一、简介
目的:构建小型WEB站,具备SSL。
mini_httpd is a small HTTP server. Its performance is not great, but for low or medium traffic sites it's quite adequate. It implements all the basic features of an HTTP server, including:
GET, HEAD, and POST methods.
CGI.
Basic authentication.
Security against ".." filename snooping.
The common MIME types.
Trailing-slash redirection.
index.html, index.htm, index.cgi
Directory listings.
Multihoming / virtual hosting.
Standard logging.
Custom error pages.
It can also be configured to do SSL/HTTPS and IPv6.
官网:http://acme.com/software/mini_httpd/
二、步骤说明
一、安装 mini_httpd-1.19
解压 mini_httpd-1.19bhoc.tar.gz
[python] view plaincopy
#cd mini_httpd-1.19bhoc
1 修改Makfile文件
修改如下:
1) 编译支持SSL,采用fedroa20, 自带SSL /usr/share/ssl。下面几行注释取消
SSL_TREE = /usr/share/ssl
SSL_DEFS = -DUSE_SSL
SSL_INC = -I${SSL_TREE}/include
SSL_LIBS = -L${SSL_TREE}/lib -lssl -lcrypto
SSL_LIBS Make sure the SSL_TREE definition points to the tree with your OpenSSL installation - depending on how you installed it,这个也被我改了一点
2 )修改ssl证书有效期为10年, -days 3650。网上这么说。 但是fedroa20不用修改,已经是了。
2 执行#make,不报错误error: openssl/ssl.h: No such file or directory。解决办法
安装openssl
# sudo apt-get install openssl(ubunto)
yum install openssl(fedora ,redhat)
再安装以下:
# sudo apt-get install libssl-dev build-essential zlibc zlib-bin libidn11-dev libidn11(ubunto)
yum install pcre-devel openssl-devel libidn-devel libidn2-devel(fedora,redhat)
3 #make install
感谢http://blog.wp08.com/article/computer/linux/756.html
http://blog.csdn.net/lwx2615/article/details/8542143
每次重新编译前需要运行(make clean)
我在编译前拷贝了openssl-libs-1.0.1e-4.fc19.i686和openssl-devel-1.0.1e-4.fc19.i686到本机,不知对结果有没有影响,反正是没报错。
--------------------------------------------------------------
4 生成SSL证书:
#make cert
生成证书请求(CSR)文件
openssl req -new -key server.key -out certreq.csr
Country Name: //您所在国家的ISO标准代号,中国为CN
State or Province Name: //您单位所在地省/自治区/直辖市
Locality Name: //您单位所在地的市/县/区
Organization Name: //您单位/机构/企业合法的名称
Organizational Unit Name: //部门名称
Common Name: //通用名,例如:www.itrus.com.cn。此项必须与您访问提供SSL服务的服务器时所应用的域名完全匹配。
Email Address: //您的邮件地址,不必输入,直接回车跳过
"extra"attributes //以下信息不必输入,回车跳过直到命令执行完毕。
安提示输入证书信息,即在当前目录下生成证书文件mini_httpd.pem 拷贝该文件到 /etc
5 #cp ./mini_httpd.pem /etc
修改建立mini_httpd.conf 配置文件
[python] view plaincopy
# mini_httpd configuration file
data_dir=/usr/local/www/ #最后必须加斜杠
#user=httpd
port=443
host=0.0.0.0
cgipat=**.php
logfile=/var/log/mini_httpd
pidfile=/var/run/mini_httpd.pid
charset=GB2312
ssl
certfile=/etc/mini_httpd.pem
6 注意防火墙和selinux对网页的过滤,可现在本机localhost:8080查看一下,再在局域网中查看一下。
Fedora 17及以前的版本关闭防火墙用systemctl stop iptables.service即可,其他linux版本用service stop iptables
Fedora 18以上用一个名叫firewalld的玩意,所以需要:
systemctl stop firewalld.service有必要的话就
systemctl disable firewalld.service
7 mini_http的密码修改可通过htpasswd修改,源码在htpasswd.c中