Privacy Terms

發布日期
Who We Are At Walk In The Cloud, we are committed to maintaining the trust and confidence of all visitors to our web site. In particular, we want you to know that Walk In The Cloud is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.  In this Privacy Policy, we’ve provided detailed information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.  We take your privacy seriously and take measures to provide all visitors and users of Walk In The Cloud with a safe and secure environment. Cookies  Walk In The Cloud may set and access Walk In The Cloud cookies on your computer.  Cookies are used to provide our system with the basic information to provide the services you are requesting.  Cookies can be cleared at any time from your internet browser settings.  Google Analytics When someone v...
0

Lighttpd - HTTPS(SSL) 設置

發布日期
參考網站

Howto: Linux Lighttpd SSL (Secure Server Layer) Https Configuration And Installation (主要)

How To Lighttpd Create Self Signed SSL Certificates 

Howto: Linux Lighttpd SSL (secure server layer) https 安装和配置 (原文)



成功過程紀錄

# mkdir -p /etc/lighttpd/ssl/web.netxtream.com

# cd /etc/lighttpd/ssl/web.netxtream.com

# openssl genrsa -des3 -out web.netxtream.com.key 1024             //Create a RSA key

# openssl req -new -key web.netxtream.com.key -out web.netxtream.com.csr                //Now create a CSR

#openssl x509 -req -days 365 -in web.netxtream.com.csr -signkey web.netxtream.com.key -out web.netxtream.com.crt              //Get certificate

#cat web.netxtream.com.key web.netxtream.com.crt > web.netxtream.com.pem                 //create your final pem file

#chmod 0600 web.netxtream.com.pem                //setup permission

#/usr/sbin/lighttpd -v            //make sure lighttpd support ssl

#vi /etc/lighttpd/lighttpd.conf            //edit config file

 

Add in lighttpd.conf file:

$SERVER["socket"] == "web.netxtream.com:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/web.netxtream.com/web.netxtream.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/web.netxtream.com/web.netxtream.com.crt"
server.name = "web.netxtream.com"
server.document-root = "/srv/www"
server.errorlog = "/var/log/lighttpd/web.netxtream.com/serror.log"
accesslog.filename = "/var/log/lighttpd/web.netxtream.com/saccess.log"
}

 

 
 

以下資料轉錄自- 蚊子館

--------------------------------------------

1.建立存放私鑰及證書目錄

#mkdir /etc/lighttpd/ssl
#cd /etc/lighttpd/ss

2. 產生私鑰(Private key)
# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.......................................+++
.........................................................................................................................+++
e is 65537 (0x10001)

3. 產生需求證書(CSR)
# openssl req -new -key privkey.pem -out cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:Catchlink
Organizational Unit Name (eg, section) []:MIS
Common Name (eg, your name or your server's hostname) []:*.catchlink.com
Email Address []:Darwin@catchlink.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

這個命令將會生成一個證書請求,當然,用到了前面生成的金鑰privkey.pem檔案
這裡將生成一個新的檔cert.csr,即一個證書請求檔,你可以拿著這個檔去數位憑證頒發機構(即CA)申請一個數位憑證。CA會給你一個新的檔cacert.pem,那才是你的數位憑證。

如果是自己做測試,那麼證書的申請機構和頒發機構都是自己。就可以用下面這個命令來生成證書:
openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
這個命令將用上面生成的金鑰privkey.pem生成一個數位憑證cacert.pem

# openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]: Catchlink
Organizational Unit Name (eg, section) []:MIS
Common Name (eg, your name or your server's hostname) []:*.catchlink.com
Email Address []:Darwin@catchlink.com
# ls -l
total 12
-rw-r--r-- 1 root root 1663 Dec 25 08:22 cacert.pem
-rw-r--r-- 1 root root 1675 Dec 25 08:21 privkey.pem

4.將私鑰及證書整合一個file
# cat privkey.pem cacert.pem >lighttpd.pem
# ls -l
total 12
-rw-r--r-- 1 root root 1663 Dec 25 08:22 cacert.pem
-rw-r--r-- 1 root root 3338 Dec 25 08:24 lighttpd.pem
-rw-r--r-- 1 root root 1675 Dec 25 08:21 privkey.pem
#chmod -R 600 /etc/lighttpd/ssl

5.編輯vhosts.conf檔案
# vi /etc/lighttpd/conf.d/vhosts.conf
$SERVER["socket"] == "192.168.11.201:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/lighttpd.pem"
server.name = "www.aaa.com"
server.document-root="/var/lighttpd/blog.aaa.com"
server.errorlog="/var/log/lighttpd/blog.aaa.com.error.log"
accesslog.filename="/var/log/lighttpd/blog.aaa.com.access.log"

}

https://192.168.11.201

轉錄自: 蚊子館 http://linux-guys.blogspot.com/2010/12/lighttpd-httpsssl.html

留言

張貼留言