SCPでリモートファイルをダウンロード
scp -p 22 root@192.168.56.100:/root/dump.sql ./
CentOS再起動後にApacheが起動できない時の対処法
まずhttpdのプロセスが残っているかの確認
[root@localhost ~]# lsof -i | grep http
httpd 1162 root 4u IPv6 8530 0t0 TCP *:http (LISTEN)
httpd 1162 root 6u IPv6 8534 0t0 TCP *:https (LISTEN)
残っていればプロセスをkill
[root@localhost ~]# kill -9 1162
httpd起動時にssl のパスワードを聞かれるのでssl設定時のパスワードを入力
[root@localhost ~]# /etc/init.d/httpd start
httpd を起動中: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
Apache/2.2.15 mod_ssl/2.2.15 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server localhost.localdomain:443 (RSA)
Enter pass phrase:openssl
これでhttpdの起動となった
apacheにOpenSSL設定
なければ↓
# yum install openssl # yum install mod_ssl
[root@localhost ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@localhost ~]# cd /etc/httpd/conf
[root@localhost conf]# ls
extra httpd.conf httpd.conf.back20160811 magic
[root@localhost conf]# openssl genrsa -aes128 1024 > server.key
Generating RSA private key, 1024 bit long modulus
.............................................................................++++++
..........................++++++
e is 65537 (0x10001)
Enter pass phrase:openssl
Verifying - Enter pass phrase:openssl
[root@localhost conf]# openssl req -new -key server.key > server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) :TOKYO
Locality Name (eg, city) [Default City]:Shinagawa
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :192.168.56.101
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@localhost conf]# openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt
Signature ok
subject=/C=JP/ST=TOKYO/L=Shinagawa/O=Default Company Ltd/CN=192.168.56.101
Getting Private key
Enter pass phrase for server.key:openssl
青字を追加
# vi /etc/httpd/conf.d/ssl.conf : <VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/conf/server.crt SSLCertificateKeyFile /etc/httpd/conf/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> : </Files> </VirtualHost>
# /etc/init.d/httpd start
https接続するも、つながらず
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
再起動
[root@localhost sysconfig]# /etc/init.d/iptables restart
これでhttps接続可能に
Apache Tomcat連携
[root@localhost conf]# vi /etc/httpd/conf/httpd.conf
以下のコメントアウト(コメントになってれば)を外す
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
[root@localhost conf]# pwd
/etc/httpd/conf
[root@localhost conf]# mkdir /etc/httpd/confextra
[root@localhost conf]# vi extra/httpd-proxy.conf
[root@localhost extra]# vi /etc/httpd/conf/httpd.conf
最終行に追加
Include /etc/httpd/conf/extra/httpd-proxy.conf
[root@localhost extra]# vi /etc/httpd/conf/extra/httpd-proxy.conf
追加
[root@localhost webapps]# /etc/init.d/tomcat8 stop
[root@localhost webapps]# /etc/init.d/tomcat8 start
しかしこのままでは8080経由でtomcatへのアクセスができてしまうので
[root@localhost webapps]# vi /opt/tomcat8/conf/server.xml
ポート番号8080のConnector部分を以下のようにコメントアウト
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
もしくはアクセスをローカルホストから限定に
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" address="127.0.0.1" />
これで8080でのアクセス不可に
