Ubuntu Server Guide
Download 1.23 Mb. Pdf ko'rish
|
ubuntu-server-guide (1)
- Bu sahifa navigatsiya:
- Sharing Write Permission
|
HTTPS Configuration
The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communica- tions. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar. 253 The mod_ssl module is available in apache2-common package. Execute the following command at a terminal prompt to enable the mod_ssl module: sudo a2enmod s s l There is a default HTTPS configuration file in /etc/apache2/sites−available/default−ssl.conf. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl −cert package. They are good for testing, but the auto- generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see Certificates. To configure Apache2 for HTTPS, enter the following: sudo a 2 e n s i t e d e f a u l t −s s l Note The directories /etc/ ssl /certs and /etc/ ssl /private are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertifi- cateKeyFile appropriately. With Apache2 now configured for HTTPS, restart the service to enable the new settings: sudo s y s t e m c t l r e s t a r t apache2 . s e r v i c e Note Depending on how you obtained your certificate you may need to enter a passphrase when Apache2 starts. You can access the secure server pages by typing https://your_hostname/url/ in your browser address bar. Sharing Write Permission For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html to the group “webmasters”. sudo chgrp −R webmasters / var /www/ html sudo chmod −R g=rwX / var /www/ html / These commands recursively set the group permission on all files and directories in /var/www/html to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree. Warning The apache2 daemon will run as the www−data user, which has a corresponding www−data group. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content. Download 1.23 Mb. Do'stlaringiz bilan baham: 
|