Linux Install
- VMWare
- VMPlayer-linux
- LVM
- format
- mount
- network
- centos6.5
- centos7.0
- centos8
- ubuntu
- docker
- aws
- aws/s3fs
- aws/ALB
- gcp
- redmine
Android
Linux Tools
- apache
- apt
- bash
- bind
- dhcp
- emacs22
- emacs
- ImageMagick
- java
- lrzsz
- majordomo
- mount(nfs)
- multilog
- ntp
- nmap
- penguin office
- perl
- postfix
- postgres
- qmail
- SSH2
- SSH
- stone
- samba3
- tomcat
- WebDAV
- yum
- ruby on rails
- ezrarp
- ldap
- Upstart
- logrotate
- ssl
Linux AV
Linux Memo
WINDOWS
- XP-INST
- wsl
- CD-R
- cygwin
- TeraTerm
- winamp
- xyzzy
- mayu
- migemo
- MSN 7
- MFA
- Shortcut
- ffmpeg-MH
- proxy
- win-httpd
- win-dhcpd
- win-Tools
- aptana
- win-rails4
- win7-backup
PROGRAM
動画 Memo
音楽 Memo
モバイルアプリ Memo
FILE FORMAT
PROTOCOL
DEVICE
BookMark
その他
ssl
info†
centos7†sudo yum install epel-release sudo yum install certbot python-certbot-apache centos8†rm /usr/local/bin/certbot-auto dnf install epel-release dnf upgrade dnf install snapd systemctl enable --now snapd.socket ln -s /var/lib/snapd/snap /snap snap install core snap refresh core snap install --classic certbot ln -s /snap/bin/certbot /usr/bin/certbot certbot --apache 設定†/usr/local/bin/certbot-auto certonly --webroot -w /var/www/html/ -d 【example.com】 --agree-tos -n --email=xxx@xxx.xxx 次に ssl モジュール†dnf install mod_ssl cd /etc/httpd/conf.d grep -v '^#' ssl.conf > ssl.conf.bak とりあえずここだけ変えて確認 SSLCertificateFile /etc/letsencrypt/live/【example.com】/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/【example.com】/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/【example.com】/chain.pem httpd.conf <VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
service httpd restart apache†yum -y install mod_ssl ubuntu18†sudo apt install apache2 sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-apache SSL 設定†cd /etc/httpd/conf mkdir ssl.key -m 700 cd ssl.key openssl genrsa 2048 > server.key chmod 400 server.key cd /etc/httpd/conf openssl req -new -key ssl.key/server.key > server.csr JP Tokyo Shinagawa-Ku Exsample Company. R&D hostname.net mailaddress cd /etc/httpd/conf mkdir ssl.crt cd ssl.crt 本物の場合はここで、認証局に csr を送って crt を返してもらう cd ssl.crt openssl x509 -in ../server.csr -days 365 -req -signkey ../ssl.key/server.key > server.crt /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key service httpd restart ssl の設定†/etc/httpd/conf.d/ssl.conf <VirtualHost *:443> ServerName ssl.example.com:443 SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder on # SSLCipherSuite EECDH+HIGH:EDH+HIGH:HIGH:MEDIUM:+3DES:!ADH:!RC4:!MD5:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!PSK:!SRP:!DSS:!KRB5 SSLCipherSuite !DSS:EDH+AESGCM:ECDSA+AESGCM:EECDH+AESGCM:-AES128 SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key # 中間証明書をダウンロードしてくる SSLCertificateChainFile /etc/httpd/conf/ssl.crt/【取得した中間証明書】.cer : </VirtualHost> http => https にリダイレクトする†/etc/httpd/conf/httpd.conf <VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
Let's encrypt†aws cli と相性が悪いので注意 install†yum --enablerepo=epel install certbot python-certbot-apache pip install --upgrade pip # pip install requests --ignore-installed # pip install --upgrade --force-reinstall 'requests==2.6.0' pip install -U pip pip install cryptography --upgrade pip install --upgrade pip pip install requests --ignore-installed pip install --upgrade --force-reinstall 'requests==2.6.0' certbot certonly --webroot -w /var/www/【documentroot】/ -d 【example.com】 --agree-tos -n --email=xxx@xxx.xxx 上記を実行すると ※ 例えば、apache から他のシステムに丸ごと reverse proxy 等している場合は virtual host 内に下記を追加する必要がある ProxyPass /.well-known/ ! ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/letsencrypt/live/【example.com】/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/【example.com】/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/【example.com】/chain.pem # basic 認証サイトでは下記を記載しておかないと自動更新されなくなる <LocationMatch /.well-known*> Satisfy any order allow,deny allow from all </LocationMatch> server httpd restart ubuntu18†sudo apt ssl sudo a2enmod ssl sudo a2enmod rewrite sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod headers /etc/apache2/sites-available/000-default.conf cron update†10日に一回更新チェックを行う 0 4 2 * * root /bin/certbot renew --post-hook "systemctl restart httpd" >> /var/tmp/cert.log 0 4 12 * * root /bin/certbot renew --post-hook "systemctl restart httpd" >> /var/tmp/cert.log 0 4 22 * * root /bin/certbot renew --post-hook "systemctl restart httpd" >> /var/tmp/cert.log ubuntu†0 4 2 * * root /bin/certbot renew --post-hook "systemctl restart apache2" >> /var/tmp/cert.log 0 4 12 * * root /bin/certbot renew --post-hook "systemctl restart apache2" >> /var/tmp/cert.log 0 4 22 * * root /bin/certbot renew --post-hook "systemctl restart apache2" >> /var/tmp/cert.log ubuntu20†snap install core snap refresh core snap install --classic certbot apt-get install apache2 a2ensite default-ssl apt-get install libapache2-mod-auth-openidc a2enmod auth_openidc a2enmod include apt install php libapache2-mod-php |