Apache-1.x + SSL + PHP + MySQL + ZendOptimizer 설치 1. Source 파일 다운로드 Apache-2.x 와 달리 apache-1.x 에서 SSL 을 사용하기 위해서는 modssl.org 에서 제공되는 mod_ssl 을 이용하여야 한다. 설치하려는 Apache 버전에 맞는 mod_ssl.APACHE.Version 을 다운로드한다. [root@localhost src]# ls -al 합계 64 drwxrwxr-x 7 root root 32768 1월 5 13:04 . drwxr-xr-x 27 root root 4096 12월 28 18:10 .. drwxr-xr-x 4 root root 4096 1월 17 drwxr-xr-x 8 501 20 drwxr-xr-x 10 root root drwxrwxrwx 33 root root drwxr-xr-x 14 root root 4096 1월 11 4096 1월 4096 2008 ZendOptimizer-3.3.3-linux-glibc23-i386 2008 apache_1.3.41 5 13:04 mod_ssl-2.8.31-1.3.41 6월 4096 2월 26 4 2010 mysql-5.1.48 2009 php-5.2.9 2. MySQL 설치 MySQL Source 디렉토리로 이동해서 configure, make, make install 실행 [root@localhost src]# cd mysql-5.1.48/ [root@localhost mysql-5.1.48]# ./configure --prefix=/usr/local/mysql --with-charset=euckr -with-extra-charsets=all [root@localhost mysql-5.1.48]# make && make install [root@localhost mysql-5.1.48]# cd /usr/local/mysql [root@localhost mysql]# ./bin/mysql_install [root@localhost mysql]# chown –R mysql.mysql var [root@localhost mysql]# /usr/local/mysql/share/mysql.server start 3. Apache 설치 Apache Source 디렉토리로 이동 후 configure, make, make install 실행. mod_ssl 을 이용하기 위해서는 다운로드 받은 mod_ssl 을 include 하여야 한다. [root@localhost src]# cd mod_ssl-2.8.31-1.3.41/ [root@localhost mod_ssl-2.8.31-1.3.41]# ./configure --with-apache=../apache_1.3.41/ Configuring mod_ssl/2.8.31 for Apache/1.3.41 + Apache location: ../apache_1.3.41/ (Version 1.3.41) + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied. Now proceed with the following commands (Bourne-Shell syntax): $ cd ../apache_1.3.41/ $ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl $ make $ make certificate $ make install [root@localhost mod_ssl-2.8.31-1.3.41]# SSL_BASE=/usr [root@localhost mod_ssl-2.8.31-1.3.41]# cd ../apache_1.3.41/ [root@localhost apache_1.3.41]# ./configure --prefix=/usr/local/apache --enable-module=so --enable-shared=max --enable-module=rewrite --enable-module=ssl [root@localhost apache_1.3.41]# make [root@localhost apache_1.3.41]# make certificate <- 에서는 엔터키만 입력한다. make[1]: Entering directory `/usr/local/src/apache_1.3.41/src' SSL Certificate Generation Utility (mkcert.sh) Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. Generating test certificate signed by Snake Oil CA [TEST] WARNING: Do not use this for real-life/production systems ______________________________________________________________________ STEP 0: Decide the signature algorithm used for certificate The generated X.509 CA certificate can contain either RSA or DSA based ingredients. Select the one you want to use. Signature Algorithm ((R)SA or (D)SA) [R]:R ______________________________________________________________________ STEP 1: Generating RSA private key (1024 bit) [server.key] 10281219 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ...............++++++ .....................++++++ e is 65537 (0x10001) ______________________________________________________________________ STEP 2: Generating X.509 certificate signing request [server.csr] You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----1. Country Name (2 letter code) [XY]: 2. State or Province Name (full name) 3. Locality Name (eg, city) 4. Organization Name [Snake Desert]: [Snake Town]: (eg, company) 5. Organizational Unit Name (eg, section) 6. Common Name 7. Email Address 8. Certificate Validity [Snake Oil, Ltd]: [Webserver Team]: (eg, FQDN) [www.snakeoil.dom]: (eg, name@FQDN) [www@snakeoil.dom]: (days) [365]: ______________________________________________________________________ STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt] Certificate Version (1 or 3) [3]: Signature ok subject=/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Webserver Team/CN=www.snakeoil.dom/emailAddress=www@snakeoil.dom Getting CA Private Key Verify: matching certificate & key modulus Verify: matching certificate signature ../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca@snakeoil.dom error 10 at 1 depth lookup:certificate has expired OK ______________________________________________________________________ Oil, STEP 4: Enrypting RSA private key with a pass phrase for security [server.key] The contents of the server.key file (the generated private key) has to be kept secret. So we strongly recommend you to encrypt the server.key file with a Triple-DES cipher and a Pass Phrase. Encrypt