Linux 系统Apache配置SSL证书
2023-02-18 16:46:22 时间
在Centos7系列系统下,配置Apache服务器,给服务器增加SSL证书功能,让页面访问是不再提示不安全,具体操作流程如下。
1.第一步首先需要安装mod_ssl
模块,执行yum install -y mod_ssl
命令即可安装完毕。
打开配置文件写入以下配置项。
[lyshark@localhost] # cat /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
# 导入模块
Include conf.modules.d/*.conf
# 启用伪静态
LoadModule rewrite_module modules/mod_rewrite.so
User apache
Group apache
ServerAdmin root@localhost
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory "/var/www">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
#EnableMMAP off
EnableSendfile on
IncludeOptional conf.d/*.conf
# 设置http跳转到https上面
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://www.lyshark.com
ServerTokens Prod
ServerSignature Off
# 设置加密访问,当用户访问lyshark目录需要密码
# htpasswd -c /etc/htpasswd.db test
#<Directory /var/www/html/lyshark>
# AuthName "请输入管理员密码"
# AuthType Basic
# AuthUserFile /etc/htpasswd.db
# Require valid-user
#</Directory>
# 限制Apache只允许接受GET POST请求方式
<Location "/">
<LimitExcept GET POST>
Order Allow,Deny
Deny from all
</LimitExcept>
</Location>
2.其次需要打开ssl配置目录,将证书上传到指定目录下,并增加你自己的证书文件路径。
[lyshark@localhost] # cat /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName www.lyshark.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
# 此处增加SSL证书具体路径
SSLCertificateFile /var/www/ssl/4575832_www.lyshark.com_public.crt
SSLCertificateKeyFile /var/www/ssl/4575832_www.lyshark.com.key
SSLCertificateChainFile /var/www/ssl/4575832_www.lyshark.com_chain.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
至此只需要重启systemctl restart httpd
服务器即可完成ssl配置。
3.如果需要配置伪静态,则在Web网站根目录下增加一个隐藏文件,并写入一下配置,伪静态转发。
[lyshark@localhost] # cat /var/www/html/.htaccess
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
相关文章
- 在线客服系统源码开发实战总结:Golang的Gin框架整合实现session
- Golang实现小型CMS内容管理功能(二):前端接入百度ueditor富文本编辑器
- 在线客服系统源码开发实战总结:Golang实现CMS内容管理增删查改功能
- 在线客服系统源码开发实战总结:Golang实现对接微信公众号网页授权接口功能
- 好用的在线客服系统Go语言源码-GOFLY ( 开源代码+安装教程)
- 解决golang报错:imports github.com/go-sql-driver/mysql from implicitly required module;
- golang连接MySQL并导入执行SQL文件
- 解决golang panic: sql: unknown driver “mysql“ (forgotten import?)
- golang封装http get函数请求并且携带header头信息
- golang实现RSA2的签名与验签函数
- Linux中tac命令倒序查询日志
- 开源在线客服系统源码(支持PC/H5/公众号/小程序)基于golang的网页在线客服系统
- 各浏览器useragent大全 包括(chrome/360/搜狗浏览器以及百度/google/搜狗/神马)
- 解决golang json: unsupported value: NaN
- 【Linux】curl: (60) SSL certificate problem: certificate has expired问题解决
- 【Golang】golang开发微信公众号网页授权功能
- 【Golang】golang实现简单memcache
- 【Golang】golang中time类型的before方法
- 【Golang】golang中map元素的删除和清空
- 【Golang】理解Golang中的time.Duration