Homework 5a: Installing Webservers Apache (or Lighttpd) MySQL PHP CGI and Dynamic Pages.

Slides:



Advertisements
Similar presentations
DIR-636L Support 10/100/1000Mbps 1WAN and 4LAN N 300Mbps Wireless Easy wizard setup Support mydlink cloud service mydlink apps (iOS/android) Support.
Advertisements

1 SIP Call Flow Speaker: Hz-Ping Huang; Huan-Yao Kang Date:
Apache ssl Objectives Contents Practical Summary Setup Apache + ssl
:Word Morphing ★★☆☆☆ 題組: Problem Set Archive with Online Judge 題號: 10508:word morphing 解題者:楊家豪 解題日期: 2006 年 5 月 21 日 題意: 第一行給你兩個正整數, 第一個代表下面會出現幾個字串,
3Com Switch 4500 切VLAN教學.
BY OX. 檢視表與資料表的差異性 查詢 (query) 檢視表 (View) 的紀錄,是經由查詢 (query) 而來,而檢 視表的資料來源可以是單一資料表或是多資料表,甚 至其他檢視表 但檢視表中的紀錄只存在資料表中.
Mobile IP Lab TA: 洪敏書
What is static?. Static? 靜態 ? class Test { static int staticX; int instanceX; public Test(int var1, int var2) { this.staticX = var1; this.instanceX =
SIP Mobiity TA: 洪敏書
1 Secure Context-sensitive Authorization 2005 Author : Kazuhiro Minami, David Kotz Presented by Shih Yu Chen.
:New Land ★★★★☆ 題組: Problem Set Archive with Online Judge 題號: 11871: New Land 解題者:施博修 解題日期: 2011 年 6 月 8 日 題意:國王有一個懶兒子,為了勞動兒子,他想了一個 辦法,令他在某天早上開始走路,直到太陽下山前,靠.
: OPENING DOORS ? 題組: Problem Set Archive with Online Judge 題號: 10606: OPENING DOORS 解題者:侯沛彣 解題日期: 2006 年 6 月 11 日 題意: - 某間學校有 N 個學生,每個學生都有自己的衣物櫃.
各種線上電子資源的特異功能 STICnet 的 SDI 專題訂閱服務 2003/4/28 修改. 無論校內外皆可使用。連線至
金鑰管理及認證中心 (Key Management and Certification Authority)
奶酪專賣店系統 組員: B 林家榕 B 莊舜婷.
Introduction to Java Programming Lecture 17 Abstract Classes & Interfaces.
第 5 章 深入 Response 物件 製作. 網頁的轉向與強制輸出 - 讓網頁轉彎的 Redirect 敘述 運用 Response 物件的 Redirect 方法,將瀏覽器顯 示的網頁,導向至其他網頁,語法如下: Response.Redirect 網頁路徑與名稱 此網頁路徑與名稱  若是導向到同一台.
最新計算機概論 第 5 章 系統程式. 5-1 系統程式的類型 作業系統 (OS) : 介於電腦硬體與 應用軟體之間的 程式,除了提供 執行應用軟體的 環境,還負責分 配系統資源。
: Fast and Easy Data Compressor ★★☆☆☆ 題組: Problem Set Archive with Online Judge 題號: 10043: Fast and Easy Data Compressor 解題者:葉貫中 解題日期: 2007 年 3.
1 MySQL 資料庫的使用 網頁資料庫的基礎 網頁資料庫的基礎 下載與安裝 MySQL 下載與安裝 MySQL 啟動 MySQL 伺服器 啟動 MySQL 伺服器 Web 介面的 MySQL 管理程式 Web 介面的 MySQL 管理程式 MySQL 建立資料庫 MySQL 建立資料庫 在 MySQL.
各種線上電子資源的特異功能 SwetsWise 的 alert, TOC alert 與 Favorites 2003/4/28 修改.
: Multisets and Sequences ★★★★☆ 題組: Problem Set Archive with Online Judge 題號: 11023: Multisets and Sequences 解題者:葉貫中 解題日期: 2007 年 4 月 24 日 題意:在這個題目中,我們要定義.
公開金鑰基礎建設 Public Key Infrastructure (PKI) 資管 4B B 陳冠伯.
:Nuts for nuts..Nuts for nuts.. ★★★★☆ 題組: Problem Set Archive with Online Judge 題號: 10944:Nuts for nuts.. 解題者:楊家豪 解題日期: 2006 年 2 月 題意: 給定兩個正整數 x,y.
校外使用圖書館購置之資料庫 龍華大學圖書館. 讀者遠端認證 (RPA) 設定說明  透過圖書館架設完成的 RPA (Remote Patron Authentication) 讀者遠端認證代理主 機系統,讀者於校外或院外 可直接連線使 用本館所提供的資料庫。  若非使用本館電子資料,請勿設定此代理.
從此處輸入帳號密碼登入到管理頁面. 點選進到檔案管理 點選「上傳檔案」上傳資料 點選瀏覽選擇電腦裡的檔案 可選擇公開或不公開 為平台上的資料夾 此處為檔案分類,可顯示在展示頁面上,若要參加 MY EG 競賽,做品一律上傳到 “ 98 MY EG Contest ” 點選此處確定上傳檔案.
6-2 認識元件庫與內建元件庫 Flash 的元件庫分兩種, 一種是每個動畫專 屬的元件庫 (Library) ;另一種則是內建元 件庫 (Common Libraries), 兩者皆可透過 『視窗』功能表來開啟, 以下即為您說明。
Management Abstracts Retrieval System; MARS 檢索操作.
2010 MCML introduction 製作日期: 2010/9/10 製作人 : 胡名霞.
845: Gas Station Numbers ★★★ 題組: Problem Set Archive with Online Judge 題號: 845: Gas Station Numbers. 解題者:張維珊 解題日期: 2006 年 2 月 題意: 將輸入的數字,經過重新排列組合或旋轉數字,得到比原先的數字大,
Linguistics phonetic symbols. 先下載 IPA 字型檔案,執行安裝。 由於這個程式的字型目錄設定錯誤, 所以等重新開機時就會發現字型消失。 所以必須根據以下步驟來讓 Windows 加入 IPA 字型。
Chapter 10 m-way 搜尋樹與B-Tree
