apache中的https设置基于阿里云免费ssl服务

时间:2022-10-14 21:43:09

环境是:debian7+apache2.2+阿里云免费ssl服务,站点以前的http已经在运行了,

1、开通阿里云免费SSL&DNS解析配置

购买位置:打开阿里云找到“产品”-“安全”-“CA证书服务”-点击“立即购买”;

选择方法:证书类型选择”专业版OV SSL”->”1个域名”->”Symantec”(这里选择完成后上面证书类型出现了“免费型DV SSL”)->证书类型选择”免费型DV SSL”->然后继续购买就可以了;

域名验证类型:一路点击后来到后台中的CA证书服务(也可以自己从阿里后台找),在”进度”栏目中有”补全”,点击”补全”,一直输入一直往下点击,直到有个”域名验证类型”,这里选择DNS

全部填写完成后等待一会就开通了。

DNS解析配置:紧接上步,开通成功会有要求添加txt的解析记录,解析记录的值也会给你,然后去添加

2、开启Apache的SSL

找到/etc/apache2/mods-enable文件夹,里边有很多模块,打开文件ssl.load:

#LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

去掉#

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

执行命令,必须要执行

a2enmod ssl

apache中开启端口监听:打开/etc/apache2/ports.conf,在Listen 443上面添加NameVirtualHost *:443

NameVirtualHost *:80

Listen 80

<IfModule mod_ssl.c>

    # If you add NameVirtualHost *:443 here, you will also have to change

    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl

    # to <VirtualHost *:443>

    # Server Name Indication for SSL named virtual hosts is currently not

    # supported by MSIE on Windows XP.

    NameVirtualHost *:443

    Listen 443

</IfModule>

<IfModule mod_gnutls.c>

    Listen 443

</IfModule>

服务器防火墙入口端口添加443

3、上传证书&修改配置文件

去阿里云后台”CA证书服务”中找,找到后解压上传到/etc/apacahe2/ssl/domainname/中(domainname可以是网站名称),目录中有:123456789012345.key,123456789012345.pem,chain.pem,public.pem

打开/etc/apache2/sites-enable文件夹,找到需要配置的网站配置文件,这里我就以domainname.conf为例,很简单就是把原来的VirtualHost复制一下,修改一下端口号,然后添加SSLEngine部分的信息,代码如下:

<VirtualHost *:80>

        ServerName domainname.com

        ServerAlias domainname.com

        DocumentRoot /www/domainname

        <Directory />

                Options FollowSymLinks

                AllowOverride None

        </Directory>

        <Directory /www/domainname/>

                Options FollowSymLinks MultiViews

                AllowOverride All

                Order allow,deny

                allow from all

        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">

                AllowOverride None

                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

                Order allow,deny

                Allow from all

        </Directory>

</VirtualHost>

<VirtualHost *:443>

        ServerName domainname.com443

        ServerAlias domainname.com

        SSLEngine on

        SSLProtocol all -SSLv2 -SSLv3

        SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM

        SSLHonorCipherOrder on

        SSLCertificateFile /etc/apache2/ssl/domainname/public.pem

        SSLCertificateKeyFile /etc/apache2/ssl/domainname/123456789012345.key

        SSLCertificateChainFile /etc/apache2/ssl/domainname/chain.pem

        DocumentRoot /www/domainname

        <Directory />

                Options FollowSymLinks

                AllowOverride None

        </Directory>

        <Directory /www/domainname/>

                Options FollowSymLinks MultiViews

                AllowOverride All

                Order allow,deny

                allow from all

        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">

                AllowOverride None

                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

                Order allow,deny

                Allow from all

        </Directory>

</VirtualHost>

4、重启apache

service apache2 restart

相关文章