發佈於

解決 Debian Apache Web Server 啟動時出現的提示訊息

在 Debian 啟動 Apache Web Server 時會出現下面的提示訊息
# /etc/init.d/apache2 restart
[….] Restarting web server: apache2apache2: Could not reliably determine the server’s fully qualified domain name, using 2001:288:a2xx:x::xx for ServerName
 … waiting apache2: Could not reliably determine the server’s fully qualified domain name, using 2001:288:a2xx:x::xx for ServerName
. ok

看起來似乎是 Apache Web Server 的設定檔中沒有設定 ServerName

設定的方式:
/etc/apache2/apache2.conf 加入主機名稱的設定
# echo “ServerName xxx.tces.ilc.edu.tw” >> /etc/apache2/apache2.conf

重新啟動時就不會再出現提示訊息了!
# /etc/init.d/apache2 restart
[ ok ] Restarting web server: apache2 … waiting .

發佈於

Nginx Web Server – 使用帳號及密碼來保護目錄

在 Nginx Web Server 要利用帳號及密碼來保護目錄的安全
安裝 apache2-utils 套件
# apt-get install apache2-utils

建立帳號及密碼檔
# /usr/bin/htpasswd -c /usr/share/nginx/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin

檢視密碼檔 admin/12345
# cat /usr/share/nginx/.htpasswd
admin:$apr1$jQjpLKJr$HgsSAhdBqfdN9l4IWkdjs.
[@more@]建立測試目錄
# mkdir /usr/share/nginx/www/security

建立測試檔案
# cat /usr/share/nginx/www/security/index.html
<h1>辛苦了,什麼東西都沒有!</h1>

修改 /etc/nginx/nginx.conf 設定檔
# vim /etc/nginx/nginx.conf
location /security {
                root /usr/share/nginx/www;
                index index.php index.html index.htm;
                auth_basic “Restricted”;
                auth_basic_user_file /usr/share/nginx/.htpasswd;
                location ~ ^/security/(.+.php)$ {
                     try_files $uri =404;
                     fastcgi_pass unix:/var/run/php5-fpm.sock;
                     fastcgi_index index.php;
                     fastcgi_param SCRIPT_FILENAME /usr/share/nginx/www/$fastcgi_script_name;
                     include fastcgi_params;
                   }
        }

重新啟動 Nginx Web Server
# /etc/init.d/nginx restart
Restarting nginx: nginx.

瀏覽設定的目錄
需要輸入帳號及密碼

輸入錯誤

輸入正確

發佈於

Nginx Web Server – 列出目錄

在 Web Server 的目錄中,通常會使用 index.html / index.php 等來當做預設打開的檔案,如果目錄中沒有這一類的檔案,就會無法瀏覽目錄中的檔案,這樣可以保護可能因設定不當而造成的資料外洩。

但有時候,目錄中的檔案為了方便使用者下載,所以需要將目錄列出來
[@more@]在 Nginx Web Server 的設定方式
# vim /etc/nginx/nginx.conf
/usr/share/nginx/www/download 目錄為例
http { 段落中加入
        location /download {
                root /usr/share/nginx;
                index index.html index.htm;
                autoindex on;
        }

重新啟動 Nginx Web Server
# /etc/init.d/nginx restart

發佈於

隱藏 Nginx Web Server 版本資訊

瀏覽網頁如果出現錯誤,會顯示一些提示資訊

提示過多的訊息,可能會被攻擊者所利用[@more@]隱藏 Nginx 版本資訊
加入 server_tokens off;
# vim /etc/nginx/nginx.conf
    server {
        listen       80;
        server_name  localhost;
        server_tokens off;

重新啟動 Nginx Web Server
# /etc/init.d/nginx restart

已經隱藏版本,但還是會顯示 nginx

也可以利用 curl 來取得相關資訊
設定前
# curl -IL 192.168.1.109
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 28 Sep 2014 13:30:44 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.4-14+deb7u14

設定後
# curl -IL 192.168.1.109
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 28 Sep 2014 13:30:20 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.4-14+deb7u14

這一個部分 Apache Web Server 就可以完全隱藏,不會顯示 Web Sever 的名稱。

發佈於

在 Nginx Web Server 上使用 phpmyadmin

本篇文章參考:凍仁的筆記: 限制 phpMyAdmin 存取 IP on Debian 6

安裝 phpmyadmin
# apt-get install phpmyadmin
似乎預設只支援 Apache 2 / Lighttpd
[@more@]手動設定 Nginx Web Server
# vim /etc/nginx/nginx.conf
         location /phpmyadmin {
                allow 192.168.1.0/24;
                deny all;
                root /usr/share;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+.php)$ {
                    try_files $uri =404;
                    root /usr/share;
                    #fastcgi_pass 127.0.0.1:9000;
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
                    fastcgi_index index.php;
                    fastcgi_param SCRIPT_FILENAME /usr/share/$fastcgi_script_name;
                    include fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                    root /usr/share/;
                }
            }
            location /phpMyAdmin {
                        rewrite ^/* /phpmyadmin last;
            }