網路介紹及其運用 講師陳炯勳. 5-2 IP 協定 ( 一 ) IP 協定運作 (1) – 網路成員:主機 (Host) 與路由器 (Router) – 路由表 – 電報傳輸運作.
概念性產品企劃書 呂學儒 李政翰.
Restaurant Order &Register System 成員 張昱瑄 B 蔡季螢 B 張琬婷 B 潘寶蓉 B
Enhancements to the Linux Kernel for Blocking Buffer Overflow Based Attacks Massimo Bernaschi Emanuele Gabrielli Luigi V. Mancini.
: Finding Paths in Grid ★★★★☆ 題組: Contest Archive with Online Judge 題號: 11486: Finding Paths in Grid 解題者:李重儀 解題日期: 2008 年 10 月 14 日 題意:給一個 7 個 column.
著作權所有 © 旗標出版股份有限公司 第 14 章 製作信封、標籤. 本章提要 製作單一信封 製作單一郵寄標籤.
幼兒行為觀察與記錄 第八章 事件取樣法.
遠端北風資料庫 公佈時間: 2006/4/26 繳交截止時間: 2006/5/10. 作業目的 實作遠端資料庫瀏覽程式.
APACHE SERVER By Innovationframes.com »
Appendix: Installing AMP (Apache + MySQL + PHP). Training Course, CS, NCTU 2 AMP  AMP A – Apache Web Server M – MySQL Database Server P – PHP Language.
Tuning Apache/MySQL/PHP. Outline Simple Tuning Apache/MySQL/PHP 冗 in PHP code 贅 in SQL command 肥 in data set External Tuning Apache/MySQL/PHP Q&A.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.
安裝 Android 開發環境 建國科技大學 資管系 饒瑞佶 2013/2 V1. 需要 JDK ( Java Runtime 1.5 above) Eclipse IDE Android SDK ADT.
Web Services CSCI N321 – System and Network Administration Copyright © 2007,2008 by Scott Orr and the Trustees of Indiana University.
FAMP FreeBSD/Apache/MySQL/PHP. Computer Center, CS, NCTU 2 Outline  Introduction Apache MySQL PHP  Installation and Administration MySQL Apache PHP.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.
1 Secure and Serverless RFID Authentication and Search Protocols Authors: Chiu C. Tan, Bo Sheng, and Qun Li Sources: IEEE Transaction on Wireless Communication,
Subversion Tutorial Presenter: Ya-Lin Huang. Introduction 版本控制系統是什麼? 管理對資訊所做人為變動 程式設計師的工具之一 為何要使用版本控制系統? 促成有效率的團隊合作 使變動歷程能被追溯 2.
Web Server/Services Web Server/Services pyhsu. Computer Center, CS, NCTU 2 FAMP(FreeBSD+Apache+MySQL+PHP)  Apache 2.2 (40%) /usr/ports/www/apache22 apache22_enable="YES"
 Introductions › Apache › MySQL › PHP  Installation › Apache + MySQL + PHP  Administration › Apache › MySQL  Appendix › lighttpd.
Cosc 4750 Configuring httpd, Mysql, And Samba. defaults By default httpd demean will startup and work User directories are turned off Default directory.
Trusted Video Management Lenel Onguard on Crystal.
 Apache 2.2 › /usr/ports/www/apache22 › apache22_enable="YES" (/etc/rc.conf) › /usr/local/etc/rc.d/apache22 start  MySQL 5.0 › /usr/ports/databases/mysql50-server.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Cryptosystems  Cryptosystems Symmetric Asymmetric (public-key)  RSA Public key: n=3233, e=17.
Cryptography-Security Ch17-1 Chapter 17 – Web Security 17.1 Web Security Considerations 17.2 Secure Sockets Layer and Transport Layer Security.
XAMPP設定 - Apache.
Public-key Infrastructure. Computer Center, CS, NCTU 2 Public-key Infrastructure  A set of hardware, software, people, policies, and procedures.  To.
Internet Technology Laboratory Department of Computer and Communication Kun Shan University  官方網站:
Openwebmail. 安裝 openwebmail 必要套件 yum -y install gcc perl-Text-Iconv perl-CGI perl- YAML perl-CPAN perl-suidperl httpd service httpd start chkconfig httpd.
Web Server/Services Web Server/Services huanghs. Computer Center, CS, NCTU 2 FAMP(FreeBSD+Apache+MySQL+PHP)  Apache 2.2 (35%) /usr/ports/www/apache22.
Public-key Infrastructure
Web Hosting yicyuan.
Unix System Administration
Public-key Infrastructure
Public-key Infrastructure
Public-key Infrastructure
Presentation transcript:

