Diferencia entre revisiones de «Apache»
(→PHP) |
|||
Línea 241: | Línea 241: | ||
memory_limit = 32M | memory_limit = 32M | ||
</nowiki></pre> | </nowiki></pre> | ||
+ | |||
+ | =CGI= | ||
+ | ==Mini CGI== | ||
+ | #!/usr/bin/sh | ||
+ | echo "Content-type: text/html" | ||
+ | echo "" | ||
+ | echo "<html>" | ||
+ | echo "<body>" | ||
+ | pwd | ||
+ | echo "</body>" | ||
+ | echo "</html>" | ||
= Performance = | = Performance = | ||
*[http://blogcritics.org/archives/2006/01/27/175740.php Open Source: Configuring Apache - Don't Succumb To The "Slashdot Effect"] | *[http://blogcritics.org/archives/2006/01/27/175740.php Open Source: Configuring Apache - Don't Succumb To The "Slashdot Effect"] |
Revisión del 18:38 24 ago 2006
SSL
Apache2
Habilitamos el modulo ssl:
a2enmod ssl
Ejecutamos un script para crear nuestro certificado de seguridad para el servidor (estara autofirmado).
apache2-ssl-certificate --force -days 999 #apache2-ssl-certificate
Ahora crearemos la configuracion de "el sitio" para el servidor seguro basandonos en la que lleva por defecto:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
/etc/apache2/sites-enabled/ssl tiene que empezar de la siguiente manera:
NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/ssl.jhernandez.gpltarragona.org/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/ssl.jhernandez.gpltarragona.org/htdocs> #[...aquí sigue...]
Tenes que cambiar lo de directory según el directorio que queres... Ahora, /etc/apache2/sites-enabled/default también hay que configurarlo de la misma forma:
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/jhernandez.gpltarragona.org/htdocs <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/jhernandez.gpltarragona.org/htdocs> #[...aquí sigue...]
Ahora añade en el fichero /etc/apache2/ports.conf:
Listen 443
Por último, sólo basta añadir dentro del fichero "/etc/apache2/sites-enabled/ssl" dentro del VirtualHost (por ejemplo justo debajo de "ServerSignature On"):
SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem
Y por último, reiniciamos apache2:
/etc/init.d/apache2 force-reload
Apache 1.x
Para activar SSL en apache 1.x tenemos 2 alternativas principales
- ssl_mod - http://www.modssl.org
- apache-ssl - http://www.modssl.org
Informacion comparativa
La discucion de cual conviene usar es larga y va a depender de para que queramos usar el webserver
There appears to be some confusion regarding Apache-SSL and mod_ssl. To set the record straight: mod_ssl is not a replacement for Apache-SSL - it is an alternative, in the same way that Apache is an alternative to Netscape/Microsoft servers, or Linux is an alternative to FreeBSD. It is a matter of personal choice as to which you run. mod_ssl is what is known as a 'split' - i.e. it was originally derived from Apache-SSL, but has been extensively redeveloped so the code now bears little relation to the original.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC3
mod_ssl is derived originally from Apache SSL mod_ssl is more widely used than Apache SSL
2) mod_ssl is better written and reported to run faster on all platforms. It better integrates with Apache - without rough patching Apache's code.
3) the documentation is better for mod_ssl. Its mailing list is also more active and helpful.
4) mod_ssl is easier to install.
5) mod_ssl has more options and much better configurable.
Apache-SSL is a monolithic program with the SSL functionality hard-coded into apache. This leads to a large binary. Also, many SSL directives are
- required* in the config in order for it to work.
mod_ssl allows you to add or remove SSL functionality to an already working apache (assuming you compiled with EAPI and DSO). So you have more flexibility.
In a single server set-up, there is probably little to choose from between the two, however, I could imagine a multi-apache environment where you wanted some servers with SSL and some without. mod_ssl would be a good choice there.
As far as I can see, there is no difference between Apache-SSL and apache with mod_ssl statically compiled - both lead to a monolithic, SSL-aware binary.
Finally, in my experience, mod_ssl tracks apache updates really fast. Usually a new mod_ssl is ready within a day of a new apache version. Apache-SSL tends to be slower and is sometimes a few versions behind
Despues de leer toda esta informacion considero que es mejor empezar con mod_ssl
Configuracion de mod_ssl
Documentacion: http://www.modssl.org/docs/2.8/
Desinstalar el apache-ssl para no confundirnos
apt-get remove --purge apache-ssl
- Generar la clave:
dpkg-reconfigure libapache-mod-ssl
(No poner passphrase)
- Crear /etc/apache/conf.d/ssl.conf
Listen 80 Listen 443 <VirtualHost *:443> DocumentRoot "/home/webserver/root" SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key </VirtualHost>
Directorios en /etc/apache
- ssl.crl : Certificate revocation list. Put revoked certificates here. we don't need to worry about this folder at the moment.
- ssl.crt : This is where the certificates are stored.
- ssl.csr : For certificate signing requests.
- ssl.key : The keys go here.
- ssl.prm : Contains the parameter files for creating the keys.
Archivo htaccess
.htaccess
AuthName "Restricted Area" AuthType Basic AuthUserFile ../.htpasswd <Limit GET POST> require user gabriel </Limit> Options Indexes Includes FollowSymLinks IndexOptions +FoldersFirst +IconsAreLinks +ScanHTMLTitles
Crear archivo de passwords
htpasswd -c .htpasswd someuser
Agregar un nuevo usuario
htpasswd .htpasswd someuser
password a un solo archivo
Si queres poner passwd a un solo archivo lo mejor es crear un archivo de conf tipo /etc/apache2/conf.d/permisos.conf con algo como
<Location "/cgi-bin/awstats.pl"> AuthType Basic AuthName "GACQ.com Protected" AuthUserFile /xxx/xxx/.htpasswd require user xxx </Location>
mod_rewrite
Despues de habilitar el modulo
<IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /newwebmail> RewriteEngine on RewriteRule ^.*$ http://mail/webmail/ [R,L] </Location> </IfModule> </IfModule>
Con y sin www
Si queremos que todos los accesos se redirijan a un dominio con www, debemos añadir
RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Si lo que pretendemos es eliminar el prefijo www de nuestros accesos, este es el código
RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.(.*)$ RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
Mas facil y mejor sin el mod_rewrite
<VirtualHost *:80> ServerName dotproject.refert.com ServerAlias dotproject.refert.com.ar ServerAlias dotproject Redirect permanent / https://dotproject.refert.com.ar/ </VirtualHost>
tambien existe:
RedirectMatch permanent <REGEX> <destino>
Segurizando el apache
PHP
Allowed memory size of XXXX bytes exhausted
Hay que subir el default de la memoria de PHP de 8 MB a algo asi como 32 esta bien
vi /etc/php4/apache2/php.ini memory_limit = 32M
CGI
Mini CGI
#!/usr/bin/sh echo "Content-type: text/html" echo "" echo "<html>" echo "<body>" pwd echo "</body>" echo "</html>"