centOS7 apache ssl證書安裝配置
阿新 • • 發佈:2019-02-07
背景說明:伺服器是centOS7.4 七牛申請的免費ssl證書預設apache是沒有安裝SSL模組的,所以需要安裝,接著使用命令:yum install -y mod_sslapache目錄 /usr/local/apache/vim conf/httpd.conf再 Listen 80下面新增一行Listen 443找到 #LoadModule ssl_module modules/mod_ssl.so 和 #Include conf/extra/httpd-ssl.conf,去掉前面的#號註釋;先將要修改的檔案備份是個好習慣。編輯Apache根目錄下 conf/extra/httpd-ssl.conf 檔案,修改如下內容:
<VirtualHost 0.0.0.0:443>
DocumentRoot "/data/www/default"
ServerName ding.com
ServerAlias www.ding.com
<Directory /data/www/default>
#AllowOverride偽靜態
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl/www.ding.com.cer
SSLCertificateKeyFile /usr/local/apache/conf/ssl/www.ding.com.key
SSLCertificateChainFile /usr/local/apache/conf/ssl/www.ding.com_ca.crt
</VirtualHost>
配置完成後,重新啟動 Apache 就可以使用https://www.domain.com來訪問了。若是騰訊雲的免費ssl證書是,對應修改如下內容:SSLCertificateFile /usr/local/apache/conf/2_www.domain.com_cert.crtSSLCertificateKeyFile /usr/local/apache/conf/3_www.domain.com.keySSLCertificateChainFile /usr/local/apache/conf/1_root_bundle.crt如果要強制網站使用HTTPS,httpd-vhost.conf檔案配置如下:<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot /data/www/default
<Directory /data/www/default>
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order Deny,Allow
Require all granted
DirectoryIndex index.php index.html index.htm
</Directory>
#強制http轉向為https
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
</VirtualHost>