技术交流QQ群:①185473046   ②190706903   ③203744115   网站地图
登录

下次自动登录
现在的位置: 首页Apache>正文
Linux下Apache虚拟主机配置https证书
2019年05月01日 Apache 暂无评论 ⁄ 被围观 13,858次+

学习本教程须掌握:

1、Linux下指定版本编译安装LAMP

https://www.osyunwei.com/archives/9224.html

2、Linux下Apache虚拟主机配置

https://www.osyunwei.com/archives/9232.html

安装约定:

Apache版本:2.2    #注意2.4和2.2版本某些参数的写法不一样

Apache安装路径:/usr/local/apache

Apache虚拟主机配置文件:/usr/local/apache/conf/vhost

https证书存放路径:/usr/local/apache/cert/

开始配置:

1、确保Apache安装有OpenSSL模块

编译安装需要有参数:--enable-ssl

2、修改apache配置文件

vi  /usr/local/apache/conf/httpd.conf  #编辑,找到如下参数并去掉前面的注释,启用参数

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

:wq!  #保存退出

3、修改httpd-ssl.conf配置

cp  /usr/local/apache/conf/extra/httpd-ssl.conf   /usr/local/apache/conf/extra/httpd-ssl.conf-bak   #备份

vi  /usr/local/apache/conf/extra/httpd-ssl.conf  #编辑添加以下内容

Listen 443

NameVirtualHost *:443   #必须加上这一句,否则只能识别到第一个虚拟主机的证书。

#SSLStrictSNIVHostCheck off

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL  #修改加密套件

SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4

SSLHonorCipherOrder on

SSLProtocol TLSv1 TLSv1.1 TLSv1.2  #添加 SSL 协议支持协议,去掉不安全的协议

SSLProxyProtocol all -SSLv2 -SSLv3

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"

SSLSessionCacheTimeout 300

SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

<VirtualHost *:443>

DocumentRoot "/data/root/osyunwei/www.osyunwei.com/wwwroot/"

ServerName www.osyunwei.com:443

ServerAdmin you@example.com

ErrorLog "/usr/local/apache/logs/error_log"

TransferLog "/usr/local/apache/logs/access_log"

SSLEngine on #启用SSL功能

SSLCertificateFile "/usr/local/apache/cert/www.osyunwei.com.crt" #证书文件

SSLCertificateKeyFile "/usr/local/apache/cert/www.osyunwei.com.key" #私钥文件

SSLCertificateChainFile "/usr/local/apache/cert/www.osyunwei.com_bundle.crt" #证书链文件

#<FilesMatch "\.(cgi|shtml|phtml|php)$">

# SSLOptions +StdEnvVars

#</FilesMatch>

BrowserMatch "MSIE [2-5]" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache/logs/ssl_request_log" \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<Directory "/data/root/osyunwei/www.osyunwei.com/wwwroot/">

php_admin_value open_basedir "/data/root/osyunwei/www.osyunwei.com/wwwroot/:/tmp/"

Options Includes ExecCGI FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

:wq!  #保存退出

#上面红色字体部分是一个虚拟主机的配置,多个虚拟主机可以接着继续添加。

#添加完成之后重启apache服务,使用https协议打开网站进行测试,另外,服务器防火墙需要打开443端口。

4、修改虚拟主机配置文件,设置http自动跳转到https

vi  /usr/local/apache/conf/vhost/www.osyunwei.com.conf   #编辑修改,在第一行添加以下代码

<VirtualHost *:80>

ServerName  www.osyunwei.com

RewriteEngine on

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]

</VirtualHost>

:wq!  #保存退出

或者在虚拟主机的配置文件中添加以下代码

<VirtualHost *:80>

# ServerAdmin webmaster@dummy-host.example.com

DocumentRoot /data/root/xiashanet/qiantangwang/wwwroot/

ServerName www.osyunwei.com

ServerAlias osyunwei.com

RewriteEngine on

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log common

CustomLog "|/usr/local/apache/bin/rotatelogs /upload/log/osyunwei/logfiles/access_log%Y%m%d.log 86400 480" combined

DirectoryIndex index.htm index.html index.php

<Directory "/data/osyunwei/wwwroot/">

php_admin_value open_basedir "/data/osyunwei/wwwroot/:/tmp/"

Options Includes ExecCGI FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

访问http页面会自动跳转到https页面

至此,Linux下Apache虚拟主机配置https证书教程完成。

     

  系统运维技术交流QQ群:①185473046 系统运维技术交流□Ⅰ ②190706903 系统运维技术交流™Ⅱ ③203744115 系统运维技术交流™Ⅲ

给我留言

您必须 [ 登录 ] 才能发表留言!



Copyright© 2011-2024 系统运维 All rights reserved
版权声明:本站所有文章均为作者原创内容,如需转载,请注明出处及原文链接
陕ICP备11001040号-3