the private key now? [Y/n]: n Warning, you're using an unencrypted RSA private key. Please notice this fact and do this on your own risk. ______________________________________________________________________ RESULT: Server Certification Files o conf/ssl.key/server.key The PEM-encoded RSA private key file which you configure with the 'SSLCertificateKeyFile' directive (automatically done when you install via APACI). KEEP THIS FILE PRIVATE! o conf/ssl.crt/server.crt The PEM-encoded X.509 certificate file which you configure with the 'SSLCertificateFile' directive (automatically done when you install via APACI). o conf/ssl.csr/server.csr The PEM-encoded X.509 certificate signing request file which you can send to an official Certificate Authority (CA) in order to request a real server certificate (signed by this CA instead of our demonstration-only Snake Oil CA) which later can replace the conf/ssl.crt/server.crt file. WARNING: Do not use this for real-life/production systems make[1]: Leaving directory `/usr/local/src/apache_1.3.41/src' 4. PHP 설치 PHP source 디렉토리로 이동 후 configure, make, make install 실행 [root@localhost php-5.2.9]# ./configure --prefix=/usr/local/php --with- mysql=/usr/local/mysql --with-apxs=/usr/local/apache/bin/apxs --enable-sysvshm=yes -- enable-sysvsem=yes --enable-debug=no --enable-track-vars=yes --enable-url-fopen- wrapper=yes --with-ttf --with-png-dir=/usr --with-zlib-dir --with-jpeg-dir=/usr --withgdbm=/usr --enable-ftp --with-tiff-dir=/usr --enable-memory-limit --enable-mbstring -with-expat-dir=/usr --enable-sockets --enable-wddx --with-freetype-dir=/usr --enable- bcmath --enable-mbstr-enc-trans --enable-mbregex --enable-exif --with-gd --enable-gdnative-ttf --enable-gd-imgstrttf --enable-calendar --with-openssl=/usr [root@localhost php-5.2.9]# make && make install [root@localhost php-5.2.9]# cp php.ini-dist /usr/local/php/lib/php.ini Apache 에서 PHP 를 인식하도록 httpd.conf 수정 [root@localhost php-5.2.9]# vi /usr/local/apache/conf/httpd.conf <IfModule dir_module> DirectoryIndex index.html index.htm index.php index.php3 index.cgi index.phtml </IfModule> AddType application/x-httpd-php .html .htm .phpp .php3 .php4 .phtml .conf .config .inc .con .cnf AddType application/x-httpd-php-source .phps Apache 데몬 구동 [root@localhost php-5.2.9]# /usr/local/apache2/bin/apachectl start 5. ZendOptimizer 설치 ZendOptimizer Source 디렉토리로 이동 후 install.sh 파일을 실행 후 ZendOptimizer, Apache, php.ini 파일의 경로를 입력하고 나머지는 디폴트로 설정 [root@localhost src]# cd ZendOptimizer-3.3.3-linux-glibc23-i386/ [root@localhost ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh 6. SSL 설정 ssl key 생성 (hostway.co.kr 대싞 사용할 도메인을 입력한다.) [root@localhost src]# cd /usr/local/apache/conf [root@localhost conf]# openssl genrsa 2048 > hostway.co.kr.key [root@localhost conf]# openssl req -new -key hostway.co.kr.key > hostway.co.kr.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [GB]:KR <- 국가 코드 KR 입력 State or Province Name (full name) [Berkshire]:Seoul <- 지역 Locality Name (eg, city) [Newbury]:Seoul <- 지역 Organization Name (eg, company) [My Company Ltd]:HOSTWAY Organizational Unit Name (eg, section) []:System Div. <-영문 상호명 <- 영문 부서명 Common Name (eg, your name or your server's hostname) []:www.hostway.co.kr <- 공백 이 허용되지 않으며, SSL 을 적용할 정확한 도메인명(FQDN) 으로 입력 Email Address []:system@hostway.co.kr Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <- 패스워드 입력 없이 엔터키 입력 An optional company name []: <- 패스워드 입력 없이 엔터키 입력 생성한 CSR 코드를 호스트웨이 http://hostway.co.kr/server/order/option_order_ssl.html “CSR 코드입력” 란에 입력 후 싞청한다. 호스트웨이 영업팀을 통해서 발급받으싞 인증서 파일을 압축 해제 후 /usr/local/apache2/conf 폴더로 복사한다. 호스트웨이 영업팀을 통해서 발급받은 인증서 파일을 /usr/local/apache2/conf/extra/httpdssl.conf 파일에 기본 샘플 내역을 참고하여 작성한다. 설정해야 할 중요 지시자는 아래와 같 다. [root@localhost conf]# vi /usr/local/apache/conf/httpd.conf NameVirtualHost *:443 <VirtualHost *:443> DocumentRoot /home/hostway/ ServerName www.hostway.co.kr SSLCertificateKeyFile /usr/local/apache2/conf/hostway.co.kr.key SSLCertificateFile /usr/local/apache2/conf/hostway.co.kr.crt SSLCACertificateFile /usr/local/apache2/conf/hostway.co.kr.ca-bundle </VirtualHost> 7. Apache 구동 후 포트 확인 및 인증서 내역 확인 [root@localhost conf]# /usr/local/apache/bin/apachectl stop [root@localhost conf]# /usr/local/apache/bin/apachectl startssl [root@localhost conf]# netstat -atnp | grep :443 tcp 23297/httpd 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
© Copyright 2024