その影響かわかりませんが out of swap spaceで MySQLやApacheのプロセスが数回落ちています。
swap_pager_getswapspace(3): failed pid 2278 (libhttpd.ep), uid 1001, was killed: out of swap space pid 77232 (mysqld), uid 2000, was killed: out of swap space
Configuring mod_ssl/2.8.27 for Apache/1.3.36 + Apache location: ../apache_1.3.36 (Version 1.3.36) + OpenSSL location: /usr/local + Auxiliary patch tool: ./etc/patch/patch (local) + Applying packages to Apache source tree: o Extended API (EAPI) o Distribution Documents o SSL Module Source o SSL Support o SSL Configuration Additions o SSL Module Documentation o Addons Done: source extension and patches successfully applied.
Configuring for Apache, Version 1.3.36 + using installation path layout: Apache (config.layout)
・ ・ ・ (中略) ・ ・ ・
Now proceed with the following commands: $ cd ../apache_1.3.36 $ make $ make certificate $ make install
上記のとおりに
# cd ../apache_1.3.36 # make
===> src ===> src/regex sh ./mkh -i _REGEX_H_ regex2.h regcomp.c regerror.c regexec.c regfree.c > ../include/hsregex.h ・ ・ ・ (中略) ・ ・ ・ +---------------------------------------------------------------------+ | Before you install the package you now should prepare the SSL | | certificate system by running the 'make certificate' command. | | For different situations the following variants are provided: | | | | % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) | | % make certificate TYPE=test (test cert signed by Snake Oil CA) | | % make certificate TYPE=custom (custom cert signed by own CA) | | % make certificate TYPE=existing (existing cert) | | CRT=/path/to/your.crt [KEY=/path/to/your.key] | | | | Use TYPE=dummy when you're a vendor package maintainer, | | the TYPE=test when you're an admin but want to do tests only, | | the TYPE=custom when you're an admin willing to run a real server | | and TYPE=existing when you're an admin who upgrades a server. | | (The default is TYPE=test) | | | | Additionally add ALGO=RSA (default) or ALGO=DSA to select | | the signature algorithm used for the generated certificate. | | | | Use 'make certificate VIEW=1' to display the generated data. | | | | Thanks for using Apache & mod_ssl. Ralf S. Engelschall | | rse@engelschall.com | | www.engelschall.com | +---------------------------------------------------------------------+ <=== src
サーバの秘密鍵と証明書申請データ(CSR)はあとで作るとして、 証明書は無償の認証局CACertで発行してもらったものがあります。 旧サーバのものを持ってきて、 # make certificate TYPE=existing CRT=証明書のパス
SSL Certificate Generation Utility (mkcert.sh) Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
Using existing custom certificate [EXISTING] ______________________________________________________________________
RESULT: Server Certification Files
o conf/ssl.key/server.key The PEM-encoded DSA private key file which you configure with the 'SSLCertificateKeyFile' directive (automatically done when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt The PEM-encoded X.509 certificate file which you configure with the 'SSLCertificateFile' directive (automatically done when you install via APACI).
Congratulations that you establish your server with real certificates.
# make install
===> [mktree: Creating Apache installation tree] ./src/helpers/mkdir.sh /usr/local/apache/bin mkdir /usr/local/apache mkdir /usr/local/apache/bin ・ ・ ・ (中略) ・ ・ ・ +--------------------------------------------------------+ | You now have successfully built and installed the | | Apache 1.3 HTTP server. To verify that Apache actually | | works correctly you now should first check the | | (initially created or preserved) configuration files | | | | /usr/local/apache/conf/httpd.conf | | | and then you should be able to immediately fire up | | Apache the first time by running: | | | | /usr/local/apache/bin/apachectl start | | | Or when you want to run it with SSL enabled use: | | | | /usr/local/apache/bin/apachectl startssl | | | Thanks for using Apache. The Apache Group | | http://www.apache.org/ | +--------------------------------------------------------+
0 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus .....................................................++++++ ........................................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key:パスワード Verifying - Enter pass phrase for server.key:パスワード
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Kanagawa Locality Name (eg, city) []:Chigasaki Organization Name (eg, company) [Internet Widgits Pty Ltd]:The Sunday Breeze Organizational Unit Name (eg, section) []:webmaster Common Name (eg, YOUR name) []:www.sundaybreeze.jp Email Address []:メールアドレス@sundaybreeze.jp
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: