Instalando Apache, MariaDB e PHP com HTTPS no Arch Linux

No presente artigo iremos aprender a instalar os serviços Apache com SSL, MariaDB e PHP no Arch Linux.

[ Hits: 24.183 ]

Por: Rodrigo Leutz em 16/07/2018 | Blog: https://uware.com.br


HTTPS



1. Vamos criar as chaves:

# cd /etc/httpd/conf
# openssl req -nodes -newkey rsa:2048 -keyout dominio.com.br.key -out dominio.com.br.csr


Saída deverá ser algo assim:

Generating a 2048 bit RSA private key
.................................................+++
..................+++
writing new private key to 'dominio.com.br.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: << [ Pais ]
State or Province Name (full name) [Some-State]: << [ Estado ]
Locality Name (eg, city) []: << [ Cidade ]
Organization Name (eg, company) [Internet Widgits Pty Ltd]: << [ nome da empresa ]
Organizational Unit Name (eg, section) []: << [ Partição da empresa ]
Common Name (e.g. server FQDN or YOUR name) []: << [ Seu nome ]
Email Address []: << [ E-mail ]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: << [ Enter ]
An optional company name []: << [ Enter ]

# openssl x509 -req -days 365 -in dominio.com.br.csr -signkey dominio.com.br.key -out dominio.com.br.crt
# chmod 600 dominio*


2. Agora vamos ajustar o httpd.conf:

# nano /etc/httpd/conf/httpd.conf

Após a linha "Listen 80" adicione as seguintes linhas, ficando desta maneira:

Listen 80
<VirtualHost *:80>
    ServerName dominio.com.br
# Linha abaixo força a entrada da 80 para a 443 forçando a https
   Redirect permanent / https://192.168.0.1/
</VirtualHost>

<VirtualHost *:443>
    ServerName dominio.com.br
    SSLCertificateFile /etc/httpd/conf/dominio.com.br.crt
    SSLCertificateKeyFile /etc/httpd/conf/dominio.com.br.key
    SSLEngine on
    ServerSignature On
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
                   SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
                   SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>

Retire o comentário da linha:

#LoadModule ssl_module modules/mod_ssl.so

Ficando assim:

LoadModule ssl_module modules/mod_ssl.so

3. Reinicie o servidor httpd:

# systemctl restart httpd

Agora é só acessar no seu browser "192.168.0.1" ou "localhost" que já será redirecionado para a página https.

Página anterior    

Páginas do artigo
   1. Apache
   2. MariaDB
   3. PHP
   4. HTTPS
Outros artigos deste autor

Visão geral sobre o Raid

Leitura recomendada

Filtro de conteúdo e vírus: Slackware 10.2 + Squid + Dansguardian + Clamav

John The Ripper - Teste de Quebra de Senhas

(IN)segurança Digital

Monitoramento de redes com o Zenoss

Alta Disponibilidade com LVS

  
Comentários
[1] Comentário enviado por rleutz em 17/07/2018 - 16:59h

Corrigindo erros:

Instalando Apache, MariaDB e PHP com HTTPS no Arch Linux( Rodrigo Leutz )

Sistema: Linux arch 4.17.3-1-ARCH
Dominio: dominio.com.br
Ip: 192.168.0.1

Apache

1. Update do sistema
# pacman –Syu

2. Instalando Apache
# pacman –S apache
- Habilitando e iniciando servidor apache
# systemctl enable httpd
# systemctl restart httpd
- Verificando status do apache
# systemctl status httpd
- Saída devera ser algo assim:

? httpd.service - Apache Web Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-07-06 11:58:01 -03; 7s ago
Main PID: 6367 (httpd)
Tasks: 82 (limit: 4915)
Memory: 7.4M
CGroup: /system.slice/httpd.service
+-6367 /usr/bin/httpd -k start -DFOREGROUND
+-6368 /usr/bin/httpd -k start -DFOREGROUND
+-6369 /usr/bin/httpd -k start -DFOREGROUND
+-6370 /usr/bin/httpd -k start -DFOREGROUND

3. Testando apache
- Edite o arquivo http.conf
# nano /srv/http/index.html

- Insira as seguintes linhas

<html>
<title>Apache server</title>
<body>
<h2>Teste deu certo</h2>
</body>
</html>

- Agora acesse a página http://localhost ou http://192.168.0.1

MariaDB

1. Instalando MariaDB
# pacman -S mysql
- Saída devera ser algo assim:

:: There are 2 providers available for mysql:
:: Repository extra
1) mariadb
:: Repository community
2) percona-server

Enter a number (default=1): << [ Enter ]
resolving dependencies...
looking for conflicting packages...

Packages (4) jemalloc-1:5.1.0-1 libmariadbclient-10.1.34-1 mariadb-clients-10.1.34-1
mariadb-10.1.34-1

Total Download Size: 32.49 MiB
Total Installed Size: 229.92 MiB

:: Proceed with installation? [Y/n] << [ Y ]

2. Agora vamos inicializar a base de dados do MariaDB, necessário antes de iniciar o serviço
# mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

3. Agora habilite e inicialize o serviço
# systemctl enable mysqld
# systemctl start mysqld
- Verificando o serviço do MariaDB
# systemctl status mysqld
- Saída deverá ser algo assim:

? mariadb.service - MariaDB 10.1.34 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-07-06 12:02:33 -03; 5s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 6750 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited>
Process: 6669 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`/usr/bin/ga>
Process: 6668 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited,>
Main PID: 6722 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 27 (limit: 4915)
Memory: 63.2M
CGroup: /system.slice/mariadb.service
+-6722 /usr/bin/mysqld

Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] InnoDB: Highest supported>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] InnoDB: 128 rollback segm>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] InnoDB: Waiting for purge>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] InnoDB: Percona XtraDB (>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] Plugin 'FEEDBACK' is disa>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084282128128 [Note] InnoDB: Dumping buffer po>
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] Server socket created on >
Jul 06 12:02:33 arch mysqld[6722]: 2018-07-06 12:02:33 140084921851840 [Note] /usr/bin/mysqld: ready fo>
Jul 06 12:02:33 arch mysqld[6722]: Version: '10.1.34-MariaDB' socket: '/run/mysqld/mysqld.sock' port:>
Jul 06 12:02:33 arch systemd[1]: Started MariaDB 10.1.34 database server.

4. Colocando password para o root
# mysql_secure_installation
- Saída deverá ser algo assim:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): << [ Enter ]
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] << [ Enter ]
New password: << [ Entre com o password ]
Re-enter new password: << [ Digite novamente o password ]
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] << [ Enter ]
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] << [ Enter ]
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] << [ Enter ]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] << [ Enter ]
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
MariaDB está instalada e pronta para o uso

PHP

1. Instalando o PHP
# pacman -S php php-apache
- Após a instalação edite o arquivo de configuração do apache
# nano /etc/httpd/conf/httpd.conf
- Encontre a seguite linha e comente

LoadModule mpm_event_module modules/mod_mpm_event.so

- Ficando:

#LoadModule mpm_event_module modules/mod_mpm_event.so

-E adicione as seguintes linhas ao final do arquivo

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule php7_module modules/libphp7.so
AddHandler php7-script php
Include conf/extra/php7_module.conf

2. Testando PHP
# nano /srv/http/test.php
- Adicione as seguintes linhas:

<?php
phpinfo();
?>

- Salve e saia
- Reinicie o apache
# systemctl restart httpd

3. Abra a página http://localhost/test.php ou http://192.168.0.1/test.php
- Deverá abrir as informações do PHP

HTTPS

1. Vamos criar as chaves
# cd /etc/httpd/conf
- Edite o arquivo httpd.conf
# nano httpd.conf
-Adicione as seguintes linhas ao final do arquivo para o apache escutar na porta 443

<IfModule mod_ssl.c>
Listen 443
</IfModule>

- Vamos criar as chaves ssl para o https
# openssl genrsa -out dominio.com.br.key 1024
# openssl req -new -key dominio.com.br.key -x509 -out dominio.com.br.crt -days 999
- Saída devera ser algo assim:

Generating a 2048 bit RSA private key
.................................................+++
..................+++
writing new private key to 'dominio.com.br.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: << [ Pais ]
State or Province Name (full name) [Some-State]: << [ Estado ]
Locality Name (eg, city) []: << [ Cidade ]
Organization Name (eg, company) [Internet Widgits Pty Ltd]: << [ nome da empresa ]
Organizational Unit Name (eg, section) []: << [ Partição da empresa ]
Common Name (e.g. server FQDN or YOUR name) []: << [ Seu nome ]
Email Address []: << [ E-mail ]

# cat dominio.com.br.key dominio.com.br.crt > dominio.com.br.pem
# chmod 600 ultimatewebdesign*

2. Agora vamos ajustar o httpd.conf
# nano /etc/httpd/conf/httpd.conf

- Após a linha - Listen 80 – Adicione as seguintes linhas ficando desta maneira

Listen 80
<VirtualHost *:80>
ServerName dominio.com.br
# Linha abaixo força a entrada da 80 para a 443 forçando a https
Redirect permanent / https://192.168.0.1/
</VirtualHost>

<VirtualHost *:443>
ServerName dominio.com.br
SSLCertificateFile /etc/httpd/conf/dominio.com.br.pem
SSLCertificateKeyFile /etc/httpd/conf/dominio.com.br.key
SSLEngine on
ServerSignature On
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>

- Retire o comentário da linha

#LoadModule ssl_module modules/mod_ssl.so

- Ficando assim

LoadModule ssl_module modules/mod_ssl.so

3. Reinicie o servidor httpd
# systemctl restart httpd

- Agora só acessar no seu browser

192.168.0.1
- ou
localhost

- que já será redirecionado para a pagina https.


[2] Comentário enviado por zugzuang em 22/06/2023 - 10:27h

Obrigado pelo tutorial. O arch linux tem uma instalação um tanto excêntrica do apache, o que praticamente impossibilita seguir tutoriais feitos para outras distribuições. As coisas mudaram desde de a data deste tutorial. Você poderia atualizar a parte do PHP, pois os arquivos do PHP8 parecem não ter os mesmos nomes e caminhos do PHP7, isso acaba impossibilitando seguir 100% o tutorial.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts