Mini_httpd: Build a small Web Server

From: http://bbs.51cto.com/topic/thread-34022.html I. Introduction Objective: To build a small web site with SSL and parse PHP scripts (applicable to embedded environments ). Author: sundy 2006-3-6 [Url = mailto: hysundy@163.com] [color = #000000] e_mail: hysundy@163.com [/color] [/url] II. Environment Resources RedHat 8 [Url = http://www.hochstrasser.org/wiki/files/mini_httpd-1.19bhoc.tar.gz][color=#000000]mini_httpd_1.19 B modified [/color] [/url] Php.4.4.2 Iii. Steps ------------------------------------------------------------- A. install PHP (many articles similar to [img] http://bbs.chinaunix.net/images/smilies/icon_smile.gif#/img]) Decompress php.4.4.2 # Cd php.4.4.2/ #./Configure -- prefix =/usr/local/PHP # Make install After the installation is complete, copy/usr/local/src/php-4.4.2/PHP. ini-Dist to/usr/local/PHP/lib/and rename it PHP. ini -------------------------------------------------------------- -------------------------------------------------------------- B. Install mini_httpd-1.19 Extract mini_httpd-1.19bhoc.tar.gz # Cd mini_httpd-1.19bhoc # Vi makefile The modification is as follows: Code: [Url = http://bbs.chinaunix.net/viewthread.php? Tid = 711979 & extra = Page % 3d4 ###] [color = #000000] [copy to clipboard] [/color] [/url] # Makefile for mini_httpd # Configure: if you are using a systemv-based operating system, such # Solaris, you will need to uncomment this definition. # Sysv_libs =-lnsl-lsocket # Configure: Some systems don't need-lcrypt, and indeed they get # Error if you try to link with it. If you get an error about libcrypt # Not found, Try Commenting out this definition. Crypt_lib =-lcrypt # Configure: If you want to compile in support for HTTPS, uncomment these # Definitions. You will need to have already built OpenSSL, available # [Url] http://www.openssl.org/#/url] make sure the ssl_tree definition points to # Tree with your OpenSSL installation-depending on how you installed it, # It may be in/usr/local instead of/usr/local/SSL. Ssl_tree =/usr/share/SSL Ssl_defs =-duse_ssl Ssl_inc =-I $ {ssl_tree}/include Ssl_libs =-L $ {ssl_tree}/lib-lssl-lcrypto # Configure: If you want to compile in support for PHP Environment Variables # (Namely php_auth_user and php_auth_pw) Then uncomment the definition below. # Php_env =-dphp_env # Configure: If you want to omit all IPv6 support, uncomment the def below. # Ipv6_defs =-dno_ipv6 Bindir =/usr/local/sbin Mandir =/usr/local/man Cc = gcc Cdefs =$ {ssl_defs }$ {ssl_inc }$ {ipv6_defs }$ {php_env} Cflags =-o $ {cdefs} # Cflags =-G $ {cdefs} Ldflags =-S-LDL # Ldflags =-G Ldlibs =$ {ssl_libs }$ {sysv_libs }$ {crypt_lib} ALL: mini_httpd htpasswd Mini_httpd: mini_httpd.o match. O tdate_parse.o $ {CC }$ {cflags }$ {ldflags} mini_httpd.o match. O tdate_parse.o $ {ldlibs}-O mini_httpd Mini_httpd.o: mini_httpd.c version. h port. h match. h tdate_parse.h mime_encodings.h mime_types.h $ {CC }$ {cflags}-C mini_httpd.c Match. O: Match. C match. h $ {CC }$ {cflags}-C match. c Tdate_parse.o: tdate_parse.c tdate_parse.h $ {CC }$ {cflags}-C tdate_parse.c Mime_encodings.h: mime_encodings.txt Rm-F mime_encodings.h Sed mime_encodings.h \ -E's/#. * // '-E's/[] * $/'-E'/^ $/d '\ -E's/[] [] */", 0,"/'-E's/^/{"/'-E's/$ /", 0 },/' Mime_types.h: mime_types.txt Rm-F mime_types.h Sed mime_types.h \ -E's/#. * // '-E's/[] * $/'-E'/^ $/d '\ -E's/[] [] */", 0,"/'-E's/^/{"/'-E's/$ /", 0 },/' Htpasswd: htpasswd. o $ {CC }$ {cflags }$ {ldflags} htpasswd. o $ {crypt_lib}-O htpasswd Htpasswd. O: htpasswd. c $ {CC }$ {cflags}-C htpasswd. c CERT: mini_httpd.pem Mini_httpd.pem: mini_httpd.cnf OpenSSL req-New-X509-days 3650-nodes-config mini_httpd.cnf-out mini_httpd.pem-keyout mini_httpd.pem OpenSSL X509-subject-dates-fingerprint-noout-In mini_httpd.pem Chmod 600 mini_httpd.pem Install: All Rm-F $ {bindir}/mini_httpd $ {bindir}/htpasswd -Mkdir-p $ {bindir} CP mini_httpd htpasswd $ {bindir} Rm-F ${Mandir}/man8/mini_httpd.8 ${Mandir}/Man1/htpasswd.1 -Mkdir-p ${Mandir}/man8 CP mini_httpd.8 ${Mandir}/man8 -Mkdir-p ${Mandir}/Man1 CP htpasswd.1 ${Mandir}/Man1 Clean: Rm-F mini_httpd mime_encodings.h mime_types.h htpasswd mini_httpd.rnd *. O core. **. Core Tar: @ Name = 'sed-n-E'/server_software /! D '-E's,. * mini_httpd/, mini_httpd-,'-E's,. *, p 'version. H ';\ Rm-RF $ name ;\ Mkdir $ name ;\ Tar CF-'cat files' | (CD $ name; tar xfbp -);\ Chmod 644 $ name/makefile $ name/mime_encodings.txt $ name/mime_types.txt ;\ Chmod 755 $ name/contrib/RedHat-rpm ;\ Tar CF $$name.tar $ name ;\ Rm-RF $ name ;\ Gzip extension name.tar Description: Compilation supports SSL and uses redhat8 with SSL/usr/share/SSL. Ssl_tree =/usr/share/SSL Ssl_defs =-duse_ssl Ssl_inc =-I $ {ssl_tree}/include Ssl_libs =-L $ {ssl_tree}/lib-lssl-lcrypto Modify SSL certificate validity period to 10 years,-days 3650 CERT: mini_httpd.pem Mini_httpd.pem: mini_httpd.cnf OpenSSL req-New-X509-days 3650-nodes # Make # Make install Make clean) -------------------------------------------------------------- Generate an SSL certificate: # Make Cert Enter the certificate information, that is, generate the Certificate file mini_httpd.pem in the current directory to copy the file to/etc. # Cp./mini_httpd.pem/etc -------------------------------------------------------------- Modify and create the mini_httpd.conf configuration file Code: [Url = http://bbs.chinaunix.net/viewthread.php? Tid = 711979 & extra = Page % 3d4 ###] [color = #000000] [copy to clipboard] [/color] [/url] # Mini_httpd configuration file Data_dir =/usr/local/WWW # User = httpd Port = 443 Host = 0.0.0.0 Cgipat = **. php Logfile =/var/log/mini_httpd Pidfile =/var/run/mini_httpd.pid Charset = gb2312 SSL Certfile =/etc/mini_httpd.pem Copy the configuration file to the/etc directory. # Cp./mini_httpd.conf/etc -------------------------------------------------------------- Create the PHP test Script test. php as follows: Code: [Url = http://bbs.chinaunix.net/viewthread.php? Tid = 711979 & extra = Page % 3d4 ###] [color = #000000] [copy to clipboard] [/color] [/url] #! /Usr/local/PHP/bin/PHP Copy the script to the Web data directory. # Cp./test. php/usr/local/WWW The file is executable! # Chmod + x/usr/local/www/test. php -------------------------------------------------------------- Configure the IP address of the web service Nic # Ifconfig eth0 192.168.1.1 up Start mini_httpd # Mini_httpd-C/etc/mini_httpd.conf Client test URL [Url] https: // 192.168.1.1/test. php [/url]
Title: Author: sslwork time:
Lighttpd is recommended, Lighttpd is a small but efficient httpd server, which is much faster than traditional Apache in static content processing and php cgi. Currently, I am mainly working on the Linux platform, but I already have a working version under Win32. The following is a brief introduction to installing certificates if I create a certificate on Lighttpd. To create a CSR request file for Lighttpd, use our OpenSSL CSR online generator: [url] https://www.myssl.cn/openssl/createcsr.asp#/url]. (Note: You must save both the server. Key and server. CSR files) Lighttpd SSL uses the base64-bit PEM file format. OpenSSL command line tools can be used to generate the CSR file. Lighttpd with OpenSSL Win32 has an executable version of OpenSSL 0.9.8k. 1. Open the doscommand line window, enter c: \ Lighttpd, and enter the command: OpenSSL req-New-nodes-keyout server. Key-out server. CSR Loading 'screen' into random state-Done Generating a 1024 bit RSA private key ... .................................... ++ Writing new private key to 'server. key' ----- You are about to be asked to enter information that will be Ininitialized into your certificate request. What you are about to enter is what is called Distinguished name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country name (2 letter code) [au]: CN State or province name (full name) [some-State]: Shanghai Locality name (eg, city) []: Shanghai Organization Name (eg, company) [Internet widgits Ltd]: Shanghai fastcom Technology Co., Ltd. Organizational unit name (eg, section) []: IT dept. Common name (eg, your name) []: [url] www.myssl.cn [/url] Email Address []: Please enter the following 'extra 'attributes To be sent with your certificate request A challenge password []: An optional company name []: 2. After the preceding interactive information is entered, two files are generated in the current directory: Server. Key and server. CSR. Keep these two files properly. do not disclose the server. Key Private Key File. 3. During the command execution, the system requires you to fill in the following information: Country name (2 letter code) uses the International Standard Organization (ISO) country code format, fill in the country code with 2 letters. Enter CN in China. State or province name (full name) province, for example, enter Shanghai Locality name (eg, city) city, such Organization Name (eg, company) Organization Unit, for example, enter the company name in