache 򤤤äƤ鵯ư https://localhost ˥ơΤ https ³Ǥ뤳ȤΤ褦.
(ǤС Common Name ǻꤷ̾ǥ褤㤨Сq09.cl.math.sci.osaka-u.ac.jp ʤСhttps://q09.cl.math.sci.osaka-u.ac.jp/ Ȥƥ褦)
쥪ʤΤǡ֤?פȿҤͤΤǡפȤؿʤ³褦.
ʤfirefox ʤɤȡhttps ³ƤȤϥץβ¦˸Υޡɽ줿ꤹΤdzǧ䤹.

warning.png "쥪" ϤʤΤǡꥹ.

notes.png "쥪" δˤĤĴ٤Ƥ.
ĿŪˤϹڹ "ڹ" 20071125ε( http://takagi-hiromitsu.jp/diary/20071125.html )ʤɤ褯狼äƤ褤Ȼפ.

Apache ʵǽ: Basic ǧ / Digest ǧ

Apache ˤϼ¤¿εǽ.
ΰĤǤǧ(Basic ǧڤ Digest ǧڤ)ˤĤΤ.
ϥݤ˥桼̾ȥѥɤϤ׵ᤵ륢ȥ뵡ǽΰǤ.
ǥ쥯ȥեñ̤꤬ǽǡñʤʤΤǡȤ褦ˤʤäƤȤ褤.
warning.png Basic ǧڤϥƥŪˤϤޤǤǤϤʤDigest ǧڤϾŤΥ֥饦ϻȤʤ.

Basic ǧ

ޤϤȤꤢ Basic ǧڤȤäƤߤ褦.

notes.png Basic ǧڤˤɤΤ褦ʥƥ꤬뤫Apache 2.2ޥ˥奢Ρǧڡǧ( http://httpd.apache.org/docs/2.2/ja/howto/auth.html )ɤĴ٤Ƥ.

ơºݤˤäƤߤ褦
notes.png ޤоݤȤʤǥ쥯ȥѰդ.
(ʬꤷDocumentRoot)β test Ȥǥ쥯ȥꡤ basic ǧڤƤߤ褦.
Ȥ櫓ǡޤϥǥ쥯ȥ褦.

notes.png ˥Ȥȥѥɤޤѥɥե.
ѥɥեϡ DocumentRoot ʲˤϺʤפ褦ˤʤȳɤƤޤ⤷ʤᡤ򤱤褦.
㤨 /usr/local/etc/apache22/Includes ˺Ȥȡ

 cd /usr/local/etc/apache22/Includes
 htpasswd -c ./passwdfile test-user 
 桼 "test-user" Υѥɤ򿷵˹ͤ

ȤФ褤.
warning.png ˤΥѥɥե뤬¸ߤΤ "-c" ץĤ htpasswd ¹ԤȤΥեȤϾäƤޤΤǡ"-c" ĤȤϤ줰⿵Ť.

ǰΰ٤ˤΥեɤǤߤơΤ˥桼̾ȥѥ(Ź沽Ƥ)ǼƤ뤳ȤǧƤ.

Basic ǧڤͭˤΤŪˡϰʲबäơ

  • ƥ¦ꤹˡ(httpd.conf Ǥ)
  • ƥǥ쥯ȥ .htaccess եꤹˡ

줾.
桼ʬǤԤȤ(ʬꥹΤǡѤκݤϤäĴ٤Ƥ)ΤǺϸԤǤäƤߤ褦.

notes.png ǤϡBasic ǧڤºݤͭˤ褦.
ޤΤνȤơޤ httpd.conf <Directory "(ʬꤷDocumentRoot)"> ʲˤ

AllowOverride None

ȤԤ

AllowOverride AuthConfig

ˤƤ.
warning.png "AllowOverride ..." ȤԤʣΤǡսְ㤨ʤ褦.

ˡѰդ test Ȥǥ쥯ȥʲ˼Ƥ .htaccess Ȥե.

AuthType Basic

AuthName "basic auth test!"

AuthUserFile /usr/local/etc/apache22/Includes/passwdfile

require user test-user

줫顤Υǥ쥯ȥ˼Τ褦Ƥ index.html ѰդƤ.

<html>

The basic auth function test was successful.

</html>

apache ƤƤ apache ư Basic ǧڤͭˤʤäƤϤ.

notes.png ǧڵǽޤƯǧƤߤ褦.
http://localhost/test (Ѱդǥ쥯ȥ) ˥Ƥߤơ桼̾ȥѥɤʹϤʤΤǡtest-user Ȥ桼̾졤ʬǾꤷѥɤƤߤ褦.
̵Ǥơ "The basic auth ... "Ȥɽߤ OK .

notes.png ᤯ʤ˺¤äƤͤǧڵǽȤ褦˾ɲäơƤ餪.
Ūˤϡ

 cd /usr/local/etc/apache22/Includes
 htpasswd ./passwdfile οѤΥ桼̾
 Υ桼Υѥɤ򿷵˹ͤ

ȤƤ顤Υǥ쥯ȥˤ .htaccess require Ԥɲä桼ʲΤ褦˲äơ

require user test-user ɲå桼̾ ڡǶڤ

Ȥ뤫

Require valid-user

ľ.
ơοͤ Web ֥饦ǼʬΥۥȤФ http://q**.cl.math.sci.osaka-u.ac.jp/test (ʬΥۥ̾/Ѱդǥ쥯ȥ) Ȥƥ㤤Ʊͤ˥桼̾ȥѥɤƥǤ뤫ߤΤǤ.
warning.png Ԥ "Require valid-user" ϡѥɥե˽񤫤Ƥ桼Ƥоݤˤʤ롤ȤǤ.
warning.png 桼䤹ˤϡ¾ˤ Group եѤˡǡ١Ȥˡʤɤ. ŪˡϾˤ⼨ Apache 2.2ޥ˥奢Ρǧڡǧ( http://httpd.apache.org/docs/2.2/ja/howto/auth.html )ʤɤǫ˽񤤤ƤΤǻȤ.
warning.png htpasswd ǥ桼ɲáפȤ "-c" ץ󤬤ʤȤդ.

