幫助中心
這里有最新的使用文檔和教程
Linux下Apache虛擬主機手動配置https證書
學習本教程須掌握:
1、Linux下指定版本編譯安裝LAMP
http://www.jinchangtalc.com/helpcontent/576.html
2、Linux下Apache虛擬主機配置
http://www.jinchangtalc.com/helpcontent/577.html
安裝約定:
Apache版本:2.2 #注意2.4和2.2版本某些參數的寫法不一樣
Apache安裝路徑:/usr/local/apache
Apache虛擬主機配置文件:/usr/local/apache/conf/vhost
https證書存放路徑:/usr/local/apache/cert/
開始配置:
1、確保Apache安裝有OpenSSL模塊
編譯安裝需要有參數:--enable-ssl
2、修改apache配置文件
vi /usr/local/apache/conf/httpd.conf #編輯,找到如下參數并去掉前面的注釋,啟用參數
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
:wq! #保存退出
3、修改httpd-ssl.conf配置
cp /usr/local/apache/conf/extra/httpd-ssl.conf /usr/local/apache/conf/extra/httpd-ssl.conf-bak #備份
vi /usr/local/apache/conf/extra/httpd-ssl.conf #編輯添加以下內容
Listen 443
NameVirtualHost *:443 #必須加上這一句,否則只能識別到第一個虛擬主機的證書。
#SSLStrictSNIVHostCheck off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL #修改加密套件
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol TLSv1 TLSv1.1 TLSv1.2 #添加 SSL 協議支持協議,去掉不安全的協議
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
<VirtualHost *:443>
DocumentRoot "/data/root/31idc.com/www.jinchangtalc.com.com/wwwroot/"
ServerName www.jinchangtalc.com.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLEngine on #啟用SSL功能
SSLCertificateFile "/usr/local/apache/cert/www.jinchangtalc.com.com.crt" #證書文件
SSLCertificateKeyFile "/usr/local/apache/cert/www.jinchangtalc.com.com.key" #私鑰文件
SSLCertificateChainFile "/usr/local/apache/cert/www.jinchangtalc.com.com_bundle.crt" #證書鏈文件
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/apache/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/data/root/31idc.com/www.jinchangtalc.com.com/wwwroot/">
php_admin_value open_basedir "/data/root/31idc.com/www.jinchangtalc.com.com/wwwroot/:/tmp/"
Options Includes ExecCGI FollowSymLinks
&a
- 上一篇:寶塔Linux命令大全,常用寶塔命令
- 下一篇:Linux下Apache虛擬主機配置