上一篇搭建了apache2+svn,老大要求配置ssl,用于外网访问。
以下是网上来的资料,根据自己实际操作有稍许修改。
#sudo openssl req -x509 -newkey rsa:1024 -keyout apache.pem -out apache.pem -nodes -days 999
注:在要求输入 Common Name (eg, YOUR name) 时,输入你的主机名。
示例过程如下:
#/usr/local/svn# sudo openssl req -x509 -newkey rsa:1024 -keyout apache.pem -out apache.pem -nodes -days 365
Generating a 1024 bit RSA private key
.....................++++++
..++++++
writing new private key to 'apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:China
string is too long, it needs to be less than
2 bytes long
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Jiangxi
Locality Name (eg, city) []:
Nanchang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Nanchang
Unversity
Organizational Unit Name (eg, section) []:Information Center
Common Name (eg, YOUR name) []:
LinuxServer
Email Address []:
111
@
gmail
.com
复制一份站点配置做为 SSL 配置的原型
#cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
#ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
编辑 SSL 的配置
#vi /etc/apache2/sites-enabled/ssl
把端口改为 443
加入 SSL 认证配置
其它的根据需要自己定制 与普通配置无异
需要创建/etc/apache2/ssl目录,把生成的apache.pem文件copy到这里,
<VirtualHost *:
443
>
ServerSignature On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
"/etc/apache2/sites-enabled/ssl" 45L, 1055C
修改普通 http 方式的配置( apache2 这里好像不用改,默认的已经是 80 端口)
#vi /etc/apache2/sites-enabled/000-default
把端口改为 80
NameVirtualHost *: 80 <VirtualHost *: 80 > ServerAdmin webmaster@localhost #[......]
编辑 Apache 端口配置,加入 443 端口( SSL 的)
#vi /etc/apache2/ports.conf:
Listen 80
Listen 443
源文件内容:
NameVirtualHost *:80
Listen 80
#Listen 443
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
</IfModule>
这里可以不用加“ Listen 443” 因为 SSL 默认认证的 443 端口已经打开。
别忘了把前面生成的 SSL 密钥文件拷贝过来 这里可以不copy,proc目录连root都没权限,这里的14646目录不存在
#/usr/local/svn# sudo cp /proc/14646/cwd/apache.pem
重新载入 Apache 的配置
#/etc/init.d/apache2 force-reload
或者
#/etc/init.d/apache2 restart
注:如果提示错误
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
执行下面命令
sudo a2enmod ssl
以下是 SSL 的配置文件的示例
NameVirtualHost *:443
< VirtualHost *:443 >
ServerSignature On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
< Directory />
Options FollowSymLinks
AllowOverride None
</ Directory >
< Directory /var/www />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/# /apache2-default/
</ Directory >