Lighttpd ssl証明書の構成

3132 ワード
記録
単一ドメイン名の構成
lighttpd -v 
lighttpd/1.4.45 (ssl) - a light and fast webserver 
Build-Date: Jan 17 2017 17:38:01 


cd /etc/lighttpd/ 
mkdir cert/ 
cd cert/ 
openssl pkcs12 -in 214185271960860.pfx -nodes -out server.pem #        ,   txt    


openssl rsa -in server.pem -out server.key 

chown -R lighttpd:lighttpd cert 

service iptables stop 



$SERVER["socket"] == ":443" { 

ssl.engine = "enable" 
ssl.pemfile = "/etc/lighttpd/cert/server.pem" 
ssl.ca-file = "/etc/lighttpd/cert/chain.pem" 
$HTTP["host"] == "xxx.com.cn" { 
server.document-root = "xxx/public/" 
accesslog.format = "%T %h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\"" 
server.error-handler-404 = "/404.htm" 
url.rewrite-once = (  
			"^/[^\?]*(\?.*)?$" => "index.php/$1" 
		) 
	} 

} 

service lighttpd stop
service lighttpd start

  ,       , restart      。

ワイルドカードドメイン名(eg*.xxx.com)プロセスに適しています

1、  Nginx  。     2   :    ( .pem        )    ( .key        )
2、  lighttpd -v  ,  lighttpd    ssl,       (ssl)       ssl。    ssl,        
3、mkdir -p /etc/lighttpd/cert,                
4、chown -R lighttpd:lighttpd /etc/lighttpd/cert
5、cd /etc/lighttpd/cert 
6、cat 1732645__data-stone.com.key 1732645__data-stone.com.pem > server.pem
7、  1732645__data-stone.com.pem       ---BEGIN CERTIFICATE--  , ---END CERTIFICATE--          chain.crt(     chain.crt   )
8、vim /etc/lighttpd/lighttpd.conf   , 443     ,       $HTTP["host"]     。    
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/cert/server.pem"
ssl.cipher-list = "AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA254"
ssl.honor-cipher-order = "enable"
ssl.disable-client-renegotiation = "enable"

		$HTTP["host"] == "testwww.xxxx.com" {
				server.document-root = "/www/xxx/public/"
				accesslog.format = "%h %v %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Cookie}i\""
				server.error-handler-404 = "/404.htm"
				url.rewrite-once = (
				"^/css(.*)$" => "$0",
				"^/js(.*)$" => "$0",
				"^/files(.*)$" => "$0",
				"^/stone_admin(.*)$" => "$0",
				"^/stone_www(.*)$" => "$0",
				"^/lib(.*)$" => "$0",
				"^/storage(.*)$"=>"$0",
				"^/[^\?]*(\?.*)?$" => "index.php/$1"
				)
		}
}
9、http   https           lighttpd.conf    

		$HTTP["scheme"] == "http" {
		    $HTTP["host"] =~ "^(.*)\.xxx\.com$" {
		          url.redirect = (".*" => "https://%0$0")
		    }
		 }

10、  lighttpd

 service lighttpd stop

 service lighttpd start
UIcollectionView基本使用
androidセンサ取得方向まとめ