Has always been in the impression notes and other records, summary, long ago wanted to write to share the article, but their delay is too serious, tomorrow, tomorrow, has been 9102 years, decided to move from the previous part of the notes, take the first step 😂.
This paper mainly introduces the implementation of DDNS server construction in Ubuntu environment by Apache+ CGI, mainly including three parts: environment construction, system design and concrete implementation.
I. Environment construction
As shown in the figure below, the server environment is mainly divided into the following four steps:
1.1 Step 1: Installationapache
Run sudo apt-get install apache2Copy the code
1.2 Step 2: Configure Apache to support CGI programs
Configuring Apache to run CGI programs can be divided into two cases:
- CGI of the ScriptAlias directory, using the ScriptAlias directive to enable Apache to execute CGI programs in a particular directory.
- CGI outside of ScriptAlias directory. You can explicitly allow CGI execution with Options
The operation is as follows:
Run the following command to enable the default configuration under Apache: sudo gedit /etc/apache2/sites-available/default ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/<Directory"/usr/lib/cgi-bin">AllowOverride NoneOptions ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from /var/www/cgi-bin/ all</Directory>Set ## with ScriptAlias command
ScriptAlias /cgi-bin/ /var/www/cgi-bin/## Display Settings ## with Options
<Directory "/var/www/cgi-bin/"> AllowOverride NoneOptions + ExecCGI MultiViews + SymLinksIfOwnerMatchOrder to allow denyAllow from all < / Directory > set execute commands, Run the sudo /etc/init.d/apache2 restart command to restart the Apache serviceCopy the code
Run sudo apt-get install mysql-server mysql-clientCopy the code
Note: apt-get automatically downloads and installs the latest version of mysql. At the end of the installation, it will ask you to enter the root password. Note that the root password here refers to the root password you want to set for MySQL.
1.4 Step 4: Set read and write permissions for Ubuntu files
After LAMP is installed, the default PHP web server root is /var/www. Due to Linux security rules, only root users are allowed to read and write files in the changed directory. Therefore, we cannot create, modify, or delete files in the WWW folder. We must first change the read and write permissions of the /var/www directory. You cannot change file permissions by right-clicking properties in the interface manager. You have to run the root terminal command.
Run sudo chmod 777 /var/wwwCopy the code
At this point, the server environment is completed.
Second, system design
2.1 DDNS system design
2.2 Server flow design
As shown in the figure, after receiving the request, the server needs to carry out user authentication. After passing the authentication, it can jump to THE CGI program for database operation and information acquisition.
2.3 Database Design
Core table:
1. Device Records the domain name, IP address, and device information of the device
2. User Records user information and DDNS permission
Third, detailed implementation
3.1 Makefile Compiles C CGI programs
LDFLAGS := -L/usr/lib/mysql-workbench -lmysqlclient -L/usr/lib/i386-linux-gnu/ -lcrypto
INCLUDE := -I. -I/usr/include/mysql
RECO_TARGET_DIR := /var/www/cgi-bin
# all source files
ALL_SRC_FILES := $(wildcard *.c)
# All target files
ALL_TARGET_OBJS := $(patsubst %.c,$(RECO_TARGET_DIR)/%.o,$(ALL_SRC_FILES))
# dependency file
#RECO_TARGET_DIR := $(RECO_TARGET_DIR)/ddnscgi
RECO_DEPEND_FILE:= $(RECO_TARGET_DIR)/MAKEFILE.DEPEND
RECO_TARGET_NAME:=ddnstest
# Avoid error deletion if RECO_TARGET_NAME is null
ifeq ($(RECO_TARGET_NAME),)
RECO_TARGET_NAME:=oooxxxx
endif
Determine the compile target type
RECO_MK_EXE := $(RECO_TARGET_DIR)/$(RECO_TARGET_NAME)
RECO_MK_TARGET := $(RECO_MK_EXE)
RECO_MK_TARGET : $(RECO_MK_TARGET)
# include dependency files
ifneq ($(MAKECMDGOALS), clean)
include $(RECO_DEPEND_FILE)
endif
#exe generate rule
$(RECO_MK_EXE): $(ALL_TARGET_OBJS)
$(CC) -o $@ $^ $(LDFLAGS)
#.o file generation rule