Digest ǧ

Digest ǧڤ򤷤Ƥߤ褦. ƥ Basic ǧڤ깥ޤΤǡ줬ʤȤϤȤ褦ˤ褦.

ǥ쥯ȥΤΤ򤽤Τޤ޻ȤȤ褦.

notes.png ơDigest ǧѤ˿Ȥȥѥɤޤѥɥե.
ѥɥե־Фդ BasicǧڤƱǤ.
ơ֤ƱǤ褤.
ơŪˤϺȤϰʲΤ褦ˤʤ.

 cd /usr/local/etc/apache22/Includes
 htdigest -c ./passwdfile-digest "Digest auth test" digest-test-user
 桼 "digest-test-user" Υѥɤ򿷵˹ͤ

warning.png ˤΥѥɥե뤬¸ߤΤ "-c" ץĤ htdigest ¹ԤȤΥեȤϾäƤޤΤǡ"-c" ĤȤϤ줰⿵Ť.
warning.png htdigest ޥɤܤΰȤ realm (ǧڤоϰϤȤǤ⤤)ɬפȤʤ. "Digest auth test" ˤ. ơ realm .htaccess AuthName ȤƻȤΤdzФƤ.

ˡ testǥ쥯ȥ .htaccess ե Digest ǧѤ˽褦.
ŪˤϼΤ褦ˤʤ.

AuthType Digest

AuthName "Digest auth test" htdigest ޥɤϤΤȴ˰פ뤳!

AuthUserFile /usr/local/etc/apache22/Includes/passwdfile-digest

require user digest-test-user

ĤǤ index.html 礳äľƤ.

<html>

The digest auth function test was successful.

</html>

OK .

notes.png ǧڵǽޤƯǧƤߤ褦.
http://localhost/test (Ѱդǥ쥯ȥ) ˥Ƥߤơ桼̾ȥѥɤʹϤʤΤǡtest-user Ȥ桼̾졤ʬǾꤷѥɤƤߤ褦.
̵Ǥơ "The digest auth ... "Ȥɽߤ OK .

notes.png ᤯ʤ˺¤äƤͤǧڵǽȤ褦˾ɲäơƤ餪.
Ūˤϡ

 cd /usr/local/etc/apache22/Includes
 htdigest ./passwdfile-digest "Digest auth test" οѤΥ桼̾
 Υ桼Υѥɤ򿷵˹ͤ

ȤƤ顤Υǥ쥯ȥˤ .htaccess require Ԥɲä桼ʲΤ褦˲äơ

require user digest-test-user ɲå桼̾ ڡǶڤ

Ȥ뤫

Require valid-user

ľ.
ơοͤ Web ֥饦ǼʬΥۥȤФ http://q**.cl.math.sci.osaka-u.ac.jp/test (ʬΥۥ̾/Ѱդǥ쥯ȥ) Ȥƥ㤤Ʊͤ˥桼̾ȥѥɤƥǤ뤫ߤΤǤ.
warning.png Ԥ "Require valid-user" ϡѥɥե˽񤫤Ƥ桼Ƥоݤˤʤ롤ȤǤ.
warning.png 桼䤹ˤϡ¾ˤ Group եѤˡǡ١Ȥˡʤɤ. ŪˡϾˤ⼨ Apache 2.2ޥ˥奢Ρǧڡǧ( http://httpd.apache.org/docs/2.2/ja/howto/auth.html )ʤɤǫ˽񤤤ƤΤǻȤ.
warning.png htdigest Ǥ桼ɲáפȤ "-c" ץ󤬤ʤȤդ.

ݡ

TLS/SSL ˤĤĴ٤. äˡǧڤ "쥪" ˤĤơΥƥꥹĴ٤.
ޤBasic ǧڤ Digest ǧڤΰ㤤Ĵ٤.

ޤweb ФˤޤĤ뤽¾Υƥꥹ(ȼ)ˤĤƤĴ٤.
ä httpd.conf "Allowoverride AuthConfig" ǤϤʤ "Allowoverride All" Ȥɤ줯餤Τ褯Ĵ٤.

ޤԤäȤˤĤ𤻤.
Ƽ

  1. °(ز)
  2. ֹ
  3. ǯ
  4. ̾
  5. οΥݡ(θȤˤĤƵŤ)

񤯤Τ˺ʤ褦.

about Icons

Some icons in this page are downloadable at ICONFINDER.
The "note" icon designed by Marco Martin is distributed with the LGPL licence
and the "warning" icon designed by Alexandre Moore with the GPL licence.


*1 http://www.apache.jp/old_info/misc/history.html ܸǤ줿 Apache β⤬
*2 ʬΥޥ˻˥󥹥ȡ뤷ƤߤʤФʤʤȤ¿ˤƤ⡤
*3 ǥ쥯ȥκޥɤ mkdir .
*4 Content-type θ˶ԤϤʤȤʤʤʤΤǤ̤˽񤯤٤.