Homework 5a: Installing Webservers Apache (or Lighttpd) MySQL PHP CGI and Dynamic Pages

Computer Center, CS, NCTU 2 Outline  Introductions Apache MySQL PHP Certificate Authentication  Installation Apache + MySQL + PHP  Administration Apache MySQL  Appendix Installing lighttpd CA

Computer Center, CS, NCTU 3 Apache  Official:  Web httpd server that HTTP/1.1 compliant web server Modular design Can be customised by writing modules using Apache module API Freely available cross many platforms  Two main parts core  Implement basic functions Modules  Extend or override the functionality of the server  Example: –Access control, logging, CGI, proxy, cache control, PHP …

Computer Center, CS, NCTU 4 How Apache Works – request and response

Computer Center, CS, NCTU 5 How Apache Works – Each request-response  Apache breaks client request into several steps which are implemented as modules

Computer Center, CS, NCTU 6 ApacheDetailApacheDetailApacheDetailApacheDetail

7 Apache with mod_ssl

Computer Center, CS, NCTU 8 MySQL (1)  Official Site:  SQL (Structured Query Language) The most popular computer language used to create, modify, retrieve and manipulate data from relational database management systems. Introduction to SQL:  A multithreaded, multi-user, SQL Database Management System.  MySQL is owned and sponsored by a Swedish company MySQL AB.

