首页 > 其他分享 >Apache 配置https虚拟主机

Apache 配置https虚拟主机

时间:2023-05-05 15:13:27浏览次数:45  
标签:httpd https 虚拟主机 ssl conf server apache key Apache

一、安装带ssl的Apache2.2.21 1、安装apache之前需要先检查openssl是否安装完毕,yum list "*openssl*",如果没有用yum安装下即可 2、apache安装,网上文档很多,以下是专门针对ssl的编译参数

# cd  /usr/local/src/tarbag
# wget http://labs.renren.com/apache-mirror//httpd/httpd-2.2.21.tar.gz
# tar xzvf httpd-2.2.21.tar.gz -C ../software
# cd ../software/httpd-2.2.21
# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-headers --with-mpm=worker --enable-expires --enable-suexec --with-suexec-docroot=/data/www --enable-mods-shared=all
# make && make install
# rm -rf /etc/init.d/httpd
# cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
# sed -i '2c#chkconfig: 35 85 15' /etc/init.d/httpd
# sed -i '3c#description: apache' /etc/init.d/httpd
# chmod  x /etc/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# rm -rf /sbin/apachectl
# ln -s /usr/local/apache/bin/apachectl /sbin
二、生成证书 1、生成证书存放目录

安装好apache后,第一时间生成证书,在生成证书之前先准备生成一个证书存放的目录

# cd /usr/local/apache/conf
# mkdir ssl.key
# cd ssl.key/
2、分3步生成服务器签名的证书

step.1

首先要生成服务器端的私钥(key文件)

# openssl genrsa -des3 -out server.key 1024

运行时会提示输入密码,此密码用于加密key文件,去除key文件口令的命令:

.......................      
.................................................      
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

step.2

生成Certificate Signing Request(CSR),生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.

# openssl req -new -key server.key -out server.csr

看到如下提示,并按照提示输入相关信息即可生成密钥

Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:FJ
Locality Name (eg, city) [Newbury]:FZ
Organization Name (eg, company) [My Company Ltd]:company
Organizational Unit Name (eg, section) []:company
Common Name (eg, your name or your server's hostname) []:ty
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:company
An optional company name []:company

如果要生成客户端证书,那么对客户端也作同样的命令生成key及csr文件:

openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr -config openssl.cnf

 

这里就不做演示了,有兴趣的朋友可以去尝试下。

step.3

CSR文件必须有CA的签名才可形成证书.可将此文件发送到verisign等地方由它验证.自己生成

# openssl req -new -key server.key -out server.csr

看到如下提示,输入密码,即可完成

Signature ok
subject=/C=CN/ST=FJ/L=FZ/O=poppace/OU=poppace/CN=ty/[email protected]
Getting Private key
Enter pass phrase for server.key:

为了安全起见要将证书相关文件的访问权限降到最低

# chmod 400 *

证书生成完毕,接下来可以配置apache了。

三、配置apache 1、在httpd.conf中打开vhosts和ssl的配置文件
# vi /usr/local/apache/conf/httpd.conf

打开vhosts配置,跳转到447行和459行,取消掉Include conf/extra/httpd-vhosts.conf和Include conf/extra/httpd-ssl.conf之前的注释

2、配置vhosts
# vi /usr/local/apache/conf/extra/httpd-vhosts.conf

特别需要注意443段的配置,可在httpd-ssl.conf中找到相关说明

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
DocumentRoot "/data/www/"
ServerName 192.168.1.201
<Directory /data/www/>
Order allow,deny
Allow from all
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/data/www/"
ServerName 192.168.1.201:443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP: eNULL
SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions  StdEnvVars
</FilesMatch>
<Directory /data/www/>
Order allow,deny
Allow from all
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
BrowserMatch ".*MSIE.*" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
</VirtualHost>
3、修改httpd-ssl.conf的相关配置
# vi /usr/local/apache/conf/extra/httpd-ssl.conf

搜索SSLCertificateFile

并将:(99行)SSLCertificateFile "/usr/local/apache/conf/server.crt"
改为:SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"

 

搜索SSLCertificateKeyFile

并将:(107行)SSLCertificateKeyFile "/usr/local/apache/conf/server.key"
改为:SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"

 

4、重启apache
# service httpd start
Apache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

