202007

apache2で自己署名証明書SSL Buttle

# 対話式で証明書のデータをいれる.common nameはちゃんといれたほうがいい.(IP or FQDN)
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

#/etc/apache2/sites-available/default-ssl.conf
####################################################################
<IfModule mod_ssl.c>
       <VirtualHost _default_:443>
               ServerAdmin Admin
               DocumentRoot /var/www/html
               ErrorLog ${APACHE_LOG_DIR}/error.log
               CustomLog ${APACHE_LOG_DIR}/access.log combined
               SSLEngine on
               SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
               SSLCertificateKeyFile   /etc/ssl/private/apache-selfsigned.key

               <FilesMatch "\.(cgi|shtml|phtml|php)$">
                               SSLOptions +StdEnvVars
               </FilesMatch>
               <Directory /usr/lib/cgi-bin>
                               SSLOptions +StdEnvVars
               </Directory>
       </VirtualHost>
</IfModule>
####################################################################

$ cat /etc/apache2/conf-available/ssl-params.conf
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

# module import
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl.conf
$ sudo a2enconf ssl-params.conf

$ sudo systemctl restart apache2

べんり

$ cat hoge.list | awk -F/ '{print $1}' | while read line; do echo "$line,$(whois $line | grep -i netname | awk '{print $2}' | tr '\n' ' ' | awk '{print $NF}')"; done

todo

  • signal tower
    • api formatみなおし.きばんfix
    • 点滅パターンとか
  • zab action
    • signal towerれんけい
  • ups zab監視
    • network ups tools
    • udevあたり
    • 1デバイスで2UPS以上とれるように.