CentOS7 Apache,PHP,無料SSL,BASIC認証インストール| itcore 2017年

TOP ▲ itcore TOP ＞ TIPS ＞ apache.php 　タグ:centos7 apache php 無料ssl basic認証

CentOS7 Apache,PHP,無料SSL,BASIC認証インストール| itcore 2017年

CentOS7

Apache,PHP

# cd
# vi httpd_install.sh
yum -y install httpd open_ssl mod_ssl
systemctl start httpd
systemctl enable httpd.service
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
firewall-cmd --list-all

# sh -x httpd_install.sh |& tee httpd_install.log

ログローテーション設定

■PHP5
yum -y install php php-mbstring
systemctl restart httpd
■PHP7.3
yum -y install epel-release
yum update
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum update
yum -y install --enablerepo=epel,remi,remi-php73 php php-devel php-mbstring php-pdo php-gd php-xml php-mcrypt
systemctl restart httpd

画面確認
http://[host or IP]

デフォルトの画面が表示されます。

# hostname > /var/www/html/index.html
http://[host or IP]

ホスト名が表示されます。

PHP確認
# echo "<?php phpinfo(); ?>" > /var/www/html/info.php
http://[host or IP]/info.php

PHPの情報が表示されます。

無料SSL（Let’s Encrypt）

DNSに登録　※DNSに登録されていないと認証されない。
chat.itcore.jp

firewallの設定
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload
# firewall-cmd --list-all | grep services
services: ssh http https

Let’s Encryptをgitからダウンロード
# cd
# vi lencrypt_install.sh
yum -y install git
mkdir -p /opt/ssl
cd /opt/ssl
git clone https://github.com/certbot/certbot
# sh -x lencrypt_install.sh |& tee lencrypt_install.log

SSLの設定（事前に対象サーバのhttpバーチャルホストを作っておく）
# /opt/ssl/certbot/certbot-auto
...
Is this ok [y/d/N]: y
...
完了しました!

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 通知を受けるメールアドレス xxx@itcore.jp

(A)gree/(C)ancel: A

(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.itcore.jp
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
※改行ですべて選択

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):1
※httpsへのリダイレクトは自分で設定する。

Congratulations! You have successfully enabled https://www.itcore.jp
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.itcore.jp

証明書の期限は３ヶ月なので、cronで毎月自動更新する。
# crontab -e
0 1 1 * * (/opt/ssl/certbot/certbot-auto renew --force-renew && systemctl reload httpd) > /tmp/certbot-update.log 2>&1

BASIC認証

[VirtualHost]
AllowOverride All
# systemctl restart httpd

# htpasswd -c /var/www/erp2.itcore.jp/.htpasswd user
パスワード入力

[.htaccess]
AuthType basic
AuthName "Auth"
AuthUserFile /var/www/erp2.itcore.jp/.htpasswd
Require valid-user

http://[host or IP]