RapidSSL 安全证书 renew 之后提示证书过期的解决方法

RapidSSL 的安全证书续费之后,还要在服务器操作一下,不然浏览器会提示安全证书过期无法正常显示。

解决方法很简单,针对apache的。

续约时,上传server.csr得到新的INTERMEDIATE.crt,加入server.crt

# cat INTERMEDIATE.crt >> server.crt

修改后重启apache

# apachectl configtest
# apachectl restart

OK啦!

SSL认证的一些问题

name.com上的RapidSSL单个域名版的只要$24.95,我感觉蛮便宜的,就卖了一个,很快就可以拿到key文件。安装方法具体去参考:http://lamp.linux.gov.cn/Apache/ApacheMenu/ssl/ssl_faq.html#aboutcerts,我们要学会看官方提供的帮助文档,很有用。下面跟大家分享下安装设置过程中的一些问题。

1、IE7会跳出对话框提醒”本页不但包含安全的内容,也包含不安全的内容。是否显示不安全的内容?”,FireFox则提示”您和此网站的连接未被加密。”。原因是该网站用分布技术,页面所有的静态文件(css、js、img)都是从另一个子域名的网站引用。也就是说https的网站里面不能引用http的内容,否则会提示部分加密。后来把所有http引用改为https就OK了,改正了之后IE7和FireFox都很明显的出现了加密的标志。

2、Apache+mod_ssl能绑几个SSL认证?一个服务器和一个IP地址,只能绑定一个SSL认证。虽然我用 NameVirtualHost *:443 <VirtualHost *:443></VirtualHost>加了多个进去,但是SSL证书只有第一个是有效的。除非有多个IP地址,但我没有,Apache帮助文档说明一个IP地址只能一个SSL认证,多端口的我没有测试,我想没有什么太多的意义。

3、除了多个IP,那么怎样才能绑多个SSL认证呢?google的结果是,apache+mod_gnutls。mod_gnutls我没有目前时间尝试,有需求的朋友可以试一试。

参考文档:http://wangblog.org/2009/04/apache2-2ssl.html

PHP 条形码 Image_Barcode

# cd /usr/ports/graphics/pear-Image_Barcode && make install clean

<?php
require_once('Image/Barcode.php');
Image_Barcode::draw('RR651943036CN', 'Code39', 'gif');
exit;
?>

安装 GeoIP

FreeBSD 7.0-RELEASE-i386 + PHP5 + Apache2.2

# cd /usr/ports/net/pecl-geoip && make install clean
# apachectl restart
# cd ~
# fetch http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz
# gunzip GeoIP.dat.gz
# mv GeoIP.dat /usr/local/share/GeoIP/GeoIP.dat
# fetch http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz
# mv GeoLiteCity.dat /usr/local/share/GeoIP/GeoIPCity.dat

<?php
echo geoip_database_info(GEOIP_COUNTRY_EDITION);

$country = geoip_record_by_name('wangblog.org');
if($country){
	echo "\nThis host is located in: \n";
	print_r($country);
}
?>

可以写个定时更新IP地址库的程序:

cd ~
/usr/bin/fetch http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz
/usr/bin/gunzip GeoIP.dat.gz
mv GeoIP.dat /usr/local/share/GeoIP/GeoIP.dat
/usr/bin/fetch http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
/usr/bin/gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat /usr/local/share/GeoIP/GeoIPCity.dat

以上保存为:update-ipdata-cron.sh

crontab -e
添加以下一行,每月5日0点10分运行:
10 0 5 * * /bin/csh /path/to/update-ipdata-cron.sh

Apache2.2自签名SSL认证

# mkdir -m 700 /usr/local/etc/apache22/ssl.crt
# mkdir -m 700 /usr/local/etc/apache22/ssl.csr
# mkdir -m 700 /usr/local/etc/apache22/ssl.key
# cd ~
# openssl req -new -x509 -nodes -out server.crt -keyout server.key

当要求输入主机名时,输入正确的域名。(Common Name put the hostname (fully qualified domain name) of your computer.)

# cp server.crt /usr/local/etc/apache22/ssl.crt/server.crt
# cp server.key /usr/local/etc/apache22/ssl.key/server.key
# chmod 400 /usr/local/etc/apache22/ssl.crt/server.crt
# chmod 400 /usr/local/etc/apache22/ssl.key/server.key

# ee /usr/local/etc/apache22/httpd.conf

把#Include etc/apache22/extra/httpd-ssl.conf前面的#去掉。

# ee /usr/local/etc/apache22/extra/httpd-ssl.conf

设置正确的SLCertificateFile,SSLCertificateKeyFile

# apachectl configtest
# apachectl restart

https://域名/

注意:自签名的SSL证书会有认证提示的,购买的就没有提示了!

参考:http://lamp.linux.gov.cn/Apache/ApacheMenu/ssl/ssl_faq.html#aboutcerts

安装cacti监控

FreeBSD 7.0-RELEASE-i386

# cd /usr/ports/net-mgmt/net-snmp && make install clean
# cd /usr/ports/net-mgmt/cacti && make install clean

ucd-snmp不选

# make pretty-print-run-depends-list

This port requires package(s) “mysql-client-5.0.67_1” to run.

# cd /usr/ports/databases/mysql50-server && make install clean
# echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf
# /usr/local/etc/rc.d/mysql-server start
# mysqladmin –user=root create cacti
# echo “GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY ‘cactiuser’; FLUSH PRIVILEGES;” | mysql
# mysql cacti < /usr/local/share/cacti/cacti.sql

# echo ‘rocommunity public’ >> /usr/local/share/snmp/snmpd.conf
# /usr/local/etc/rc.d/snmpd start
# netstat -na | grep “LISTEN”
# sockstat

//199 161 port

# snmpwalk -v 1 -c public 127.0.0.1 system

# ee /etc/rc.conf

snmpd_enable=”YES”
snmpd_flags=”-a”
snmpd_pidfile=”/var/run/snmpd.pid”
snmptrapd_enable=”YES”
snmptrapd_flags=”-a -p /var/run/snmptrapd.pid”

# ee /usr/local/share/cacti/include/config.php
# ee /usr/local/etc/apache22/Includes/cacti.conf

Alias /cacti “/usr/local/share/cacti/”

<Directory “/usr/local/share/cacti/”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# apachectl configtest
# apachectl restart

# cd /usr/ports/databases/phpmyadmin && make install clean
# cp /usr/local/www/phpMyAdmin/config.sample.inc.php /usr/local/www/phpMyAdmin/config.inc.php
# ee /usr/local/www/phpMyAdmin/config.inc.php

$cfg[‘blowfish_secret’] = ‘erw34’; //随便写什么

# ee /usr/local/etc/apache22/Includes/phpmyadmin.conf

Alias /phpmyadmin/ “/usr/local/www/phpMyAdmin/”

<Directory “/usr/local/www/phpMyAdmin/”>
Options none
AllowOverride Limit

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 .example.com
</Directory>

# apachectl configtest
# apachectl restart

http://localhost/cacti/
next >> 完成
登录名:admin
密码:admin
配置完成后。

# /usr/local/bin/php /usr/local/share/cacti/poller.php
# crontab -u cacti -e

*/5 * * * * /usr/local/bin/php /usr/local/share/cacti/poller.php > /dev/null 2>&1

# cat /usr/local/share/cacti/log/cacti.log

参考:
CACTI Version 0.8.7a for FreeBSD 6.2 release 配置全攻略

FreeBSD下用cacti抓取内存信息的方法

安装awstats的过程

# mkdir /etc/awstats
# mkdir /var/lib
# mkdir -m 777 /var/lib/awstats
# cp /usr/local/www/awstats/cgi-bin/awstats.model.conf /etc/awstats/awstats.www.mysite.com.conf
# ee /etc/awstats/awstats.www.mysite.com.conf

第51行:LogFile=”/var/log/apache/www.mysite.com/%YYYY-24%MM-24/httpd-access_%YYYY-24%MM-24%DD-24.log”
第152行:SiteDomain=”www.mysite.com”
第167行:HostAliases=”mysite.com www.mysite.com 127.0.0.1 localhost 192.168.0.74″
第202行:DirData=”/var/lib/awstats”
第238行:AllowToUpdateStatsFromBrowser=1
第449行:DefaultFile=”index.php index.htm index.html”
第1515行:Include “awstats.www.mysite.com.conf”

# ee /usr/local/etc/apache22/Includes/awstats.conf

#
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses “/usr/local/www/awstats/classes/”
Alias /awstatscss “/usr/local/www/awstats/css/”
Alias /awstatsicons “/usr/local/www/awstats/icons/”
ScriptAlias /awstats/ “/usr/local/www/awstats/cgi-bin/”

#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory “/usr/local/www/awstats/”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# apachectl configtest
# apachectl restart

# ee /usr/local/www/awstats/update-logs.sh

/usr/local/www/awstats/cgi-bin/awstats.pl -config=www.mysite.com -update

# chmod 755 /usr/local/www/awstats/update-logs.sh
# setenv EDITOR ee
# crontab -e

10 1 * * * /bin/csh /usr/local/www/awstats/update-logs.sh

不统计指定IP的访问量
SkipHosts=”x.x.x.x.”

参考:安装Apache2.2


免费在线记账服务,个人理财好帮手,小型企业财务管理工具。
http://www.keepaccounts.com/

安装Apache2.2

FreeBSD 7.0-RELEASE-i386

# cd /usr/ports/www/apache22 && make install clean
# cd /usr/ports/www/awstats && make install clean 安装awstats的过程
# cd /usr/ports/sysutils/cronolog && make install clean

# ee /usr/local/etc/apache22/httpd.conf

Line 143: Set Administrator’s email address
Line 152: Uncomment, set machine.name.com for the ServerName
Line 205: Options All,AllowOverride All (.htaccess)
Line 323: For cgi-bin, Options FollowSymLinks ExecCGI
配置cronolog:
Line236: ErrorLog “|/usr/local/sbin/cronolog /var/log/apache/www.mysite.com/%Y%m/httpd-error_%Y%m%d.log”
Line271: CustomLog “|/usr/local/sbin/cronolog /var/log/apache/www.mysite.com/%Y%m/httpd-access_%Y%m%d.log” combined
# mkdir -m 777 /var/log/apache
# mkdir -m 777 /var/log/apache/www.mysite.com

