通信更新，全站ssl化！ 盲目没有计划，重新设定目标，最小化测试，完整备份，再做修改–ok！制定计划，方案，流程图！结构化思考，才有未来！

accord. 1, dsm6.5+frp+ppt
2, frp+ nginx
uhttpd 443, pravite. test. + simple

windows1, putty====================================
back ,

stop httpd
stop frpc

apachectl -k stop
/opt/etc/init.d/S84frpc stop
frpc -c /opt/etc/frpc_full.ini

windows2, putty======================================

vim /etc/config/uhttpd
/etc/init.d/uhttpd restart
netstat -apn | grep 443
https://192.168.11.1

vim frpc.ini---> ssl
frpc -c /opt/etc/frpc_full.ini
vim /opt/etc/frpc_full.ini
frpc -c ./ssl
https://ssl-encrypted.cf ========ok!

uhttpd, cert, key, ========ok!
vim /opt/etc/apache/extra/httpd-ssl.conf
SSLCertificateFile ""
SSLCertificateKeyFile "/opt/etc/apache/ssl-encrypted.cf/privkey1.pem"

option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cert '/opt/etc/apache/ssl-encrypted.cf/fullchain1.pem'
option key '/opt/etc/apache/ssl-encrypted.cf/privkey1.pem'

https https://192.168.11.1
https://192.168.11.1

https://ssl-encrypted.cf

--------simple configure httpd, ssl, localhost, test!
duli, ssl, ssl,
httpd , key, + cert, (uhttpd)
cp /opt/etc/apache/httpd.conf /opt/etc/apache/httpd.conf--good-use
cp /opt/etc/apache/extra/httpd-ssl.conf /opt/etc/apache/extra/httpd-ssl.conf--good-use
vim /opt/etc/apache/httpd.conf
vim /opt/etc/apache/extra/httpd-ssl.conf
/etc/init.d/uhttpd stop
apachectl -k stop
apachectl -k start
------------------------------------------------

<VirtualHost *:443>
ServerName webdav2.com
ServerAlias ssl-encrypted.cf
DocumentRoot "/opt/share/htdocs"
SSLEngine on
SSLCertificateFile "/opt/etc/apache/ssl-encrypted.cf/fullchain1.pem"
SSLCertificateKeyFile "/opt/etc/apache/ssl-encrypted.cf/privkey1.pem"
<Directory "/opt/share/htdocs">
DirectoryIndex index.php index.htm index.html
Require all granted
</Directory>
ErrorLog "/opt/var/log/error_log"
TransferLog "/opt/var/log/access_log"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "/opt/var/log/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

---------------------------------------------
vim only one ssl, simple!

listen 443
php ----*.php

=====================only one 443
https://webdav2.com/ ====================ok!

frpc -c ./ssl
https://ssl-encrypted.cf ok!

only one listen 443 port!
webdav.com
webdav2.com

ssl
paa.com ==> location /paa //webdav-cdn
webdav.com --0> location /file //wevdav.com
pan.com ---> location /pan //pan.com Are this enable??

测试https！ carrot --enable webdavd??

/press
password

ago, jiegou, webdav.com + webdav2.com
proxy> ssl-encrypted.cf + paa.ssl-encrypted.cf

now
ago, jiegou , webdav.com 443 + webdav2.com,443 + webdav2.com/webdav/ X
+ webdav2.com/paa/ X
+ webdav2.com/press-encrypted X

加密 ： digest

webdav alias xxx

================================================================
htdigest -c /opt/users.digest "Private Contents." press_rec

AuthType digest
AuthName "Private Contents."
AuthDigestProvider file
AuthUserFile /opt/users.digest
Require valid-user

<Directory "/opt/share/htdocs/press">
AuthType Basic

AuthUserFile "/opt/user.basic"
Require user admin
</Directory>

============================================
1.创建密码文件

C:\xampp\apache\bin>htdigest.exe -c \xampp\htdocs\auth\user.txt "Digest Encrypt" liuxin
Adding password for liuxin in realm Digest Encrypt.
New password: ******
Re-type new password: ******

user.txt的内容为：liuxin:Digest Encrypt:f5804ecb47a45dba4584bfe77942e0a1
2.编辑http.conf文件

<Directory "/xampp/htdocs/auth">
Options Indexes FollowSymLinks
AuthType Digest
AuthName "digest encrypt" //注意这里的AuthName和上面的realm必须一致(而Basic验证则可以不同). 否则输入正确的用户密码也无法通过认证
AuthDigestProvider file
AuthUserFile /xampp/htdocs/auth/user.txt
require valid-user
</Directory>
=========================================================================

UPDATE wp_posts SET post_content = REPLACE( post_content, 'http://paa.ssl-encrypted.cf:100/', 'https://paa.ssl-encrypted.cf/' )

OpenWrt端口转发设置

标题: OpenWrt端口转发设置
作者: Demon
链接: http://demon.tw/hardware/openwrt-port-forwarding.html
版权: 本博客的所有文章，都遵守“署名-非商业性使用-相同方式共享 2.5 中国大陆”协议条款。

端口转发（port forwarding），也叫端口映射（port mapping），就是将外网主机的IP地址的一个端口映射到内网中一台机器，提供相应的服务。当用户访问该IP的这个端口时，服务器自动将请求映射到对应局域网内部的机器上。

我们是通过OpenWrt路由器连接外网的，如果希望能从外网IP访问内部主机，就需要在OpenWrt里设置端口转发。如果安装了LuCI界面，那么端口转发设置起来是非常简单的，只要在网络 –> 防火墙 –> 端口转发中添加即可。

当然也可以手动修改防火墙配置文件/etc/config/firewall：

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '5000'
option dest_ip '192.168.1.213'
option dest_port '5000'
option name 'Synology'
修改好之后重启防火墙即可生效。

参考链接：http://wiki.openwrt.org/doc/howto/port.forwarding

UPDATE wp_posts SET post_content = replace(post_content,'http://ssl-encrypted.cf:100/press','https://192.168.1.1/press');
UPDATE wp_comments SET comment_content = replace( comment_content,'http://ssl-encrypted.cf:100/press','https://192.168.1.1/press');
UPDATE wp_comments SET comment_author_url = replace( comment_author_url,'http://ssl-encrypted.cf:100/press','https://192.168.1.1/press');
UPDATE wp_options SET option_value = replace( option_value,'http://ssl-encrypted.cf:100/press','https://192.168.1.1/press');