Ubuntu 一些小事項

 1.防火牆可以加開DNS

To open ports 53 & 43 on the UFW firewall run the commands below:

$ sudo ufw allow 53/tcp
$ sudo ufw allow 43/tcp
$ sudo ufw reload

Command Line 測試localhost 

        lynx "http://localhost"

Start Apache Web Server

        sudo systemctl start apache2

Check status 

        sudo systemctl status apache2

檢查埠號是否有開啟

        nc -zvw3 192.168.1.10 80

檢查網路狀態

        sudo netstat -nlp

解決啟動 Apache 網站伺服器時找不到 ServerName 的問題

hostname www.yourdomain.com

https://blog.miniasp.com/post/2012/06/23/apache2-Could-not-reliably-determine-the-server-fully-qualified-domain-name-using-for-ServerName

Apache 不紀錄某些log

SetEnvIf Remote_Addr "::1" dontlog

#不紀錄來自127.0.0.1的連線
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
CustomLog logs/access_log common env=!dontlog

#不紀錄存取robot.txt的連線
SetEnvIf Request_URI "^/robots\.txt$" dontlog
CustomLog logs/access_log common env=!dontlog

產生CSR檔及建立伺服器SSL

 啟用 ssl 模組

參閱2018 SSL安裝

PHP 業餘玩家: SSL 安裝 (beclass.blogspot.com)

a2enmod ssl
啟用 ssl 虛擬站台
a2ensite default-ssl
重啟 apache
sudo service apache2 restart
修改憑證路徑(private.key,public.crt/pem)
sudo nano /etc/apache2/sites-enabled/default-ssl.conf

**記得防火牆443要開

-------------------------

 SSLCertificateFile        /etc/ssl/6123456.crt

 SSLCertificateKeyFile     /etc/ssl/your_own.key

 SSLCertificateChainFile   /etc/ssl/gd_bundle-g2-g1.crt

--------------------------------------------------------

The .crt file is sent to everything that connects; it is public.

 (chown root:root and chmod 644)

基本上 crt:

sudo chmod 755 /etc/ssl/ur_own_define_ssl_folder

sudo chown -R root:root /etc/ssl/ur_own_define_ssl_folder/

sudo chmod 644 /etc/ssl/ur_own_define_ssl_folder/*.crt

To add to the private key location; make sure you secure it properly as well as having it in there. (chown root:ssl-cert and chmod 640)

sudo chmod 710 /etc/ssl/private

sudo chown -R root:ssl-cert /etc/ssl/private/

sudo chmod 640 /etc/ssl/private/*.key

----------------------------------------------------------------------

apache2ctl configtest

Restart Apache2 service

sudo service apache2 restart
or
sudo systemctl restart apache2.service

-----------------------------------------------------------

產生CSR檔

使用root登入後，執行:

openssl req -new -newkey rsa:2048 -nodes -keyout  您的網域.key -out 您的網域.csr

說明：

你將需要提供以下資訊給你的CSR檔：
Country Name (2 letter code) [AU]: TW
State or Province Name (full name) [Some-State]: Taiwan
Locality Name (eg, city) []: Taipei 
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Hello Company
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.website.com (網站網址)
Email Address []: service@websit.com

Please enter the following ‘extra’ attributes to be sent with your certificate request

A challenge password []: 直接Enter
An optional company name []: 直接Enter -

在文字編輯器內開啟 CSR，並複製全部文字內容。
將全部 CSR 貼至您帳戶中的 SSL 註冊表。