重新啟動 Nginx Web Server
# /etc/init.d/nginx restart

使用瀏覽器來觀看

發佈於

Nginx Web Server 限制連線來源

# tree -L 1 /usr/share/adminer
/usr/share/adminer
├── adminer
├── compile.php
├── coverage.php
├── designs
├── editor
├── externals
├── lang.php
├── plugins
└── tests

6 directories, 3 files

# vim /etc/nginx/nginx.conf[@more@]        location /adminer {
                allow 192.168.1.0/24;
                deny all;
                root /usr/share/adminer;
                index index.php index.html index.htm;
                location ~ ^/adminer/(.+.php)$ {
                     try_files $uri =404;
                     root /usr/share/adminer;
                     fastcgi_pass unix:/var/run/php5-fpm.sock;
                     fastcgi_index index.php;
                     fastcgi_param SCRIPT_FILENAME /usr/share/adminer/$fastcgi_script_name;
                     include fastcgi_params;
                   }

       }
        location /editor {
                allow 192.168.1.0/24;
                deny all;
                root /usr/share/adminer;
                index index.php index.html index.htm;
                location ~ ^/editor/(.+.php)$ {
                     try_files $uri =404;
                     root /usr/share/adminer;
                     fastcgi_pass unix:/var/run/php5-fpm.sock;
                     fastcgi_index index.php;
                     fastcgi_param SCRIPT_FILENAME /usr/share/adminer/$fastcgi_script_name;
                     include fastcgi_params;
                   }

       }

重新啟動 Nginx Web Server
# /etc/init.d/nginx restart

如果不在可以連線的 IP 範圍內,就會無法連線

發佈於

建立一個啟動的 Script 來管理 Nginx Web Server

因為是採用手動編譯的方式來安裝 Nginx Web Server,所以必須要手動來執行或關閉 Nginx Web Server,有些麻煩,後來參考底下的網站,建立一個啟動的 Script 來管理 Nginx Web Server。
關閉
# kill -9 $(ps aux | grep nginx | grep -v grep | awk ‘{print $2}’)
or
# killall nginx
啟動
# /usr/sbin/nginx

參考網站:Websites with Nginx on Debian 7 (Wheezy) – Linode Guides & Tutorials
[@more@]下載 Script 檔
wget -O init-deb.sh http://www.linode.com/docs/assets/1538-init-deb.sh

編輯 Script 檔
# vim init-deb.sh
#! /bin/sh

### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO

PATH=:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx

test -x $DAEMON || exit 0

set -e

case “$1” in
  start)
        echo -n “Starting $DESC: “
        start-stop-daemon –start –quiet –pidfile /var/run/$NAME.pid
                –exec $DAEMON — $DAEMON_OPTS
        echo “$NAME.”
        ;;
  stop)
        echo -n “Stopping $DESC: “
        start-stop-daemon –stop –quiet –pidfile /var/run/$NAME.pid
                –exec $DAEMON
        echo “$NAME.”
        ;;
  restart|force-reload)
        echo -n “Restarting $DESC: “
        start-stop-daemon –stop –quiet –pidfile
                /var/run/$NAME.pid –exec $DAEMON
        sleep 1
        start-stop-daemon –start –quiet –pidfile
                /var/run/$NAME.pid –exec $DAEMON — $DAEMON_OPTS
        echo “$NAME.”
        ;;
  reload)
          echo -n “Reloading $DESC configuration: “
          start-stop-daemon –stop –signal HUP –quiet –pidfile     /var/run/$NAME.pid
              –exec $DAEMON
          echo “$NAME.”
          ;;
      *)
            N=/etc/init.d/$NAME
            echo “Usage: $N {start|stop|restart|reload|force-reload}” >&2
            exit 1
            ;;
    esac

    exit 0

搬移檔案到 /etc/init.d 目錄
# mv init-deb.sh /etc/init.d/nginx

更改檔案權限
# chmod +x /etc/init.d/nginx

測試是否能正常執行
# /etc/init.d/nginx start
Starting nginx: nginx.

檢查是否有執行成功
# ps aux | grep nginx | grep -v grep
root     12795  0.0  0.0   4484   768 ?        Ss   23:56   0:00 nginx: master process /usr/sbin/nginx
www-data 12796  0.0  0.1   4636  1136 ?        S    23:56   0:00 nginx: worker process

測試關閉
# /etc/init.d/nginx stop
Stopping nginx: nginx.

