配置httpd
mkdir /etc/ssl/privatechmod 700 /etc/ssl/privateopenssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crtopenssl dhparam -out /etc/ssl/certs/dhparam.pem 2048cat /etc/ssl/certs/dhparam.pem | sudo tee -a /etc/ssl/certs/apache-selfsigned.crtvi /etc/httpd/conf.d/ssl.conf<VirtualHost _default_:443>. . .DocumentRoot "/var/www/your_dir"ServerName www.example.com:443#然后是配置flask,当然flask是必须用wsgi来搞apache了,官网有http的例子http://flask.pocoo.org/docs/0.12/deploying/mod_wsgi/#这里其实只需要在/etc/httpd/conf.d/ssl.conf做这些工作就行啦 在上一步的后面中加入WSGIDaemonProcess your_web_group user=apache group=apache threads=2WSGIScriptAlias / /var/www/your_dir/your_web.wsgi<Directory /var/www/your_dir> ???WSGIProcessGroup your_web_group ???WSGIApplicationGroup %{GLOBAL} ???Order deny,allow ???Allow from all</Directory>注释两行:# SSLProtocol all -SSLv2. . .# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA改两个地方:SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crtSSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key设置http强制proxy到httpsvi /etc/httpd/conf.d/non-ssl.conf<VirtualHost *:80> ???????ServerName www.example.com ???????Redirect "/" "https://www.example.com/"</VirtualHost>检查配置,重启服务,设置防火墙apachectl configtestsystemctl restart httpd.serviceiptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPTiptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT访问ip,如果没有问题就ok了,注意防火墙和selinux的问题关闭selinuxvim /etc/selinux/config设置为disablereboot