- datetime :: 2019-05-21
- Machine :: Tinker board S
- OS :: debian 9
- Apache2 :: 2.4.25
- OpenSSL :: 1.1.0j
- certbot :: 0.28.0
- curl :: 7.52.1
- wget :: 1.18
ScriptAlias /<browser>/<path> /<device>/<path>/<script-dir>/
- On the Directive where /<device>/<path>/<script-dir>/
AllowOverride Limit
Options ExecCGI FollowSymLinks
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.sh [NC,L]
- On the Directive where /<device>/<path>/
AllowOveride Limit
Addhandler cgi-script .cgi .sh <other>
ServerName <sub domain>.<domain>.<top domain>
Include conf-available/serve-cgi-bin.conf
- On the VirtualHost at port 80
DocumentRoot /<device>/<path>/<content-dir>
RewriteEngin On
# after letsencryptRewriteCond %{HTTPS} off
RewriteCond %{HTTP_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
# after letsencrypt
:$ sudo certbot certonly --webroot -w /<device>/<path/ -d <sub domain>.<domain>.<top domain>
- The action woldn't run befor <sub domain>.<domain>.<top domain> is spreaded in WWW.
ServerName <sub domain>.<domain>.<top domain>
- On the VirtualHost at port 443
DocumentRoot /<device/<path>/
SSLcertificateFile /etc/letsencrypt/live/<sub domain>.<domain>.<top domain>/fullchain.pem
SSLcertificateKeyFile /etc/letsencrypt/live/<sub domain>.<domain>.<top domain>/privkey.pem
SSLProtocol all -TLSv1
:$ sudo ln -s /etc/apache2/mod-available/<any>.{load | conf} /etc/apache2/mod-enable/<any>.{load | conf}
- Addons are cgi.load mime.conf mime.load rewrite.load socache_shmcb.load ssl.conf ssl.load .
:$ sudo ln -s /etc/apache2/sites-available/<any>.{load | conf} /etc/apache2/sites-enable/<any>.{load | conf}
- Addons are 000-default.conf default.conf
- user level
30 */6 * * * wget -q -O /dev/null "https://ieserver.net/cgi-bin/dip.cgi?username=<sub domain>&domain=<domain>.<top domain>&password=<password>&updatehost=1"
# Encode(%encording) query-parameters.30 15 */7 * * curl http://nami.jp/ipv4bycc/cidr.txt.gz | gzip -d | grep -i "jp" | sed -r "s/jp\s+/allow from /i" sed "1iallow from 192.168.0.0/16" | sed "1ideny from all" | sed "1iorder deny,allow" > /<device>/<path>/.htaccess
- root level
30 4 12 * * mv <device>/<path>/.htaccess <device>/<path/p.haccess && certbot renew && mv <device>/<path>/p.htaccess <device>/<path/.haccess && service apache2 restart