# echo ‘apache22_enable=”YES”‘ >> /etc/rc.conf
# echo ‘apache22ssl_enable=”YES”‘ >> /etc/rc.conf

# apachectl configtest
# apachectl start

安装过程错误解决:
先安装Xorg和KDE后再安装Apache22,可能会出现安装错误提示:

===> Installing for apache-2.2.9

===> apache-2.2.9 conflicts with installed package(s):
apr-db42-1.2.8_2

They install files into the same place.
Please remove them first with pkg_delete(1).
*** Error code 1

Stop in /usr/ports/www/apache22.
*** Error code 1

Stop in /usr/ports/www/apache22.

解决方法如下:

# cd /usr/ports/www/apache22
# make config
选择 APR_FROM_PORTS (第一个)
# make install clean

启动错误解决:
No such file or directory: Failed to enable the ‘httpready’ Accept Filter

# echo ‘accf_data_load=”YES”‘ >> /etc/rc.conf
# echo ‘accf_http_load=”YES”‘ >> /etc/rc.conf

mod_unique_id: unable to find IPv4 address of “#########” on Failed

关闭mod_unique_id.so

#LoadModule unique_id_module libexec/apache22/mod_unique_id.so

虚拟主机
# ee /usr/local/etc/apache22/extra/httpd-vhosts.conf

NameVirtualHost *:80

<virtualhost *:80>
ServerAdmin webmaster@mywebsite.org
DocumentRoot “/usr/local/www/apache22/data”
ServerName mywebsite.org
ErrorLog “|/usr/local/sbin/cronolog /var/log/apache/mywebsite.org/%Y%m/httpd-error_%Y%m%d.log”
CustomLog “|/usr/local/sbin/cronolog /var/log/apache/mywebsite.org/%Y%m/httpd-access_%Y%m%d.log” combined
Redirect 301 / http://www.mywebsite.com/
</virtualhost>

<virtualhost *:80>
ServerAdmin webmaster@mywebsite.com
DocumentRoot “/usr/local/www/apache22/data/mywebsite.com”
ServerName www.mywebsite.com
ServerAlias *.mywebsite.com
#ErrorLog “/var/log/dummy-host.example.com-error_log”
#CustomLog “/var/log/dummy-host.example.com-access_log” common
ErrorLog “|/usr/local/sbin/cronolog /var/log/apache/mywebsite.com/%Y%m/httpd-error_%Y%m%d.log”
CustomLog “|/usr/local/sbin/cronolog /var/log/apache/mywebsite.com/%Y%m/httpd-access_%Y%m%d.log” combined
</virtualhost>


免费在线记账服务,个人理财好帮手,小型企业财务管理工具。
http://www.keepaccounts.com/

安装PHP5

FreeBSD 7.0-RELEASE-i386

# cd /usr/ports/lang/php5 && make install clean

Options: CLI, APACHE, IPV6

# cd /usr/ports/devel/pear && make install clean
# cd /usr/ports/lang/php5-extensions && make install clean

Options:
  • bz2
  • calendar
  • curl
  • DBA
  • dom
  • FILTER
  • ftp
  • gd
  • gettext
  • HASH
  • iconv
  • imap
  • JSON
  • ldap
  • mbstring
  • mcrypt
  • mhash
  • mysql
  • mysqli
  • openssl
  • pcre
  • pdf
  • pdo
  • PDO_SQLITE
  • pgsql
  • posix
  • pspell
  • READLINE
  • session
  • simplexml
  • SNMP
  • soap
  • sockets
  • SPL
  • sqlite
  • tidy
  • tokenizer
  • wddx
  • XML
  • xmlreader
  • xmlrpc
  • xmlwriter
  • yaz
  • zip
  • zlib

(安装期间,如果Tidy出错,直接删除Tidy即可
# cd /usr/ports/www/tidy && make deinstall)

# cd /usr/ports/databases/php5-pdo_pgsql && make install clean
# cd /usr/ports/databases/php5-pdo_mysql && make install clean

# cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
# chmod 644 /usr/local/etc/php.ini
# ee /usr/local/etc/php.ini

修改528行 include_path = “.:/usr/local/share/pear”

# ee /usr/local/etc/apache22/httpd.conf

第363行加入:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
修改219行:
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>

# mkdir -m 755 /usr/local/www/apache22/data/test
# ee /usr/local/www/apache22/data/test/info.php

<?php
phpinfo();
?>

# cd /usr/ports/databases/memcached && make install clean
# cd /usr/ports/databases/pecl-memcache && make install clean
# echo ‘memcached_enable=”YES”‘ >> /etc/rc.conf

# apachectl restart


免费在线记账服务,个人理财好帮手,小型企业财务管理工具。
http://www.keepaccounts.com/