现在用浏览器访问下https://192.168.1.201,即大告大功。

标签:httpd,https,虚拟主机,ssl,conf,server,apache,key,Apache
From: https://www.cnblogs.com/linuxpro/p/17374169.html

相关文章

  • Apache hudi 核心功能点分析
    Hudi文中部分代码对应0.14.0版本发展背景初始的需求是Uber公司会有很多记录级别的更新场景,Hudi在Uber内部主要的一个场景,就是乘客打车下单和司机接单的匹配,乘客和司机分别是两条数据流,通过Hudi的Upsert能力和增量读取功能,可以分钟级地将这两条数据流进行拼接,得到乘......
  • DevTools failed to load source map: Could not load content for https://xxxxx/boo
    DevToolsfailedtoloadsourcemap:Couldnotloadcontentforhttps://xxxxx/bootstrap-theme.css.map:HTTPerror:statuscode404,net::ERR_HTTP_RESPONSE_CODE_FAILURE这个错误意味着浏览器无法加载指定的CSSsourcemap文件。CSSsourcemap文件通常用于调试前端......
  • 使用nginx配置https域名证书
    安装SSL模块要在nginx中配置https,就必须安装SSL模块,也就是:http_ssl_module。进入到nginx的解压目录新增SSL模块(原来的那些模块需要保留)./configure\--prefix=/usr/local/nginx\--pid-path=/var/run/nginx/nginx.pid\--lock-path=/var/lock/nginx.local\--e......
  • 经验分享,解决错误:org.apache.ibatis.binding.BindingException
    问题描述:今天在学习mybatis的时候出现了错误:Exceptioninthread"main"org.apache.ibatis.binding.BindingException:Typeinterfacecom.wxy.dao.UserMapperisnotknowntotheMapperRegistry.atorg.apache.ibatis.binding.MapperRegistry.getMapper(MapperRegistry.ja......
  • Python报错:Can't connect to HTTPS URL because the SSL module is not available
    参考文章:(32条消息)Can‘tconnecttoHTTPSURLbecausetheSSLmoduleisnotavailable-关于anaconda中的SSL模块错误_anacondahttps报错_Sky_Tree_Delivery的博客-CSDN博客具体操作:将以下文件移动位置D:\Anaconda\Library\bin->D:\Anaconda\DLLs(此处D盘为我自己的安......
  • Apache Pulsar 在火山引擎 EMR 的集成与场景
    更多技术交流、求职机会,欢迎关注字节跳动数据平台微信公众号,回复【1】进入官方交流群 近年来,基于云原生架构的新一代消息队列和流处理引擎ApachePulsar在大数据领域发挥着愈发重要的作用,其应用场景和客户案例也在不断地丰富与扩充。 火山引擎是字节跳动的企业服务品牌,......
  • 4.[1201D - Treasure Hunting](https://codeforces.com/problemset/problem/1201/D)
    4.1201D-TreasureHunting题目意思:在一个n*m的地图上面,左下角的坐标是(1,1),最开始你位于左下角,一秒钟你可以进行往左或者往右的操作,你只能在一些特殊的列上面进行往上移动的操作,你不可以往下移动。现在告诉你k个宝藏的坐标信息以及哪些列是允许往上的,问最后至少要几秒可以遍历k......
  • Apache深入优化​
    拓扑图在Cetntos01安装Apache服务,配置Apache服务器设置网站主页在Centos02配置Dns服务器使用www.bdqn.com在Centos01配置Apache优化prefork和worker工作模式配置压力测试在Cetntos01安装Apache服务,配置Apache服务器设置网站主页配置安装编译安装添加执行权限修改配置文件添加系统服......
  • 定位apache慢请求神器—mod_log_slow
    1.编译安装mod_log_slow1)解压tarzxfmod_log_slow-1.0.7.tar.gzcdmod_log_slow或者可以从github中检出gitclonegit://github.com/yokawasa/mod_log_slow.gitcdmod_log_slow2)打开Makefile并且修改变量ap_basedir#viMakefileap_basedir=/改成你的apache安装路径#ma......
  • linux-部署harbor的https认证
    一、安装docker1.下载docker的rpm包[[email protected]~]#ll-rw-r--r--1rootroot101239922Apr1215:29docker-rpm-20_10_24.tar.gz2.解压并安装软件包[[email protected]~]#tarxfdocker-rpm-20_10_24.tar.gz[[email protected]~]#......