pinyin Organizational unit name (eg, Section). For example, enter it Dept. Common name (eg, your websites domain name): the address of the website that uses SSL encryption. Note that this is not your domain name, but the website name that uses SSL, for example, pay.abc.com. A website is defined: Abc.com is a website; [Url] www.abc.com [/url] is another website; Pay.abc.com is another website. Email address. You can leave it empty. A challenge password can be left empty An optional company name can be left blank 4. How to generate a 2048-bit key pair? In the preceding command line interaction, we can see that "generating a 1024-bit RSA private key", that is, the system uses the 1024-bit RSA key length by default. Generally, 1024 bits are sufficient, however, when applying for an EV certificate, we must use a 2048-bit key length. To generate a 2048-bit key, you can modify the preceding command line: (the Italic part is the added parameter) OpenSSL req-New-nodes-newkey RSA: 2048-keyout server. Key-out server. CSR 5. How to Create a CSR file in Chinese? The Chinese CSR file mainly refers to the enterprise name, department, city, province and other information in Chinese. The common name and country code must still be in English. geotrust currently fully supports the Chinese CSR, the simplest way to create a CSR in Chinese is to use our online CSR generator: [url] https://www.myssl.cn/openssl/createcsr.asp#/url]. If you want to use the OpenSSL tool to create a Chinese CSR, you need to spend more time. The following describes how to use the OpenSSL command line to create a Chinese CSR. OpenSSL itself can support UTF-8 encoding to support Chinese characters, but if the doscommand line is unable to enter the Chinese characters of the UTF-8, so we must use opnessl. the default value of the CNF configuration file to implement text input. Use a text editor. It is best to support UTF-8 characters. I use ultraedit to open the OpenSSL. CNF file, first modify: String_mask = utf8only This statement will force the character input using the UTF-8 encoding format, and then modify the default DN information, enter we need to characters in the Chinese, as shown below Commonname_default = [url] www.myssl.cn [/url] 0. organizationname_default = Shanghai xuntong Technology Co., Ltd. Organizationalunitname_default = IT department Stateorprovincename_default = Shanghai Localityname_default = Shanghai Countryname_default = Cn Then save the file in UTF-8, no Bom encoding format, under ultraedit, select "Save as" in the format of "UTF-8-NO-BOM ". If you do not have an editing tool that supports the UTF-8, you can also download an iconv for encoding conversion. After preparing the openss. CNF file, enter the command line: OpenSSL req-utf8-config. CNF-New-nodes-batch-keyout server. Key-out server. CSR The system will automatically generate a CSR file and save it to server. CSR. The CSR has been completed. At last, it is emphasized that the two files, server. CSR and server. key, must be saved at the same time, especially the server. Key must be lost and cannot be used again. Install the Certificate file 1. Save the certificate content as a file: You will receive an email with the certificate content attached to the email. Use NotePad to open the originally saved server. Key File, copy the certificate section (----- begin certificate -----) in the email to the end of the file, and save the file name as server. pem. As follows: Copy the saved server. pem file to the server Lighttpd root directory. (Lighttpd copies the content of the CER and key files to a single file for use. It is essentially the same as Apache .) 2. Modify the Lighttpd. conf file. Lighttpd generally uses the Lighttpd. conf file to configure the parameters, Win32 version uses the Lighttpd-inc.conf file, the configuration is as follows: $ Server ["socket"] = "11.22.33.44: 443 "{ SSL. Engine = "enable" SSL. pemfile = server. pem Server. Name = "your.domain.com" Server.doc ument-root = "/My/document/root /" } 3. Restart Lighttpd Certificate backup (Export) The certificate backup in light is very simple. Open the Lighttpd. conf file, find the specified file, usually the. pem file, and copy the file to the backup media. Certificate restoration (import) It is also very easy to restore the Lighttpd certificate. Copy the backed up. pem file to the new server, and modify the Lighttpd. conf file by referring to the server certificate installation instructions above.