服务器配置相关问题

服务器配置相关记录

Apache的反向代理

首先是库之类的环境配置,
如果是编译的,./configure附加–enable-proxy参数,把代理模块编译进来。

如果是安装好的,就在配置文件http.conf里启用相应的模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

有的服务器该配置文件为, /etc/apache2/apache2.conf

1
2
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
1
2
3
4
5
6
7
8
9
10
11
12
13
<VirtualHost *:80>
ServerAlias wordpress.zhangshenghao.win
ServerName wordpress.zhangshenghao.win
ProxyPassReverse / http://pi.zhangshenghao.win/wordpress/
ProxyPass / http://pi.zhangshenghao.win/wordpress/
</VirtualHost>

<VirtualHost *:80>
ServerAlias blog.zhangshenghao.win
ServerName blog.zhangshenghao.win
ProxyPassReverse / http://pi.zhangshenghao.win/qingfeng14.github.io/
ProxyPass / http://pi.zhangshenghao.win/qingfeng14.github.io/
</VirtualHost>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<VirtualHost *:80>
ServerAlias code.zhangshenghao.win
ServerName code.zhangshenghao.win
# ProxyPassReverse / http://pi.zhangshenghao.win/wordpress/
DocumentRoot /Users/alexzhangch/Downloads/FTP_SERVER/
</VirtualHost>


<Directory "/Users/alexzhangch/Downloads/FTP_SERVER/">
Options FollowSymLinks Multiviews
MultiviewsMatch Any
AllowOverride None
Require all granted
</Directory>

服务器重启

1
sudo /etc/init.d/apache2 restart

开启HTTPS 代理

开启HTTPS步骤
更全

  • 步骤1:生成密钥

    1
    openssl genrsa 1024 > server.key

    说明:这是用128位rsa算法生成密钥,得到server.key文件

  • 步骤2: 生成证书请求文件

    1
    openssl req -new -key server.key > server.csr

    说明:这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题,一一输入

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    Country Name (2 letter code) [AU]:CN ← 国家代号,中国输入CN 
    State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音
    Locality Name (eg, city) []:BeiJing ← 市的全名,拼音
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
    Organizational Unit Name (eg, section) []: ← 可以不输入
    Common Name (eg, YOUR name) []: ← 此时不输入
    Email Address []:admin@mycompany.com ← 电子邮箱,可随意填
    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []: ← 可以不输入
    An optional company name []: ← 可以不输入
  • 步骤3: 生成证书

    1
    openssl req -x509 -days 3650 -key server.key -in server.csr > server.crt

    说明:这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天

    1
    sudo ln -s /etc/apache2/sites-available/default-ssl.conf  /etc/apache2/sites-enabled/001-ssl.conf

let’s encrypt

1
2
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
1
2
# 泛域名更新
certbot certonly -d *.2simple.top --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<VirtualHost _default_:443>
ServerAdmin zhangshenghao1995@163.com

DocumentRoot /var/www/html/qingfeng14.github.io/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/zhangshenghao.win/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zhangshenghao.win/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

ServerName zhangshenghao.win
</VirtualHost>

<VirtualHost _default_:443>
ServerAdmin zhangshenghao1995@163.com

DocumentRoot /var/www/html/qingfeng14.github.io/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/letsencrypt/live/blog.zhangshenghao.win/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blog.zhangshenghao.win/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

ServerName blog.zhangshenghao.win
</VirtualHost>

http 重定向至 https

1
2
RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

squid 代理服务器

打赏