제2의 비엔지니어 인생관을 꿈꾸며

Posted
Filed under Study
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]
"DisableGwx"=dword:00000001

https://support.microsoft.com/en-us/kb/3080351#/en-us/kb/3080351

업그레이드가 되어서 플러그인이나 액티브X가 안되어 전사적으로 문제가 될수 있기에 정책으로 내려버리는 방법도 있습니다.



2015/07/27 11:02 2015/07/27 11:02
Posted
Filed under Study

 — Create New Virtual Host Files

Virtual host files are the files that specify the actual configuration of our virtual hosts and dictate how the Apache web server will respond to various domain requests.

Apache comes with a default virtual host file called 000-default.conf that we can use as a jumping off point. We are going to copy it over to create a virtual host file for each of our domains.

We will start with one domain, configure it, copy it for our second domain, and then make the few further adjustments needed. The default Ubuntu configuration requires that each virtual host file end in .conf.

Create the First Virtual Host File

Start by copying the file for the first domain:
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/yourdomain.com.conf


Open the new file in your editor with root privileges:
sudo nano /etc/apache2/sites-available/yourdomain.com.conf


The file will look something like this (I've removed the comments here to make the file more approachable):
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


As you can see, there's not much here. We will customize the items here for our first domain and add some additional directives. This virtual host section matches any requests that are made on port 80, the default HTTP port.

First, we need to change the ServerAdmin directive to an email that the site administrator can receive emails through.
ServerAdmin admin@yourdomain.com


After this, we need to add two directives. The first, called ServerName, establishes the base domain that should match for this virtual host definition. This will most likely be your domain. The second, called ServerAlias, defines further names that should match as if they were the base name. This is useful for matching hosts you defined, like www:
ServerName yourdomain.com
ServerAlias www.yourdomain.com


The only other thing we need to change for a basic virtual host file is the location of the document root for this domain. We already created the directory we need, so we just need to alter the DocumentRoot directive to reflect the directory we created:
DocumentRoot /var/www/yourdomain.com/public_html


In total, our virtualhost file should look like this:
<VirtualHost *:80>
    ServerAdmin admin@yourdomain.com
    ServerName yourdomain.com
    ServerAlias www.yourdomain.com
    DocumentRoot /var/www/yourdomain.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


Save and close the file.

Copy First Virtual Host and Customize for Second Domain

Now that we have our first virtual host file established, we can create our second one by copying that file and adjusting it as needed.

Start by copying it:
sudo cp /etc/apache2/sites-available/yourdomain.com.conf /etc/apache2/sites-available/test.com.conf


Open the new file with root privileges in your editor:
sudo nano /etc/apache2/sites-available/test.com.conf


You now need to modify all of the pieces of information to reference your second domain. When you are finished, it may look something like this:
<VirtualHost *:80>
    ServerAdmin admin@test.com
    ServerName test.com
    ServerAlias www.test.com
    DocumentRoot /var/www/test.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


Save and close the file when you are finished.


 — Enable the New Virtual Host Files

Now that we have created our virtual host files, we must enable them. Apache includes some tools that allow us to do this.

We can use the a2ensite tool to enable each of our sites like this:
sudo a2ensite yourdomain.com.conf
sudo a2ensite test.com.conf


When you are finished, you need to restart Apache to make these changes take effect:
sudo service apache2 restart


You will most likely receive a message saying something similar to:
 * Restarting web server apache2
 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message


This is a harmless message that does not affect our site.


— Set Up Local Hosts File (Optional)

If you haven't been using actual domain names that you own to test this procedure and have been using some example domains instead, you can at least test the functionality of this process by temporarily modifying the hosts file on your local computer.

This will intercept any requests for the domains that you configured and point them to your VPS server, just as the DNS system would do if you were using registered domains. This will only work from your computer though, and is simply useful for testing purposes.

Make sure you are operating on your local computer for these steps and not your VPS server. You will need to know the computer's administrative password or otherwise be a member of the administrative group.

If you are on a Mac or Linux computer, edit your local file with administrative privileges by typing:
sudo nano /etc/hosts


If you are on a Windows machine, you can find instructions on altering your hosts file here.

The details that you need to add are the public IP address of your VPS server followed by the domain you want to use to reach that VPS.

For the domains that I used in this guide, assuming that my VPS IP address is 111.111.111.111, I could add the following lines to the bottom of my hosts file:
127.0.0.1   localhost
127.0.1.1   guest-desktop
111.111.111.111 yourdomain.com
111.111.111.111 test.com


This will direct any requests for yourdomain.com and test.com on our computer and send them to our server at 111.111.111.111. This is what we want if we are not actually the owners of these domains in order to test our virtual hosts.

Save and close the file.

To remove the host file just delete it.

If you just want to dissable the site, use

Code:
sudo a2dissite sitename

Restart apache2

Code:
sudo /etc/init.d/apache2 reload

Again to remove (delete)it completely from the system,

Code:
sudo rm /etc/apache2/sites-available/sitename

 

2015/07/16 14:22 2015/07/16 14:22
Posted
Filed under Study

Exporting SSL certificates from Windows to Linux

First, you have to get the certificate and key out of Windows in a pfx (PKCS #12) format.

  • Click Start, Run, then type “mmc” and hit enter.
  • In the leftmost menu, choose “Add/Remove Snap In”.
  • Click “Add”, then click “Certificates”, then OK.
  • When the wizard starts, choose “Computer Account”, “Local Computer” and finish out the wizard.
  • Once you’re finished, get back to the MMC and expand the “Certificates” node, then the “Personal” node.
  • Click on the “Certificates” node under “Personal” and find your certificate in the right pane.
  • Right click on the certificate and choose “All Tasks”, then “Export”.
  • When the wizard starts, choose “Yes” for exporting the private key, then select ONLY “Strong Private Key Protection” from the PFX section. You will also need to set a password and specify a location for the PFX file.
  • Once the PFX file has been saved, close out the MMC (don’t save the snap-in if it asks).
  • Get the PFX over to the Linux server somehow.

Once the PFX makes it over to the Linux server, you have to decrypt the PFX into a plaintext PEM file (PFX’s are binary files, and can’t be viewed in a text editor):

openssl pkcs12 -in file.pfx -out file.pem

You will be asked for the password for the PFX (which is the one you set in the Windows wizard). Once you enter that, you will be asked for a new password. This new password is used to encrypt the private key. You cannot proceed until you enter a password that is 4 characters or longer. REMEMBER this password!

When this step is complete, you should have a PEM file that you can read in a text editor. Open the file in a text editor and copy the private key and certificate to different files. Remember to keep the dashed lines intact when you copy the certificates – this is important. There is some additional text above the key, and also between the key and certificate – this text should be ignored and should not be included in the certificate and key files.

Now that you have the key and certificate separated, you need to decrypt the private key (or face the wrath of Apache every time you restart the server). You can decrypt the private key like this:

openssl rsa -in file.key -out file.key

Yes, provide the same file name twice and it will decrypt the key onto itself, keeping everything in one file. OpenSSL will ask for a password to decrypt the key, and this is the password you set when you decrypted the PFX. If you forgot the password, you will need to start over from when you brought it over from the Windows box.

After this entire process, you will have four files, a PFX, PEM, KEY, and CRT. Throw away the PFX and PEM, and you can use the key and certificate files to install into Apache. In case you forget the syntax, here’s what goes in the Apache configuration:

SSLEngine On
SSLCertificateFile /path/to/your/certificate
SSLCertificateKeyFile /path/to/your/privatekey



<VirtualHost *:443>
    ServerName host.domain.com
    SSLEngine On
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    SSLCertificateFile /etc/apache2/ssl/domain.pem
    SSLCertificateKeyFile /etc/apache2/ssl/domain-private.key 
    ProxyPass / https://192.168.1.14/
    ProxyPassReverse / https://192.168.1.14/
</VirtualHost>

두가지 방법이 존재합니다. 위 방식은 https 로 받아서 https 로 전달하는 방법이고 아래 내용은 http로 받아서 엔드유저단에는 https 로 전달해주는 방법입니다. 즉 중간에 SSL 브릿지 역할만 하게끔 하는것도 SSL 사이트를 구성할수 있는 방법중 하나입니다. 서버에서 SSL 사이트를 구성하지 않아도 중간 프록시단에서 SSL 로 연결해줄수 있는 방법이기도 합니다.

Listen 443

NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    # Set the path to SSL certificate
    # Usage: SSLCertificateFile /path/to/cert.pem
    SSLCertificateFile /etc/apache2/ssl/file.pem

    # Servers to proxy the connection, or;
    # List of application servers:
    # Usage:
    # ProxyPass / http://[IP Addr.]:[port]/
    # ProxyPassReverse / http://[IP Addr.]:[port]/
    # Example:
    ProxyPass / http://0.0.0.0:8080/
    ProxyPassReverse / http://0.0.0.0:8080/

    # Or, balance the load:
    # ProxyPass / balancer://balancer_cluster_name

</VirtualHost>

How To Use Apache HTTP Server As Reverse-Proxy Using mod_proxy Extension
2015/07/15 10:16 2015/07/15 10:16