TOP ▲ itcore TOPTIPSapache.php

CentOS7 Apache,PHP,無料SSL,BASIC認証 インストール| itcore 2017年

CentOS7 Apache,PHP 無料SSL BASIC認証

CentOS7

CentOS7インストール

Apache,PHP

# yum -y install httpd php php-mbstring
# systemctl start httpd
# systemctl enable httpd.service

# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
表示の一部
services: ssh http

画面確認
http://[host or IP]

デフォルトの画面が表示されます。

# cd /var/www/html
# hostname > index.html
http://[host or IP]

ホスト名が表示されます。

PHP確認
# echo "<?php phpinfo(); ?>" > info.php
http://[host or IP]/info.php

PHPの情報が表示されます。

無料SSL(Let’s Encrypt)

DNSに登録 ※DNSに登録されていないと認証されない。
chat.itcore.jp

firewallの設定
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
  services: ssh http https

Let’s Encryptをgitからダウンロード
# mkdir /opt/ssl
# cd /opt/ssl
# yum -y install git
# git clone https://github.com/certbot/certbot

依存パッケージ更新
# cd certbot
# ./certbot-auto
...
Is this ok [y/d/N]: y
...
完了しました!

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 通知を受けるメールアドレス xxx@itcore.jp

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): chat.itcore.jp
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for chat.itcore.jp

We were unable to find a vhost with a ServerName or Address of chat.itcore.jp.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf | | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Deploying Certificate for chat.itcore.jp to VirtualHost /etc/httpd/conf.d/ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Created redirect file: le-redirect-chat.itcore.jp.conf
Rollback checkpoint is empty (no changes made?)

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://chat.itcore.jp

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=chat.itcore.jp
--------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/chat.itcore.jp/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/chat.itcore.jp/privkey.pem
   Your cert will expire on 2018-01-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

確認
https://www.ssllabs.com/ssltest/analyze.html?d=chat.itcore.jp


https://chat.itcore.jp/


http://chat.itcore.jp/
httpsへリダイレクトされる。

証明書の期限は3ヶ月なので、cronで毎月自動更新する。
# crontab -e
0 1 1 * * (/opt/ssl/certbot/certbot-auto renew --force-renew && systemctl reload httpd) > /tmp/certbot-update.log 2>&1

BASIC認証

# cd /etc/httpd/conf
# cp -ip httpd.conf httpd.conf_`date "+%Y%m%d"`
# vi httpd.conf
:103
    #AllowOverride none
    AllowOverride All
:152
    #AllowOverride None
    AllowOverride All
:258
    #AllowOverride None
    AllowOverride None
:wq
# systemctl restart httpd

# cd /var/www/html
# htpasswd -c .htpasswd admin
パスワード入力

# vi .htaccess
AuthType basic
AuthName "Auth"
AuthUserFile /var/www/html/.htpasswd
Require valid-user

http://[host or IP]