mydnsにてドメイン登録(複数ドメイン→複数アカウントを作成)
アカウントID・パスワードを書き留めておく
apache2設定
cd /etc/apache2/sites-available
※もとサイト用の設定をコピーして再度作成しなおす
サイト有効化
sudo a2ensite [create_site_setting_file_name]
dyndns自動更新
手動通知での確認
wget http://www.mydns.jp/login.html --http-user=[user_account_name] --http-passwd=[user_account_password] -O /dev/null
wget -q -O - 'http://[user_account_name]:[user_account_password]@www.mydns.jp/login.html' |grep "login_status"
スクリプト作成
vi /path/to/exec_file_setting_directory/ddns.sh
ファイル内容は以下
#!/bin/sh
##DDNS updata script.
#
#check wget
if ! [ -x /usr/bin/wget ]
then echo "Not found : wget"; exit 0
fi
#updata DDNS
#[site_url]
echo [site_url] wget...
wget -q -O - 'http://[user_account_name]:[user_account_password]@www.mydns.jp/login.html' |grep "login_status"
exit 0
権限付与
chmod 744 ddns.sh
クーロン登録
sudo vi /etc/crontab
以下を追加
0 3 * * * root /path/to/exec_file_setting_directory/ddns.sh &
ssl証明書再作成
秘密鍵の作成
cd /usr/lib/ssl/misc
mkdir [any_directory_name]
cd [any_directory_name]
openssl genrsa -des3 -out server.mydns.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
....................................................................................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.mydns.key: [パスフレーズを入力]
Verifying - Enter pass phrase for server.mydns.key: [パスフレーズを入力]
ls
server.mydns.key
パスフレーズの削除(apache再起動などしたら、パスフレーズを要求される為)
openssl rsa -in server.mydns.key -out server.mydns.key
Enter pass phrase for server.mydns.key: [パスフレーズを入力]
writing RSA key
公開鍵の作成
openssl req -new -key server.mydns.key -out server.mydns.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:日本
State or Province Name (full name) [Some-State]:県名
Locality Name (eg, city) []:町名
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:[site_url]
Email Address []:[mail@address.com]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
ls -la
合計 16
drwxr-xr-x 2 root root 4096 2014-05-05 14:59 .
drwxr-xr-x 4 root root 4096 2014-05-05 14:47 ..
-rw-r--r-- 1 root root 700 2014-05-05 14:59 server.mydns.csr
-rw-r--r-- 1 root root 887 2014-05-05 14:55 server.mydns.key
署名付証明書作成
openssl x509 -req -days 3650 -in server.mydns.csr -signkey server.mydns.key -out server.mydns.crt
Signature ok
subject=/C=日本/ST=県名/L=町名/O=Internet Widgits Pty Ltd/CN=[site_url]/emailAddress=mail@address.com
Getting Private key
ls -la
合計 20
drwxr-xr-x 2 root root 4096 2014-05-05 15:01 .
drwxr-xr-x 4 root root 4096 2014-05-05 14:47 ..
-rw-r--r-- 1 root root 944 2014-05-05 15:01 server.mydns.crt
-rw-r--r-- 1 root root 700 2014-05-05 14:59 server.mydns.csr
-rw-r--r-- 1 root root 887 2014-05-05 14:55 server.mydns.key
証明書の配置
mkdir /etc/apache2/ssl.mydns
mkdir /etc/apache2/ssl.mydns/private
cd /usr/lib/ssl/misc/[any_directory_name]
cp -fpv ./server.mydns.crt /etc/apache2/ssl.mydns
cp -fpv ./server.mydns.key /etc/apache2/ssl.mydns/private
SSL接続用バーチャルホスト設定
diff default-ssl ssl.[site_url]
5c5,7
< DocumentRoot /var/www
---
> DocumentRoot /path/to/document/root/
> ServerName [site_url]
> ServerAlias [site_url] *.[site_url]
10,11c12,13
< <Directory /var/www/>
< Options Indexes FollowSymLinks MultiViews
---
> <Directory /data/data/10.www/[site_url]/>
> Options FollowSymLinks
41a44,56
> Alias /webdav "/path/to/webdav/direcotry"
> <Location /webdav>
> DAV On
> Options indexes FollowSymlinks
> Order allow,deny
> allow from all
> AuthType Basic
> AuthName "Authentification Required"
> AuthUserFile /etc/apache2/dav.passwd
> Require user [user_name]
> </Location>
>
>
51,52c66,67
< SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
< SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
---
> SSLCertificateFile /etc/apache2/ssl.mydns/server.mydns.crt
> SSLCertificateKeyFile /etc/apache2/ssl.mydns/private/server.mydns.key
作成したSSL用バーチャルホスト設定を有効化
a2ensite ssl.[site_url]
Enabling site ssl.[site_url].
Run '/etc/init.d/apache2 reload' to activate new configuration!
der作成
openssl x509 -in server.mydns.crt -outform DER -out server.mydns.der
openssl x509 -in server.mydns.crt -outform DER -out server.mydns.formobile.crt
cp -fpv ./ * /etc/apache2/ssl.mydns/
既存サイト無効化
Apache再起動
/etc/init.d/apache2 restart
p12ファイル作成
openssl pkcs12 -export -in server.mydns.crt -inkey private/server.mydns.key -out cacert.mydns.formobile.p12