設定開機時執行
# /usr/sbin/update-rc.d -f nginx defaults
update-rc.d: using dependency based boot sequencing

發佈於

開啟 Nginx Web Server 的使用者家目錄

底下是在 Banaana Pi 下使用 Bananian 手動編譯 Nginx Web Server
修改 Nginx Web Server 的設定
# vim /etc/nginx/nginx.conf
        location ~ ^/~(?<userdir_user>.+?)(?<userdir_uri>/.*)?$ {
                 alias /home/$userdir_user/www$userdir_uri;
                 index index.php index.html index.htm;
                 autoindex on;

                 location ~ .*.php(/.*)*$ {
                    fastcgi_pass   unix:/var/run/php5-fpm.sock;
                    fastcgi_index  index.php;
                    fastcgi_param  SCRIPT_FILENAME /home/$userdir_user/www$userdir_uri$fastcgi_script_name;
                    include        fastcgi_params;
                }
        }

關閉 Nginx Web Server
# kill -9 $(ps aux | grep nginx | grep -v grep | awk ‘{print $2}’)

重新啟動 Nginx Web Server
# /usr/sbin/nginx
[@more@]
建立 pi 使用者測試
# /usr/sbin/useradd -d /home/pi -m -s /bin/false pi

建立使用者網頁目錄
# mkdir /home/pi/www

建立 php 測試檔案
# vim /home/pi/www/index.php
<?php
phpinfo();
?>

改變目錄及檔案的擁有者
# chown -R pi:pi /home/pi

更改目錄權限
# chmod 711 /home/pi

使用瀏覽器檢查

發佈於

Lamobo M1 測試 – Bananian 篇 安裝 Nginx / MySQL / PHP Server

安裝 Nginx Web Server
# apt-get install nginx

不過安裝的版本有些舊
# nginx -v
nginx version: nginx/1.2.1

移除 nginx 套件
# apt-get remove –purge libfreetype6 libgd2-noxpm libgeoip1 libjpeg8 libpcre3 libpng12-0 libxml2 libxslt1.1 nginx-common nginx-full nginx

所以改用 Source Code 的方式來安裝[@more@]底下文章參考 Linux Pi的奇幻旅程(22)-編譯Nginx – iT邦幫忙::IT知識分享社群

安裝編譯時所需套件
# apt-get install build-essential

Nginx 官方網站:http://nginx.org/

下載 Source Code
# wget http://nginx.org/download/nginx-1.6.2.tar.gz

解壓縮
# tar xvzf nginx-1.6.2.tar.gz

切換目錄
# cd nginx-1.6.2

安裝編譯 nginx 所需套件
# apt-get install libpcre3* libssl-dev

進行編譯
# ./configure –prefix=/usr –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –pid-path=/var/run/nginx.pid –lock-path=/var/lock/nginx.lock –user=www-data –group=www-data –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –http-client-body-temp-path=/var/lib/nginx/body –http-proxy-temp-path=/var/lib/nginx/proxy –http-fastcgi-temp-path=/var/lib/nginx/proxy –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –http-scgi-temp-path=/var/lib/nginx/scgi –with-http_ssl_module –with-http_stub_status_module –with-debug

進行安裝
# make;make install

執行時出現錯誤
# /usr/sbin/nginx
nginx: [emerg] mkdir() “/var/lib/nginx/body” failed (2: No such file or directory)

建立目錄
# mkdir -p /var/lib/nginx/body

檢查是否有執行成功
# netstat -ant | grep :80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN

安裝的 nginx 版本
# nginx -v
nginx version: nginx/1.6.2

使用瀏覽器檢查

安裝 MySQL Server
# apt-get install mysql-server mysql-client

MySQL Server 安裝後設定
# /usr/bin/mysql_secure_installation

安裝 PHP
# apt-get install php5-fpm php5-mysql php5-gd php-apc php5

PHP 版本
# php5-fpm -v
PHP 5.4.4-14+deb7u14 (fpm-fcgi) (built: Aug 21 2014 10:32:42)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

建立網站根目錄
# mkdir /var/www

改變目錄擁有者及群組
# chown -R www-data:www-data /var/www

查看 php5-fpm 執行時產生的 socket 檔
# ls -ls /var/run/php5-fpm.sock
0 srw-rw—- 1 www-data www-data 0 Sep 27 16:20 /var/run/php5-fpm.sock

修改 nginx Web Server 設定檔
# vim /etc/nginx/nginx.conf
    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /var/www;
            index  index.php index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ .php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ .php$ {
            root           /var/www;
        #    fastcgi_pass   127.0.0.1:9000;
            try_files $uri =404;
            fastcgi_split_path_info ^(.+.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache’s document root
        # concurs with nginx’s one
        #
        location ~ /.ht {
            deny  all;
        }
    }

檢查設定檔是否正確
# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

關閉 nginx web Server
# kill -9 $(ps aux | grep nginx | grep -v grep | awk ‘{print $2}’)
or
# killall nginx

重新執行
# /usr/sbin/nginx

執行 php5-fpm
# /etc/init.d/php5-fpm start

檢查 php 是否能正常執行
# vim /var/www/index.php
<?php
phpinfo();
?>

發佈於

OpenSSL 的 Heartbleed 漏洞

OpenSSL 的 Heartbleed 漏洞被稱為是有史以來最危險的程式臭蟲,所以有使用 Linux/BSD Server 的系統管理者,都務必要檢測一下自己管理的伺服器是否安全。
底下列幾個網路上搜尋到的相關網站:
OpenSSL Heartbleed 漏洞檢測 @ CentOS 6 « Jamyy’s Weblog
修復CentOS 6.5 OpenSSL CVE-2014-0160資安漏洞的方法 | 阿維雜記本 (Wei’s Blog)
OpenSSL Heartbleed漏洞危機特別報導 | iThome
Test your server for Heartbleed