Computer Center, CS, NCTU 9 MySQL (2)  Characteristics: Writing in C/C++, tested by many compilers, portable to many systems. Providing APIs for C/C++, Java, Perl, PHP, Python, Ruby, Tcl, …etc. Supporting AIX, FreeBSD, HP-UX, Linux, Mac OS, Solaris, Windows, …etc. Multi-threaded kernel, supporting systems with multiple CPUs. Optimized algorithm for SQL Query. Multi-Language (coding) Supports. Lots of connecting method: TCP/IP, ODBC, JDBC, Unix domain socket. Free Software Popular for web applications

Computer Center, CS, NCTU 10 PHP  PHP: Hypertext Preprocessor A widely-used Open Source general-purpose scripting language. Originally designed to create dynamic web pages, PHP's principal focus is server-side scripting. PHP scripts can be embedded into HTML. The LAMP architecture has become popular in the Web industry as a way of deploying inexpensive, reliable, scalable, secure web applications.  PHP is commonly used as the P in this bundle alongside Linux, Apache and MySQL.  FAMP replaces Linux with FreeBSD, WAMP replaces Linux with Windows.

Computer Center, CS, NCTU 11 Certificate Authority (1)  Certificate 憑證的原文是 Certificate ,是附上所有人 (owner) 的資料(公司名稱、 伺服器名稱、個人真實姓名、連絡 、通訊地址等資料),後面 加上數位簽名的 Public Key 。憑證上會附有幾個數位簽名,代表這些 簽名的人,確認過這個 Public Key 的所有人,和憑證上所載的資料相 符,沒有假造。 在 X.509 中,最下層每一個合格的憑證 (Certificate) 上,會有一個認證 中心 (CA) 的簽名,表示這個認證中心 (CA) 檢查過,確認憑證上的所 有者資料無誤。當程式碰到沒見過的憑證時,只要檢查憑證上認證中 心 (CA) 的簽名無誤,即代表這個認證中心 (CA) 查核過這個憑證 (Certificate) ,憑證上的資料無誤。

Computer Center, CS, NCTU 12 Certificate Authority (2)  Certificate Authority 認證中心的原文是 CA ,是 Certificate Authority 的縮寫,在微軟繁體中 文 WINDOWS 上翻譯成憑證授權。認證中心是 X.509 的一環。認證中 心也是一種憑證,上面附有認證中心本身的資料,但不是用來加解密, 而是用來簽發憑證,證明憑證所有人和憑證上所載的資料無誤。 每一個合格的認證中心 (CA) 上,會有一個管轄它的最高層認證中心 (Root CA) 的簽名,表示最高層認證中心授權給它,可以簽發別人的憑 證。當程式碰到沒見過的憑證,憑證上簽名的認證中心 (CA) 也沒見過 時,只要檢查認證中心上附的最高層認證中心 (Root CA) 的簽名無誤, 即代表這個最高層認證中心 (Root CA) ,認為這個認證中心 (CA) 的憑 證簽發過程很仔細,檢查資料很詳實,所以授權給它,准許它可以簽 發憑證 (Certificate) 。所以這個認證中心 (CA) 簽發的憑證 (Certificate) , 憑證上的資料也沒有問題。 Reference:

Installation

Computer Center, CS, NCTU 14 In this exercise …  What to install We want to install Apache + PHP + MySQL + mod_ssl  Install sequence Install MySQL Install openssl and apache Install PHP Test PHP in apache

Computer Center, CS, NCTU 15 Install Sequence – MySQL  Steps # cd/usr/ports/databases/mysql51-server/ # make WITH_XCHARSET=all install clean  Add into rc.conf mysql_enable="YES"  Start up # /usr/local/etc/rc.d/mysql-server start

Computer Center, CS, NCTU 16 Install Sequence – Openssl and Apache  Steps cd /usr/ports/security/openssl make install clean cd /usr/ports/lang/python Make options: WITHOUT_IPV6=yes cd /usr/ports/converters/libiconv Make options: WITH_EXTRA_PATCHES=yes cd /usr/ports/www/apache22/ make WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_MPM=worker WITH_THREADS=yes WITH_SUEXEC=yes WITH_BERKELEYDB=db4 WITH_STATIC_SUPPORT=yes WITH_ALL_STATIC_MODULES=yes install clean  Add into /etc/rc.conf apache22_enable=“YES"  Start up /usr/local/etc/rc.d/apache22 start

Computer Center, CS, NCTU 17 Install Sequence – PHP  Steps # cd /usr/ports/lang/php5 # make install clean  Remenber to choose Apache module  Install php5-extensions # cd /usr/ports/lang/php5-extensions # make install clean  Choose what you need

Computer Center, CS, NCTU 18 Install Sequence – test PHP in apache (1)  Edit httpd.conf to support php % cd /usr/loca/apache/conf % mkdir /www ; mkdir /www/data % Edit httpd.conf … AddType application/x-httpd-php.php.phtml.php5 AddType application/x-httpd-php-source.phps … ServerName sabsd.cs.nctu.edu.tw # DocumentRoot "/usr/local/www/apache22/data" DocumentRoot "/www/data“ … # DirectoryIndex index.php index.html index.htm

Computer Center, CS, NCTU 19 Install Sequence – test PHP in apache (2)  Restart httpd /usr/local/etc/rc.d/apache22 restart  Test PHP % Edit /www/data/index.php <? phpinfo(); ?>

Administration

Computer Center, CS, NCTU 21 Apache configuration  Location The default location of apache (in ports) is /usr/local/etc/apache22 Major configuration file: httpd.conf  Other configuration files could be included. (setting in httpd.conf)  Two types Global configurations  Global setting  Server specific setting  Virtual host setting Directory Configuration  Local setting for certain directory

Computer Center, CS, NCTU 22 Apache configuration – Global Configuration  Global setting ServerType standalone Timeout 300 KeepAlive On KeepAliveRequests 100 StartServers 5  Server configuration Port 80 ServerAdmin ServerName sabsd.cs.nctu.edu.tw DocumentRoot "/www/data"

Computer Center, CS, NCTU 23 Apache configuration – Directory Configuration (1)  Configuration parameters Options  All(turn on all options except multiview)  ExecCGI(To allow executions of AddHandler)  FollowSymLinks(access files outside this directory)  Indexs(generate file-list for browsing) (when there is no DirectoryIndex files)  MultiViews(multi-language support) AllowOverride  All(Read.htaccess)  None(ignoring.htaccess) Deny/Allow  IP/DN(control access to this directory) Order  Solve collision of deny and allow rules Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all

Computer Center, CS, NCTU 24 Apache configuration – Directory Configuration (2) # User home directories #Include etc/apache22/extra/httpd-userdir.conf UserDir public_html UserDir disabled root toor daemon operator bin tty kmem games news man sshd bind proxy _pflogd _dhcp uucp pop www nobody mailnull smmsp # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Order allow,deny Allow from all Order deny,allow Deny from all

Computer Center, CS, NCTU 25 Apache configuration – Directory Configuration (3) Alias /icons/ "/usr/local/www/apache22/icons/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all Alias /manual/ "/usr/local/apache/htdocs/manual/" Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all

Computer Center, CS, NCTU 26 Apache configuration – Virtual Host  Name-Base Singe IP, several hostnames  IP-Base several IPs Port 80 ServerAdmin DocumentRoot /www/csie ServerName sun3.csie.nctu.edu.tw ErrorLog logs/csie-error_log TransferLog logs/csie-access_log Port 80 ServerAdmin DocumentRoot /www/ee ServerName sun3.ee.nctu.edu.tw ErrorLog logs/ee-error_log TransferLog logs/ee-access_log NameVirtualHost ServerName DocumentRoot "/www" ServerName mail.snmg.com.tw DocumentRoot "/home/sywang" ServerName csie.snmg.com.tw Redirect /

Computer Center, CS, NCTU 27 Apache configuration –.htaccess (1) .htaccess Allow admin to use one file to control access to certain directory  Usage Modify httpd.conf Create.htaccess file Generate password database Test

Computer Center, CS, NCTU 28 Apache configuration –.htaccess (2)  Example Modify httpd.conf Create.htaccess file Generate password file Options Indexes FollowSymLinks MultiViews ExecCGI AllowOverride All Order allow,deny Allow from all [3:02pm] /www/data/test1> cat.htaccess AuthName "SA-test1" AuthType "Basic" AuthUserFile “/www/data/test1/.htpasswd” require valid-user [2:58pm] /> /usr/local/apache/bin/htpasswd -c./.htpasswd SA-user1 New password: Re-type new password: Adding password for user SA-user1

Computer Center, CS, NCTU 29 Apache configuration –.htaccess (3)

Computer Center, CS, NCTU 30 Apache configuration – log  Rotate your log using newsyslog

Computer Center, CS, NCTU 31 Apache configuration – Certificate Authority (1)  Flow Generate random seed Generate RootCA  Generate private key of RootCA  Fill the Request of Certificate.  Sign the certificate itself. Generate certificate of Web Server  Generate private key of Web Server  Fill the Request of certificate  Sign the certificate using RootCA Modify apache configuration  restart apache

Computer Center, CS, NCTU 32 Apache configuration – Certificate Authority (2) Generate random seed  openssl rand -out rnd-file num –Ex. openssl rand -out /etc/ssl/RootCA/private/.rnd 1024  chmod go-rwx rnd-file –Ex. chmod go-rwx /etc/ssl/RootCA/private/.rnd

Computer Center, CS, NCTU 33 Apache configuration – Certificate Authority (3) Generate RootCA  Generate private key of RootCA –openssl genrsa -des3 -rand rnd-file -out rootca-key-file num % openssl genrsa -des3 -rand /etc/ssl/RootCA/private/.rnd \ -out /etc/ssl/RootCA/private/rootca.key.pem 2048 Note: phrase are asked (something like password) –chmod go-rwx rootca-key-file % chmod go-rwx /etc/ssl/RootCA/private/rootca.key.pem

Computer Center, CS, NCTU 34 Apache configuration – Certificate Authority (4) Generate RootCA  Generate private key of RootCA  Fill the Request of Certificate. –openssl req -new -key rootca-key-file -out rootca-req-file % openssl req -new -key /etc/ssl/RootCA/private/rootca.key.pem \ -out /etc/ssl/RootCA/private/rootca.req.pem –chmod go-rwx rootca-req-file % chmod go-rwx /etc/ssl/RootCA/private/rootca.req.pem Enter pass phrase for rootca-key-file: Country Name (2 letter code) [AU]:TW State or Province Name (full name) [Some-State]:Taiwan Locality Name (eg, city) []:HsinChu Organization Name (eg, company) [Internet Widgits Pty Ltd]:NCTU Organizational Unit Name (eg, section) []:CS Common Name (eg, YOUR name) []:sabsd.cs.nctu.edu.tw Address A challenge password []: ( 不需要密碼,直接 Enter) An optional company name []: ( 直接 Enter)

Computer Center, CS, NCTU 35 Apache configuration – Certificate Authority (5) Generate RootCA  Generate private key of RootCA  Fill the Request of Certificate.  Sign the certificate itself. – openssl x509 -req -days #_of_days -sha1 \ -extfile path_of_openssl.cnf -extensions v3_ca \ -signkey rootca-key-file -in rootca-req-file -out rootca-crt-file % openssl x509 -req -days sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey /etc/ssl/RootCA/private/rootca.key.pem -in /etc/ssl/RootCA/private/rootca.req.pem -out /etc/ssl/RootCA/private/rootca.crt.pem –rm -f rootca-req-file %rm -f /etc/ssl/RootCA/private/rootca.req.pem –chmod go-rwx rootca-crt-file »%chmod go-rwx /etc/ssl/RootCA/private/rootca.crt.pem

