Apache: Difference between revisions
m (→Using modules: m) |
(→Gzip compression: certificates added) |
||
Line 70: | Line 70: | ||
AddOutputFilterByType DEFLATE application/x-javascript |
AddOutputFilterByType DEFLATE application/x-javascript |
||
Other modules Supporting php and wordpress |
|||
sudo apt-get install libapache2-mod-fcgid |
sudo apt-get install libapache2-mod-fcgid |
||
sudo apt-get install php5-cgi |
sudo apt-get install php5-cgi |
||
Afterwards activate the corresponding modules |
Afterwards activate the corresponding modules: |
||
sudo a2enmod fastcgi |
sudo a2enmod fastcgi |
||
Line 83: | Line 83: | ||
⚫ | |||
= Certificates = |
|||
Source: [https://www.sslshopper.com/article-most-common-openssl-commands.html sslshopper.com] |
|||
== General OpenSSL Commands == |
|||
* Generate a new private key and Certificate Signing Request |
|||
⚫ | |||
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key |
|||
* Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info) |
|||
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt |
|||
* Generate a certificate signing request (CSR) for an existing private key |
|||
openssl req -out CSR.csr -key privateKey.key -new |
|||
* Generate a certificate signing request based on an existing certificate |
|||
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key |
|||
* Remove a passphrase from a private key |
|||
openssl rsa -in privateKey.pem -out newPrivateKey.pem |
|||
== Checking Using OpenSSL == |
|||
* Check a Certificate Signing Request (CSR) |
|||
openssl req -text -noout -verify -in CSR.csr |
|||
* Check a private key |
|||
openssl rsa -in privateKey.key -check |
|||
* Check a certificate |
|||
openssl x509 -in certificate.crt -text -noout |
|||
* Check a PKCS#12 file (.pfx or .p12) |
|||
openssl pkcs12 -info -in keyStore.p12 |
|||
== Debugging Using OpenSSL == |
|||
* Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key |
|||
openssl x509 -noout -modulus -in certificate.crt | openssl md5 |
|||
openssl rsa -noout -modulus -in privateKey.key | openssl md5 |
|||
openssl req -noout -modulus -in CSR.csr | openssl md5 |
|||
* Check an SSL connection. All the certificates (including Intermediates) should be displayed |
|||
openssl s_client -connect www.paypal.com:443 |
|||
== Converting Using OpenSSL== |
|||
* Convert a DER file (.crt .cer .der) to PEM |
|||
openssl x509 -inform der -in certificate.cer -out certificate.pem |
|||
* Convert a PEM file to DER |
|||
openssl x509 -outform der -in certificate.pem -out certificate.der |
|||
* Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM |
|||
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes |
|||
You can add -nocerts to only output the private key or add -nokeys to only output the certificates. |
|||
* Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12) |
|||
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt |
|||
Revision as of 18:37, 4 July 2017
Intro
Source: vogella.com
Basics
- List the available modules of the Apache HTTP server
apache2 -l
- Main configuration file for the Apache Http server
/etc/apache2/apache2.conf
- The error log of Apache is located in the
/var/log/apache2/error.log grep MaxClients /var/log/apache2/error.log
Multi-Processing-Module
Apache HTTP can run in different modes. MPM modes determine how the web requests of users are answered.
- The selected mode is compiled into the server and can be checked with:
sudo apachectl -V | grep -i mpm
- Configuration for the event mpm is stored in below file:
Configure only the module which your server is using.
/etc/apache2/mods-available/mpm_event.conf
htaccess
One major application of this file is to redirect an URL to other URL’s.
- The following .htacess file reroutes http://vogella.com to http://www.vogella.com.
- It also redirect access to a certain webpage (/articles/SpringFramework/article.html) to another webpage via a 301 redirect.
- The 301 redirect will tell search engines that this side has moved and is the recommended way to move webpages.
RewriteEngine on RewriteCond %{HTTP_HOST} !^www\.vogella\.de$ RewriteRule ^(.*)$ http://www.vogella.com/$1 [L,R=301] redirect 301 /articles/SpringFramework/article.html http://www.vogella.com/tutorials/SpringDependencyInjection/article.html
Using modules
Apache Http supports the usage of modules. To enable modules use the a2enmod command
a2enmod rewrite
Gzip compression
To optimize the download time of your webpages you can turn on gzip compression. This requires the Apache module "mod_deflate":
a2enmod deflate /etc/init.d/apache2 restart
The compression can be activated in the default configuration file for this module located in /etc/apache2/mods-available/deflate.conf or via the ".htaccess" file.
# compress all text & html: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript
Other modules Supporting php and wordpress
sudo apt-get install libapache2-mod-fcgid sudo apt-get install php5-cgi
Afterwards activate the corresponding modules:
sudo a2enmod fastcgi sudo a2enmod proxy # required for wordpress blog sudo a2enmod rewrite
This section is under construction. |
Certificates
Source: sslshopper.com
General OpenSSL Commands
- Generate a new private key and Certificate Signing Request
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
- Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
- Generate a certificate signing request (CSR) for an existing private key
openssl req -out CSR.csr -key privateKey.key -new
- Generate a certificate signing request based on an existing certificate
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
- Remove a passphrase from a private key
openssl rsa -in privateKey.pem -out newPrivateKey.pem
Checking Using OpenSSL
- Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in CSR.csr
- Check a private key
openssl rsa -in privateKey.key -check
- Check a certificate
openssl x509 -in certificate.crt -text -noout
- Check a PKCS#12 file (.pfx or .p12)
openssl pkcs12 -info -in keyStore.p12
Debugging Using OpenSSL
- Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
- Check an SSL connection. All the certificates (including Intermediates) should be displayed
openssl s_client -connect www.paypal.com:443
Converting Using OpenSSL
- Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
- Convert a PEM file to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
- Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
- Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
- References
{{#widget:DISQUS
|id=networkm
|uniqid=Apache
|url=https://aman.awiki.org/wiki/Apache
}}