Skip to content

Instantly share code, notes, and snippets.

@td-shi

td-shi/apache_building.md

Last active February 29, 2020 06:05
Show Gist options
  • Save td-shi/c8ad4d12e0e605311292d3924104aa35 to your computer and use it in GitHub Desktop.
Save td-shi/c8ad4d12e0e605311292d3924104aa35 to your computer and use it in GitHub Desktop.
Download ZIP
Apache2.0 building.
Raw
apache_building.md

versions

  • datetime :: 2019-05-21
  • Machine :: Tinker board S
  • OS :: debian 9
  • Apache2 :: 2.4.25
  • OpenSSL :: 1.1.0j
  • certbot :: 0.28.0
  • curl :: 7.52.1
  • wget :: 1.18

apache2.conf

  • ScriptAlias /<browser>/<path> /<device>/<path>/<script-dir>/
  • On the Directive where /<device>/<path>/<script-dir>/
    • AllowOverride Limit
    • Options ExecCGI FollowSymLinks
    • RewriteEngine On
    • RewriteCond %{SCRIPT_FILENAME} !-d
    • RewriteRule ^([^.]+)$ $1.sh [NC,L]
  • On the Directive where /<device>/<path>/
    • AllowOveride Limit

mods-enabled/mime.conf

  • Addhandler cgi-script .cgi .sh <other>

sites-enabled/000-default.conf

  • ServerName <sub domain>.<domain>.<top domain>
  • Include conf-available/serve-cgi-bin.conf
  • On the VirtualHost at port 80
    • DocumentRoot /<device>/<path>/<content-dir>
    • RewriteEngin On # after letsencrypt
    • RewriteCond %{HTTPS} off
    • RewriteCond %{HTTP_URI} !^/\.well-known/acme-challenge/
    • RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] # after letsencrypt

Gettings

  • :$ sudo certbot certonly --webroot -w /<device>/<path/ -d <sub domain>.<domain>.<top domain>
    • The action woldn't run befor <sub domain>.<domain>.<top domain> is spreaded in WWW.

sites-enabled/default-ssl.conf

  • ServerName <sub domain>.<domain>.<top domain>
  • On the VirtualHost at port 443
    • DocumentRoot /<device/<path>/
    • SSLcertificateFile /etc/letsencrypt/live/<sub domain>.<domain>.<top domain>/fullchain.pem
    • SSLcertificateKeyFile /etc/letsencrypt/live/<sub domain>.<domain>.<top domain>/privkey.pem

mods-enabled/ssl.conf

  • SSLProtocol all -TLSv1

mod-enable and sites-enable

  • :$ sudo ln -s /etc/apache2/mod-available/<any>.{load | conf} /etc/apache2/mod-enable/<any>.{load | conf}
    • Addons are cgi.load mime.conf mime.load rewrite.load socache_shmcb.load ssl.conf ssl.load .
  • :$ sudo ln -s /etc/apache2/sites-available/<any>.{load | conf} /etc/apache2/sites-enable/<any>.{load | conf}
    • Addons are 000-default.conf default.conf

crontab

  • user level
    • 30 */6 * * * wget -q -O /dev/null "https://ieserver.net/cgi-bin/dip.cgi?username=<sub domain>&domain=<domain>.<top domain>&password=<password>&updatehost=1" # Encode(%encording) query-parameters.
    • 30 15 */7 * * curl http://nami.jp/ipv4bycc/cidr.txt.gz | gzip -d | grep -i "jp" | sed -r "s/jp\s+/allow from /i" sed "1iallow from 192.168.0.0/16" | sed "1ideny from all" | sed "1iorder deny,allow" > /<device>/<path>/.htaccess
  • root level
    • 30 4 12 * * mv <device>/<path>/.htaccess <device>/<path/p.haccess && certbot renew && mv <device>/<path>/p.htaccess <device>/<path/.haccess && service apache2 restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment