Apache 配置ssl

简介

准备

# yum install mod_ssl -y

备注: 执行完如上的步骤会在/etc/httpd/conf.d目录下增加一个ssl.conf的文件

# mkdir /etc/httpd/ssl/

配置

 Listen 443 https

 #在<VirtualHost _default_:443>段修改如下内容
 SSLEngine on  #启用SSL功能
 ServerName www.siguadantang.com:443 
 SSLCertificateFile /etc/letsencrypt/live/siguadantang.com/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/siguadantang.com/privkey.pem
 #配置支持https
 修改:<Directory "/var/www/html">内容下的AllowOverride None 改为AllowOverride All
 # 创建跳转文件
 $ touch .htaccess

 # 编辑跳转文件的内容
 $ vi .htaccess
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^(.*) https://www.siguadantang.com/$1 [R,L]
   :wq

重启服务

  # systemctl restart httpd

验证

点击右方地址:https://www.siguadantang.com

样例配置文件

 Listen 443 https

 SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
 SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
 SSLSessionCacheTimeout  300
 SSLRandomSeed startup file:/dev/urandom  256
 SSLRandomSeed connect builtin
 SSLCryptoDevice builtin

 <VirtualHost _default_:443>
 DocumentRoot "/var/www/html"
 ServerName www.siguadantang.com:443
 ErrorLog logs/ssl_error_log
 TransferLog logs/ssl_access_log
 LogLevel warn
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
 SSLCertificateFile /etc/letsencrypt/live/siguadantang.com/fullchain.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/siguadantang.com/privkey.pem

 <Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
 </Files>
 <Directory "/var/www/cgi-bin">
     SSLOptions +StdEnvVars
 </Directory>

 BrowserMatch "MSIE [2-5]" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
 CustomLog logs/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 </VirtualHost>                                  

结语

 # yum install mod_ssl

回首页