准备工作
OS:CentOS release 6.8 (Final)
Web:Apache
安装Apache
1、安装Apache
[root@node1 ~]# yum install httpd -y2、启动服务
[root@node1 ~]# service ?httpd startStarting httpd: ???????????????????????????????????????????[ ?OK ?][root@node1 ~]# 3、修改测试页面
[root@node1 ~]# cat /var/www/html/index.html <h1>Apache Test Page~</h1>4、测试访问
实现HTTPS访问
1、安装SSL模块
[root@node1 ~]# yum install mod_ssl -y2、检测
[root@node1 ~]# cd /etc/httpd/modules/[root@node1 modules]# ll | grep ssl-rwxr-xr-x 1 root root 181872 Oct 20 ?2017 mod_ssl.so3、上传证书文件
这里我们可以到各大厂商去申请免费证书,可满足个人网站的需求,如企业网站,建议购买企业收费证书;
[root@node1 ~]# cd /etc/httpd/[root@node1 httpd]# mkdir ssl/default[root@node1 httpd]# cd ssl/default[root@node1 default]# rz[root@node1 default]# lltotal 12-rw-r--r-- 1 root root 1683 Apr 13 22:26 1_root_bundle.crt-rw-r--r-- 1 root root 2008 Apr 13 22:26 2_domaintest.cn.crt-rw-r--r-- 1 root root 1678 Apr 13 22:26 3_domaintest.cn.key[root@node1 default]# 4、修改配置
[root@node1 ~]# cd /etc/httpd/conf.d/[root@node1 conf.d]# lsREADME ?ssl.conf ?welcome.conf[root@node1 conf.d]# vim ssl.conf LoadModule ssl_module modules/mod_ssl.soListen 443<VirtualHost *:443> ???DocumentRoot "/var/www/html" ???ServerName domaintest.cn ???SSLEngine on ???SSLCertificateFile /etc/httpd/ssl/default/2_domaintest.cn.crt ???SSLCertificateKeyFile /etc/httpd/ssl/default/3_domaintest.cn.key ???SSLCertificateChainFile /etc/httpd/ssl/default/1_root_bundle.crt</VirtualHost>| 配置文件参数 | 说明 |
|---|---|
| LoadModule | 加载SSL模块 |
| Listen | 监听443端口 |
| DocumentRoot | 网页目录 |
| ServerName | 站点域名 |
| SSLEngine on | 启用SSL功能 |
| SSLCertificateFile | 证书文件 |
| SSLCertificateKeyFile | 私钥文件 |
| SSLCertificateChainFile | 证书链文件 |
5、重启服务
[root@node1 ~]# httpd -tSyntax OK可以先试用httpd -t 检测一下配置文件是否正确,然后再重启服务;[root@node1 ~]# service ?httpd restartStopping httpd: ???????????????????????????????????????????[ ?OK ?]Starting httpd: ???????????????????????????????????????????[ ?OK ?]6、检测端口是否监听
[root@node1 conf.d]# ss -ntlState ?????Recv-Q Send-Q ??????Local Address:Port ????????Peer Address:Port LISTEN ????0 ?????128 ?????????????????????*:80 ?????????????????????*:* ????LISTEN ????0 ?????128 ?????????????????????*:22 ?????????????????????*:* ????LISTEN ????0 ?????100 ?????????????127.0.0.1:25 ?????????????????????*:* ????LISTEN ????0 ?????128 ?????????????????????*:443 ????????????????????*:* ????[root@node1 conf.d]# 7、测试访问
- 建议使用google浏览器进行测试访问,f12查看,会显示“This page is secure (valid HTTPS).”,说明证书配置正确;
配置多个HTTPS站点
1、上传证书文件
[root@node1 ~]# cd /etc/httpd/ssl/[root@node1 ssl]# mkdir web[root@node1 ssl]# cd web/[root@node1 web]# rz2、修改配置文件
LoadModule ssl_module modules/mod_ssl.soListen 443NameVirtualHost *:443# 第一个虚拟主机<VirtualHost *:443>DocumentRoot "/var/www/html"ServerName domaintest.cnSSLEngine onSSLCertificateFile /etc/httpd/ssl/default/2_domaintest.cn.crtSSLCertificateKeyFile /etc/httpd/ssl/default/3_domaintest.cn.keySSLCertificateChainFile /etc/httpd/ssl/default/1_root_bundle.crt</VirtualHost>#第二个虚拟主机<VirtualHost *:443>DocumentRoot "/var/www/html"ServerName web.domaintest.cnSSLEngine onSSLCertificateFile /etc/httpd/ssl/web/2_web.domaintest.cn.crtSSLCertificateKeyFile /etc/httpd/ssl/web/3_web.domaintest.cn.keySSLCertificateChainFile /etc/httpd/ssl/web/1_root_bundle.crt</VirtualHost>3、重启服务
[root@node1 conf.d]# service ?httpd restartStopping httpd: ???????????????????????????????????????????[ ?OK ?]Starting httpd: ???????????????????????????????????????????[ ?OK ?][root@node1 conf.d]#4、测试访问
到这里,Apache多站点https就实现了~
Apache 配置多个HTTPS站点
原文地址:http://blog.51cto.com/guoxh/2114630