部署apache2并实现ssl自动跳转

1. YUM安装

• 我这里为了快速部署直接使用YUM安装

[root@ip-172-31-5-103 ~]# yum install httpd -y

2. 路径

3. 修改配置文件

[root@ip-172-31-5-103 conf]# cat httpd.conf 

#配置文件路径
ServerRoot "/etc/httpd"
#监听端口
Listen 80
#引用modules目录下的配置文件
Include conf.modules.d/*.conf
#指定用户用户组
User apache
Group apache
#管理员邮箱
ServerAdmin root@localhost
#指定服务器域名
ServerName cap.sinnet-cloud.cn:80

#应该是匹配默认url
<Directory />
    AllowOverride none
    Require all granted
</Directory>

#指定站点目录
DocumentRoot "/var/www/sinnet-cloud.cn/html"

#站点目录下权限设置 加了配置ssl认证
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
#新增
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

</Directory>


<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

#指定是什么为页面
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

===
<Files ".ht*">
    Require all denied
</Files>

#日志路径
ErrorLog "logs/error_log"
#日志错误等级
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
  
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>


<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
   
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
  
    MIMEMagicFile conf/magic
</IfModule>


EnableSendfile on


<IfModule mod_http2.c>
    Protocols h2 h2c http/1.1
</IfModule>


#这里又引用了虚拟主机的目录
IncludeOptional conf.d/*.conf

IncludeOptional conf/vhost/*.conf

4. 配置虚拟主机

[root@ip-172-31-5-103 conf]# cat vhost.conf 
#匹配端口
<VirtualHost *:80>
#指定站点目录
DocumentRoot "/var/www/sinnet-cloud.cn/html"
#配置域名
ServerName cap.sinnet-cloud.cn
#设置url重写生效
RewriteEngine on
#rewrite的条件是访问的服务器端口不是443端口
RewriteCond %{SERVER_PORT} !^443$
#这是正则表达式，^是开头，$是结束，/?表示有没有/都可以（0或1个），(.*)是任何数量的任意字符
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
整句的意思是讲：启动rewrite模块，将所有访问非443端口的域名请求，url地址内容不变，将http://变成https://。
</VirtualHost>

5. 配置ssl

#安装ssl模块
[root@ip-172-31-5-103 conf]# yum install mod_ssl -y

#安装完这个模块会生成一个ssl.conf文件
[root@ip-172-31-5-103 conf.d]# pwd
/etc/httpd/conf.d
[root@ip-172-31-5-103 conf.d]# ll
total 24
-rw-r--r--. 1 root root 2893 Jun 30 11:02 autoindex.conf
-rw-r--r--. 1 root root  366 Jun 30 11:02 README
-rw-r--r--. 1 root root 9423 Nov 15 04:42 ssl.conf
-rw-r--r--. 1 root root 1252 Jun 30 11:01 userdir.conf

[root@ip-172-31-5-103 conf.d]# cat ssl.conf
#找到这个部分
<VirtualHost *:443>

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

#指定证书路径	  找到这个路径或者自己创建 把证书放在这个目录下面
SSLCertificateFile /etc/digicert/cloud.cn.crt
SSLCertificateKeyFile /etc/digicert/zhengshu.key

6. 设置站点目录权限并启动服务

#可以自动校验配置文件是否正确
[root@ip-172-31-5-103 conf.d]# httpd -t

#YUM安装的会自动帮你生成一个apache用户
[root@ip-172-31-5-103 conf.d]# chown -R apache.apache /var/www

[root@ip-172-31-5-103 conf.d]# systemctl start httpd
[root@ip-172-31-5-103 conf.d]# systemctl enable httpd

#检查端口他会生成80端口与443端口
[root@ip-172-31-5-103 sinnet-cloud.cn]# ss -lntup | grep 'httpd'
tcp   LISTEN 0      511                                  *:443             *:*    users:(("httpd",pid=5161,fd=6),("httpd",pid=5160,fd=6),("httpd",pid=5154,fd=6),("httpd",pid=5112,fd=6),("httpd",pid=5111,fd=6),("httpd",pid=5110,fd=6),("httpd",pid=5109,fd=6),("httpd",pid=5108,fd=6),("httpd",pid=5106,fd=6))
tcp   LISTEN 0      511                                  *:80              *:*    users:(("httpd",pid=5161,fd=4),("httpd",pid=5160,fd=4),("httpd",pid=5154,fd=4),("httpd",pid=5112,fd=4),("httpd",pid=5111,fd=4),("httpd",pid=5110,fd=4),("httpd",pid=5109,fd=4),("httpd",pid=5108,fd=4),("httpd",pid=5106,fd=4))

#不要忘记做域名劫持哦