4,348
edits
m
no edit summary
add initial setup of php-fpm |
mNo edit summary |
||
| Line 20: | Line 20: | ||
This may only apply for Ubuntu 14.04.4 or other versions less than 16.04. This is to add Ondřej Surý's PPA repository for PHP. Of course, if you have 14.04 and already have PHP 7.0, you probably have done this. If you don't have add-apt-repository, then please add it by adding a package called <span class="package">python-software-properties</span>. | This may only apply for Ubuntu 14.04.4 or other versions less than 16.04. This is to add Ondřej Surý's PPA repository for PHP. Of course, if you have 14.04 and already have PHP 7.0, you probably have done this. If you don't have add-apt-repository, then please add it by adding a package called <span class="package">python-software-properties</span>. | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo apt-get install python-software-properties | $ sudo apt-get install python-software-properties | ||
</ | </syntaxhighlight> | ||
Add repository for PHP | Add repository for PHP | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo add-apt-repository -y ppa:ondrej/php | $ sudo add-apt-repository -y ppa:ondrej/php | ||
</ | </syntaxhighlight> | ||
Update package lists: | Update package lists: | ||
| Line 77: | Line 77: | ||
2. Create an insecure key for CSR sourcing from the secure one | 2. Create an insecure key for CSR sourcing from the secure one | ||
< | <syntaxhighlight lang="bash" highlight="1"> | ||
$ openssl rsa -in server.key -out server.key.insecure | $ openssl rsa -in server.key -out server.key.insecure | ||
Enter pass phrase for server.key: | Enter pass phrase for server.key: | ||
writing RSA key | writing RSA key | ||
</ | </syntaxhighlight> | ||
3. Rename the keys | 3. Rename the keys | ||
| Line 96: | Line 96: | ||
or | or | ||
< | <syntaxhighlight lang="console" highlight="1"> | ||
$ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr | $ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr | ||
Generating a 2048 bit RSA private key | Generating a 2048 bit RSA private key | ||
| Line 122: | Line 122: | ||
A challenge password []: | A challenge password []: | ||
An optional company name []: | An optional company name []: | ||
</ | </syntaxhighlight> | ||
| Line 128: | Line 128: | ||
=== Verifying key and certificate files match === | === Verifying key and certificate files match === | ||
< | <syntaxhighlight lang="console"> | ||
$ openssl rsa -noout -modulus -in FILE.key | $ openssl rsa -noout -modulus -in FILE.key | ||
$ openssl req -noout -modulus -in FILE.csr | $ openssl req -noout -modulus -in FILE.csr | ||
$ openssl x509 -noout -modulus -in FILE.cer | $ openssl x509 -noout -modulus -in FILE.cer | ||
</ | </syntaxhighlight> | ||
== Online, automated certificate issuance == | == Online, automated certificate issuance == | ||
| Line 142: | Line 142: | ||
== Creating self-signed certificates (usually for SSL connection) == | == Creating self-signed certificates (usually for SSL connection) == | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo a2enmod ssl | $ sudo a2enmod ssl | ||
$ sudo service apache2 restart | $ sudo service apache2 restart | ||
| Line 149: | Line 149: | ||
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM | $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.pem -outform PEM | ||
</ | </syntaxhighlight> | ||
= Miscellaneous = | = Miscellaneous = | ||
| Line 155: | Line 155: | ||
== Check a SSL connection == | == Check a SSL connection == | ||
< | <syntaxhighlight lang="console"> | ||
$ openssl s_client -connect test.domain.com:443 -servername test.domain.com | $ openssl s_client -connect test.domain.com:443 -servername test.domain.com | ||
</ | </syntaxhighlight> | ||
== Browsing on a console == | == Browsing on a console == | ||