apache2 ssl配置

demon3780

浏览: 84310 次
性别:
来自: 武汉

最近访客更多访客>>

chs112233

wlj7850

唯一月

bigeyes1

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

上一篇搭建了apache2+svn，老大要求配置ssl，用于外网访问。

以下是网上来的资料，根据自己实际操作有稍许修改。

#sudo openssl req -x509 -newkey rsa:1024 -keyout apache.pem -out apache.pem -nodes -days 999

注：在要求输入 Common Name (eg, YOUR name) 时，输入你的主机名。

示例过程如下：

#/usr/local/svn# sudo openssl req -x509 -newkey rsa:1024 -keyout apache.pem -out apache.pem -nodes -days 365

Generating a 1024 bit RSA private key

.....................++++++

..++++++

writing new private key to 'apache.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:China

string is too long, it needs to be less than  
2 bytes long

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:Jiangxi

Locality Name (eg, city) []:
Nanchang

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Nanchang
 Unversity

Organizational Unit Name (eg, section) []:Information Center

Common Name (eg, YOUR name) []:
LinuxServer

Email Address []:
111
@
gmail
.com

复制一份站点配置做为 SSL 配置的原型

#cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

#ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl

编辑 SSL 的配置
#vi /etc/apache2/sites-enabled/ssl
把端口改为 443
加入 SSL 认证配置
其它的根据需要自己定制 与普通配置无异

需要创建/etc/apache2/ssl目录，把生成的apache.pem文件copy到这里，

<VirtualHost *:
443
>

        
ServerSignature On

        
SSLEngine On

        
SSLCertificateFile /etc/apache2/ssl/apache.pem

        
ServerAdmin webmaster@localhost

        
DocumentRoot /var/www/

        
<Directory />

                
Options FollowSymLinks

                
AllowOverride None

        
</Directory>

        
<Directory /var/www/>

                
Options Indexes FollowSymLinks MultiViews

                
AllowOverride None

                
Order allow,deny

                
allow from all

        
</Directory>

        
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        
<Directory "/usr/lib/cgi-bin">

                
AllowOverride None

                
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

"/etc/apache2/sites-enabled/ssl" 45L, 1055C

修改普通 http 方式的配置（ apache2 这里好像不用改，默认的已经是 80 端口）

#vi /etc/apache2/sites-enabled/000-default

把端口改为 80

NameVirtualHost *:
80


<VirtualHost *:
80
>

    ServerAdmin webmaster@localhost



#[......]

编辑 Apache 端口配置，加入 443 端口（ SSL 的）

#vi /etc/apache2/ports.conf:

Listen 80

Listen 443

源文件内容：

NameVirtualHost *:80

Listen 80

#Listen 443

<IfModule mod_ssl.c>

    
# SSL name based virtual hosts are not yet supported, therefore no

    
# NameVirtualHost statement here

    
Listen 443

</IfModule>

这里可以不用加“ Listen 443” 因为 SSL 默认认证的 443 端口已经打开。

别忘了把前面生成的 SSL 密钥文件拷贝过来这里可以不copy，proc目录连root都没权限，这里的14646目录不存在

#/usr/local/svn# sudo cp /proc/14646/cwd/apache.pem

重新载入 Apache 的配置
#/etc/init.d/apache2 force-reload
或者

#/etc/init.d/apache2 restart

注：如果提示错误

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

执行下面命令

sudo a2enmod ssl

以下是 SSL 的配置文件的示例

NameVirtualHost *:443
< VirtualHost *:443 >
        ServerSignature On
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/apache.pem

        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/
         < Directory />
                Options FollowSymLinks
                AllowOverride None
         </ Directory >
         < Directory /var/www />
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # Commented out for Ubuntu
                #RedirectMatch ^/# /apache2-default/
         </ Directory >