服务器添加ssl（https） · CentosWeb安装

#要点 > 必要条件 > 域名绑定、域名解析、推送 > 证书校对正确 > 如果ssl不在conf文件里面，则没有安装成功 > 安装ssl后，找到mod_ssl.so文件放置到apache modules文件夹中重启apache ~~~ find / -name mod_ssl.so cp /usr/lib64/httpd/modules/mod_ssl.so /usr/local/apache/modules/mod_ssl.so # httpd.conf: LoadModule ssl_module modules/mod_ssl.so # 这行#去掉 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ~~~ # Apache安装openssl扩展 ### 定位到源码目录 ~~~ cd /usr/local/src/httpd-2.4.35/modules/ssl #执行 /usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl /usr/local/apache/bin/apachectl restart vi /etc/httpd/httpd.conf #搜索modle_ssl.so 去掉# /usr/local/apache/bin/apachectl configtest #如果出现fatal error: mod_md.h: No such file or directory ~~~ >如果出现 ~~~ httpd-ssl.conf:SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)." #则需要打开 mod_socache_shmcb.so 扩展（vi /etc/httpd/httpd.conf） ~~~ # 下面是配置好的文件 > httpd.conf ~~~ #加上index.php <IfModule dir_module> DirectoryIndex index.php index.html </IfModule> ~~~ ***** > httpd-ssl文件 ~~~ ~~~ ***** > httpd-vhost文件 ~~~ <VirtualHost *:80> RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R] </VirtualHost> ~~~ ### 重启 Apache。 ## 通过 https 方式访问您的站点,测试站点证书的安装配置，如遇到证书不信任问题，[请查看帮助视频。](https://help.aliyun.com/video_detail/54218.html?spm=5176.2020520163.cas.73.c5592b7amqJQGU) ~~~ #SSL文件模板参考 Listen 443 # 加密套件 SSLHonorCipherOrder on SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM # 添加 SSL 协议支持协议，去掉不安全的协议 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLStrictSNIVHostCheck off # 缓存 SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" # 超时时间 SSLSessionCacheTimeout 300 # 这个VirtualHost作参考。 <VirtualHost *:443> DirectoryIndex index.php DocumentRoot "/data/web/yunfenghy/public" ServerName yunfenghy.com ServerAlias www.yunfeng.com SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile "/etc/httpd/cert/yunfenghy.com/public.pem" SSLCertificateKeyFile "/etc/httpd/cert/yunfenghy.com/214656961690632.key" SSLCertificateChainFile "/etc/httpd/cert/yunfenghy.com/chain.pem" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/data/web/yunfenghy"> AllowOverride All SSLOptions +StdEnvVars </Directory> </VirtualHost> # 设置虚拟主机 <VirtualHost _default_:443> DirectoryIndex index.php # 设置网站根目录 DocumentRoot "/data/web/yunfenghy/public" # 设置域名及端口 ServerName yunfenghy.com:443 # 开启SSL引擎 SSLEngine on SSLProtocol all -SSLv2 -SSLv3 # 设置证书文件 SSLCertificateFile "/etc/httpd/cert/www.yunfenghy.com/public.pem" SSLCertificateChainFile "/etc/httpd/cert/www.yunfenghy.com/chain.pem" SSLCertificateKeyFile "/etc/httpd/cert/www.yunfenghy.com/1526458991922.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/apache/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> ~~~