$(RECO_TARGET_DIR)/%.o:%.c
$(CC) $(INCLUDE) -o $@ -c $<
Create dependency files
$(RECO_DEPEND_FILE):
@set -e; \
#echo "Making $@ ..." ; \
$(CC) $(INCLUDE) -E -MM $(ALL_SRC_FILES) | sed 's,\(.*\)\.o[ :]*,$(RECO_TARGET_DIR)/\1.o $@:,g'>$(RECO_DEPEND_FILE);
Perform the clean operation
clean:
-rm -rf $(RECO_TARGET_DIR)/$(RECO_TARGET_NAME)
-rm -rf $(RECO_TARGET_DIR)/*.o
-rm -rf $(RECO_DEPEND_FILE)Copy the code
3.2 Apache Redirection Enables page redirection
First, enable the Apache rewrite module and restart the Apache service
Rewrite method 2: Sudo ln-s/etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load Method 3: Modify the configuration file to /usr/local/apache/conf/httpd.conf Open LoadModule rewrite_module modules/mod_rewrite.soCopy the code
Next, complete the following configuration
- Conf file or /etc/apache2/sites-available/default file under Apache: AllowOverride None to AllowOverride All.
- Create an. Htaccess file in the directory where you want to redirect the page.
- Set the override rule in. Htaccess.
Htaccess content syntax format is as follows: RewriteEngine OnTurn on RewriteEngine modeRewriteCond String Regular expression // rewriteRule rewriteRule Regular expression target address If the requested address meets the requirements of the regular expression, the system redirects to the target address.Copy the code
3.3 Implementation of Apache Basic and Digest authentication
In practical applications, some pages, data and functions are often required to be accessed only by specific people. In order to achieve this goal, authentication functions should be applied. HTTP provides a general framework for permission control and authentication. The most commonly used authentication is Basic and Digest.
Basic authentication: Basic authentication is a form of login authentication that allows Web browsers or other client programs to provide credentials in the form of a user name and password upon request. The string of “user name + colon + password” encrypted with BASE64 algorithm is sent to the server in header Authorization of HTTP Request, including the plaintext transmission of the password.
Digest authentication: An enhanced version of basic authentication, Digest authentication does not include plaintext transmission of passwords. Qop, NONCE, CNONCE and other security enhanced options are introduced, and MD5 encryption is used to achieve “irreversible”.
A typical HTTP authentication process between client and server:
Basic authentication on apache server:
- The password file is generated in htpasswd mode
- Configure authentication in the httpd.conf or default file
Generate a password file in htpasswd mode: htpasswd -c /root/.htpasswd Admin Configure authentication in the httpd.conf or default file: <Directory"/var/www/">
AuthType basic
AuthName "Authorization "AuthUserFile /root/.htpasswd Require user cnsecer </Directory> /var/www/ indicates the Directory to be authenticated, and /root/.htpasswd indicates the password file generated in the first stepCopy the code
Apache implements digest authentication:
- Enable the Digest authentication module.
- Use the htdigest command to create the password file.
- Configure authentication in the httpd.conf or default file.
1. Enable the digest authentication module: a2enmod auth_digest 2. Use the htdigest command to create a password file: htdigest -c /usr/local/nagios/etc/nagios.users "Nagios Access"Nagiosadmin including"Nagios Access"This parameter must be the same as AuthName configured in 3. Conf or default file: <Location /nagios/> AuthType Digest AuthName"Nagios Access"AuthDigestDomain/nagios/http://192.168.0.205/nagios/ AuthDigestProvider file AuthUserFile/usr /local/nagios/etc/nagios.users Password file path Require valid-user </Location>Copy the code
At this point, the DDNS server in Ubutun is set up.
The last
This project was completed in 2016, which is a long time ago, so there are some shortcomings. Welcome friends to communicate with us. Also, to learn more, visit the following link:
The Makefile rules:
Blog.csdn.net/liang136647…
Apache Rewrite rules:
Blog.csdn.net/yxwb1253587…
www.cnblogs.com/CheeseZH/p/…