跳到主要內容

Lighttpd - HTTPS(SSL) 設置

參考網站

Howto: Linux Lighttpd SSL (Secure Server Layer) Https Configuration And Installation (主要)

How To Lighttpd Create Self Signed SSL Certificates 

Howto: Linux Lighttpd SSL (secure server layer) https 安装和配置 (原文)



成功過程紀錄

# mkdir -p /etc/lighttpd/ssl/web.netxtream.com

# cd /etc/lighttpd/ssl/web.netxtream.com

# openssl genrsa -des3 -out web.netxtream.com.key 1024             //Create a RSA key

# openssl req -new -key web.netxtream.com.key -out web.netxtream.com.csr                //Now create a CSR

#openssl x509 -req -days 365 -in web.netxtream.com.csr -signkey web.netxtream.com.key -out web.netxtream.com.crt              //Get certificate

#cat web.netxtream.com.key web.netxtream.com.crt > web.netxtream.com.pem                 //create your final pem file

#chmod 0600 web.netxtream.com.pem                //setup permission

#/usr/sbin/lighttpd -v            //make sure lighttpd support ssl

#vi /etc/lighttpd/lighttpd.conf            //edit config file

 

Add in lighttpd.conf file:

$SERVER["socket"] == "web.netxtream.com:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/web.netxtream.com/web.netxtream.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/web.netxtream.com/web.netxtream.com.crt"
server.name = "web.netxtream.com"
server.document-root = "/srv/www"
server.errorlog = "/var/log/lighttpd/web.netxtream.com/serror.log"
accesslog.filename = "/var/log/lighttpd/web.netxtream.com/saccess.log"
}

 

 
 

以下資料轉錄自- 蚊子館

--------------------------------------------

1.建立存放私鑰及證書目錄

#mkdir /etc/lighttpd/ssl
#cd /etc/lighttpd/ss

2. 產生私鑰(Private key)
# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.......................................+++
.........................................................................................................................+++
e is 65537 (0x10001)

3. 產生需求證書(CSR)
# openssl req -new -key privkey.pem -out cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:Catchlink
Organizational Unit Name (eg, section) []:MIS
Common Name (eg, your name or your server's hostname) []:*.catchlink.com
Email Address []:Darwin@catchlink.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

這個命令將會生成一個證書請求,當然,用到了前面生成的金鑰privkey.pem檔案
這裡將生成一個新的檔cert.csr,即一個證書請求檔,你可以拿著這個檔去數位憑證頒發機構(即CA)申請一個數位憑證。CA會給你一個新的檔cacert.pem,那才是你的數位憑證。

如果是自己做測試,那麼證書的申請機構和頒發機構都是自己。就可以用下面這個命令來生成證書:
openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
這個命令將用上面生成的金鑰privkey.pem生成一個數位憑證cacert.pem

# openssl req -new -x509 -days 3650 -key privkey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]: Catchlink
Organizational Unit Name (eg, section) []:MIS
Common Name (eg, your name or your server's hostname) []:*.catchlink.com
Email Address []:Darwin@catchlink.com
# ls -l
total 12
-rw-r--r-- 1 root root 1663 Dec 25 08:22 cacert.pem
-rw-r--r-- 1 root root 1675 Dec 25 08:21 privkey.pem

4.將私鑰及證書整合一個file
# cat privkey.pem cacert.pem >lighttpd.pem
# ls -l
total 12
-rw-r--r-- 1 root root 1663 Dec 25 08:22 cacert.pem
-rw-r--r-- 1 root root 3338 Dec 25 08:24 lighttpd.pem
-rw-r--r-- 1 root root 1675 Dec 25 08:21 privkey.pem
#chmod -R 600 /etc/lighttpd/ssl

5.編輯vhosts.conf檔案
# vi /etc/lighttpd/conf.d/vhosts.conf
$SERVER["socket"] == "192.168.11.201:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/lighttpd.pem"
server.name = "www.aaa.com"
server.document-root="/var/lighttpd/blog.aaa.com"
server.errorlog="/var/log/lighttpd/blog.aaa.com.error.log"
accesslog.filename="/var/log/lighttpd/blog.aaa.com.access.log"

}

https://192.168.11.201

轉錄自: 蚊子館 http://linux-guys.blogspot.com/2010/12/lighttpd-httpsssl.html

留言

這個網誌中的熱門文章

[新竹] 系統傢俱各家比較與心得(三商美福、安德康、木可、歐德、綠的)

最近花蠻多時間在比較系統傢俱,與趕著預售屋客變有關,不過也因此了解不少。以往都覺得系統傢俱較死板、無造型、設計。但這次的經驗,讓我對系統傢俱有較不一樣的感覺。

其實,系統傢俱是個蠻能「客製化」的設計,只要自己有做足功課,我認為每家系統傢俱都可以達到客戶喜好的風格、效果,而它們相較於木工親民的價格真的會讓人感動落淚。

我自己的感覺是,大家(如:綠的、三商美福)的系統傢俱在聘請設計師上,較有經驗也較有獨特見解,而且空間規劃較熟練,比較抓得到客戶的喜好與需求,當然價格較高。

小家(如:木可、安德康等)的系統傢俱最大好處在於價格親民,但設計師如果也願意用心,做出來的作品一定不輸大的。前提是,客戶自己必須明白自己要的是甚麼?喜好?需求?風格.......等。

[生活] 幸福新居落成

這次預售屋拖了很久,所以我們匆匆安排裝修,同時也還有一些地方需要修繕,整個忙翻天了!但仍然很滿意這個新家,不管是格局還是大小,打算至少再住個十年!

時程上原先預定於 102年12月可以交屋,拖到103年3月底才勉強交到一個差強人意仍須修繕的屋。匆匆簽了切結,就安排木工入場。木工張先生也是很配合,4月11日就幫我們正式入場,該保護的都做好保護就開始施工。

[生活] 愛惠浦淨水器濾心更換之S100

用了快兩年的愛惠浦淨水器 (Ever Pure),天才的我竟然連第一道都沒換,沒辦法嘛~濾心很貴.....orz

今天逛大潤發,問了價格馬上衝一發,3100元買一送一,一隻1550元還算可以接受。只是以我使用的速度,我猜搬家後還不會換下一隻...不過放著不用保存期限可以放三年...應該還可以吧......?!orz

總之,趁著便宜,撿便宜的心態趨使我買回家自己換濾心,人性啊人性.....順便買了一隻全適用的第一道濾心約 90元。0w0