Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Apache配置ssl证书

0
0

1.新建一个虚拟主机,我们配置域名为apache.v5linux.com

cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf /etc/httpd/conf.d/01-v5linux.com.conf

2.修改配置文件

# vim 01-v5linux.com.conf <VirtualHost *:80> #ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/var/www/v5linux/" ServerName apache.v5linux.com ServerAlias apache.v5linux.com ErrorLog "/var/log/httpd/apache-v5linux-error_log" CustomLog "/var/log/httpd/apache-v5linux-access_log" common </VirtualHost>

3.重启apache

[root@centos-1gb-sfo2-01 conf.d]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@centos-1gb-sfo2-01 conf.d]# systemctl start httpd

4.创建目录

[root@centos-1gb-sfo2-01 conf.d]# cd /var/www/ [root@centos-1gb-sfo2-01 www]# mkdir v5linux

5.写入一个测试html

[root@centos-1gb-sfo2-01 v5linux]# vim index.html [root@centos-1gb-sfo2-01 v5linux]# cat index.html this is apache.v5linux.com

6.做下域名解析,指向apache.v5linux.com 然后等解析生效后访问


Apache配置ssl证书
配置证书 申请证书

查看这篇文章 https://awen.me/post/248023261.html

申请成功,会有提示

[Tue Jul 25 08:24:08 UTC 2017] Your cert is in /root/.acme.sh/apache.v5linux.com/apache.v5linux.com.cer [Tue Jul 25 08:24:08 UTC 2017] Your cert key is in /root/.acme.sh/apache.v5linux.com/apache.v5linux.com.key [Tue Jul 25 08:24:08 UTC 2017] The intermediate CA cert is in /root/.acme.sh/apache.v5linux.com/ca.cer [Tue Jul 25 08:24:08 UTC 2017] And the full chain certs is there: /root/.acme.sh/apache.v5linux.com/fullchain.cer

将证书拷贝到/etc/httpd/ssl目录,当然您愿意放哪里都可以

[root@centos-1gb-sfo2-01 conf]# mkdir /etc/httpd/ssl [root@centos-1gb-sfo2-01 conf]# cp -rf /root/.acme.sh/apache.v5linux.com/ /etc/httpd/ssl/ 安装apache ssl模块

1.安装

yum install -y mod_ssl

2.查看

[root@centos-1gb-sfo2-01 conf.modules.d]# ls /etc/httpd/modules/ | grep "mod_ssl" mod_ssl.so

3.其配置文件在/etc/httpd/conf.modules.d下的00-ssl.conf

[root@centos-1gb-sfo2-01 conf.modules.d]# ls 00-base.conf 00-dav.conf 00-lua.conf 00-mpm.conf 00-proxy.conf 00-ssl.conf 00-systemd.conf 01-cgi.conf [root@centos-1gb-sfo2-01 conf.modules.d]# vim 00-ssl.conf [root@centos-1gb-sfo2-01 conf.modules.d]# cat 00-ssl.conf LoadModule ssl_module modules/mod_ssl.so

5.编辑etc/httpd/conf.d/ssl.conf 文件,修改如下几行

<VirtualHost _default_:443> # General setup for the virtual host, inherited from global configuration DocumentRoot "/var/www/v5linux" #修改为自己的web目录 ServerName apache.v5linux.com:443 # 修改为自己的域名 SSLCertificateFile /etc/pki/tls/certs/localhost.crt #修改为自己的公钥路径 SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #修改为自己的私钥路径

如图所示


Apache配置ssl证书

然后重启httpd

systemctl restart httpd

再次访问


Apache配置ssl证书

这种方法是http也可以访问,https也可以访问,如果说你希望访问http跳转到https,则修改/etc/httpd/conf.d/01-v5linux.com.conf端口的配置

<VirtualHost *:80> #ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/var/www/v5linux/" ServerName apache.v5linux.com ServerAlias apache.v5linux.com ErrorLog "/var/log/httpd/apache-v5linux-error_log" CustomLog "/var/log/httpd/apache-v5linux-access_log" common #开启rewrite RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}/ [L,R] </VirtualHost>

Viewing all articles
Browse latest Browse all 12749