Computer Center, CS, NCTU 36 Apache configuration – Certificate Authority (6) Generate certificate of Web Server  Generate private key of Web Server –openssl genrsa -out host-key-file num %openssl genrsa -out /etc/ssl/sabsd/private/sabsd.key.pem 1024 –chmod go-rwx host-key-file %chmod go-rwx /etc/ssl/sabsd/private/sabsd.key.pem  Fill the Request of certificate –openssl req -new -key host-key-file -out host-req-file % openssl req -new -key /etc/ssl/sabsd/private/sabsd.key.pem -out /etc/ssl/sabsd/private/sabsd.req.pem –chmod go-rwx host-req-file % chmod go-rwx /etc/ssl/sabsd/private/sabsd.req.pem

Computer Center, CS, NCTU 37 Apache configuration – Certificate Authority (7) Generate certificate of Web Server  Generate private key of Web Server  Fill the Request of certificate  Sign the certificate using RootCA –Tramsmit host-req-file to Root CA, and do following steps in RootCA –openssl x509 -req -days #_of_days -sha1 -extfile path_of_openssl.cnf \ -extensions v3_ca -CA rootca-crt-file -CAkey rootca-key-file \ -CAserial rootca-srl-file -CAcreateserial -in host-req-file -out host-crt-file % openssl x509 -req -days 361 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -CA /etc/ssl/RootCA/private/rootca.crt.pem -CAkey /etc/ssl/RootCA/private/rootca.key.pem -CAserial /etc/ssl/RootCA/private/rootca.srl -CAcreateserial -in /etc/ssl/sabsd/private/sabsd.req.pem -out /etc/ssl/sabsd/private/sabsd.crt.pem –rm -f host-req-file ( in both RootCA and Web Server) % rm -f /etc/ssl/sabsd/private/sabsd.req.pem –Transmit host-crt-file back to Web Server

Computer Center, CS, NCTU 38 Apache configuration – Certificate Authority (8) Modify apache configuration  restart apache ## ## SSL Virtual Host Context ## # General setup for the virtual host DocumentRoot /www/data Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all ServerName sabsd.cs.nctu.edu.tw:443 ServerAdmin ErrorLog /var/log/httpd/sabsd.cs-error.log CustomLog /var/log/httpd/sabsd.cs-access.log common SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL SSLCertificateFile /etc/ssl/sabsd/sabsd.crt.pem SSLCertificateKeyFile /etc/ssl/sabsd/private/sabsd.key.pem

Computer Center, CS, NCTU 39 Administrating MySQL (1)  Config file Copy config file  % cd /usr/local/share/mysql  % sudo cp my-huge.cnf /etc/my.cnf Edit /etc/my.cnf  Start up Add into rc.conf  mysql_enable="YES" # /usr/local/etc/rc.d/mysql-server start

Computer Center, CS, NCTU 40 Administrating MySQL (2)  Test % mysql – u root – p  The initial password for root is empty mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 to server version: log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show databases; | Database| | mysql | | test | rows in set (0.27 sec) mysql> exit Bye

Computer Center, CS, NCTU 41 Administrating MySQL (3)  Securing initial accounts Two initial accounts  root  anonymous mysql> SELECT Host, User From mysql.user; | Host | User | | localhost | | | localhost | root | | sabsd.cs.nctu.edu.tw | | | sabsd.cs.nctu.edu.tw | root | mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 to server version: log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> UPDATE mysql.user SET Password = PASSWORD(‘user123') WHERE User = ''; Query OK, 2 rows affected (0.26 sec) Rows matched: 2 Changed: 2 Warnings: 0 mysql> UPDATE mysql.user SET Password = PASSWORD(‘root123') WHERE User = 'root'; Query OK, 2 rows affected (0.00 sec) Rows matched: 2 Changed: 2 Warnings: 0 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)

Computer Center, CS, NCTU 42 Administrating MySQL – Using phpMyAdmin (1)  phpMyAdmin can manage a whole MySQL server as well as a single database.  Official Site:  Characteristics Browser-based, Supporting PHP5, MySQL 4.1 and 5.0, Open Source  Installation Steps 1.Download latest version from official site 2.Unzip the archived file. 3.Read documents: Documentation.html 4.copy config.sample.inc.php  config.inc.php Change auth type to http Remove configuration about Advanced Feature (something start with ‘pma’) Browse the phpMyAdmin, and login.

Computer Center, CS, NCTU 43 Administrating MySQL – Using phpMyAdmin (2)

Computer Center, CS, NCTU 44 Administrating MySQL – Using phpMyAdmin (3)

Computer Center, CS, NCTU 45 Administrating MySQL – Using phpMyAdmin (4)  Create another user with limited privilege

Appendix: Installing lighttpd

Computer Center, CS, NCTU 47 Installing lighttpd (1)  Official:  安裝 # cd /usr/ports/www/lighttpd # make install clean  Supporting PHP 修改 lighttpd 的設定檔 /usr/local/etc/lighttpd.conf 將「 “mod_fastcgi”, 」前面的註解 (# 字號 ) 刪除 將 fastcgi.server= ( “.php”=> ( "localhost" => ( "socket" => "/tmp/php-fastcgi.socket", "bin-path" => "/usr/local/bin/php-cgi" ) 這八行的註解刪除

Computer Center, CS, NCTU 48 Installing lighttpd (2)  SSL support #### SSL engine ssl.engine = “enable” ssl.pemfile = “/path/server.pem”  Virtual Hosting Simple Virtual-Hosting #simple-vhost.server-root = "/home/weigon/wwwroot/servers/" #simple-vhost.default-host = "grisu.home.kneschke.de" #simple-vhost.document-root = "/pages/“ Enhanced Virtual-Hosting   其餘可按需求更改設定

Computer Center, CS, NCTU 49 Installing lighttpd (3)  在 /etc/rc.conf 檔案中加入: lighttpd_enable="YES"  手動啟動 /usr/local/etc/rc.d/lighttpd start

Appendix: CA

Computer Center, CS, NCTU 51 What is a CA ?  Certificate Authority ( 認證中心 )  Trusted server which signs certificates  One private key and relative public key  Tree structure of X.509 Root CA

Computer Center, CS, NCTU 52 What is a CA ? (c.2)  Root CA ( 最高層認證中心 ) Micro$oft 翻譯成「根目錄授權憑證」 通常 Root CA 不會直接用來簽發憑證,而是授權給一些中間的認證中 心,讓這些中間的認證中心來簽發憑證 Root CA 自己幫自己簽名  沒有再上層可以為他簽名 認可最高層認證中心  經由 secure channel 安裝 Root CA 的憑證 Root CA 只能由一些著名可靠的公司來擔任  無法再向上查驗,所以不可隨便加進系統信任的 Root CA

Computer Center, CS, NCTU 53 What is a CA ? (c.3)  Tree structure of CA 每個合格的 CA ,都會有一個管轄它的最高層 CA 的簽名,表示 Root CA 授權給它,可以簽發別人的憑證 當程式碰到沒見過的憑證,憑證上簽名的 CA 也沒見過時,只要檢查 Root CA 的簽名無誤,就接受這個憑證  Cost of certificate HiTrust : NT $30,000 / per year / per host Myself : NT $0

Computer Center, CS, NCTU 54 Certificate  電子憑證 / 公開金鑰憑證 / 網路身份證  A certificate is issued by a CA X  A certificate of a user A consists: The name of the issuer CA X His/her public key KU A The signature Sig(KR X, A, KU A ) by the CA X The expiration date Applications  Encryption / Signature

Computer Center, CS, NCTU 55 Certificate (c.1) Alice: (1)Generate KU A,, KR A CA X: (3) Generate Sig( KR X, Alice, KU A, T ) (2) Alice, KU A, ID proof (4) Sig(KR X, Alice, KU A, T) Cert A,X =[Alice, KU A, Sig(KR X, Alice, KU A ) ] Note Note: CA does not know KR A

Computer Center, CS, NCTU 56 Certificate (c.2)  Guarantee of CA and certificate Guarantee the public key is of someone Someone is not guaranteed to be safe  Security of transmitting DATA Transmit session key first  Public crypto system Transmit DATA by session key  Symmetric crypto system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.