This documentation is just for Apache with a yum installation! ! !
HTTPS (full name: Hyper Text Transfer Protocol over Secure Socket Layer) is a secure HTTP channel, simply a secure version of HTTP. That is to say, the SSL layer is added under HTTP, and the security foundation of HTTPS is SSL, so the detailed content of encryption requires SSL. It is a URI scheme (abstract identifier scheme) with a syntax similar to the http: scheme. For secure HTTP data transfer. The https: URL indicates that it uses HTTP, but HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). The system was originally developed by Netscape and built into its browser, Netscape Navigator, to provide authentication and encrypted communications. It is now widely used for security-sensitive communications on the World Wide Web, such as transaction payments.
Difference between HTTPS and HTTP:
The Hypertext Transfer Protocol HTTP protocol is used to transfer information between web browsers and web servers. The HTTP protocol sends content in clear text and does not provide any data encryption. If an attacker intercepts the transmission message between the web browser and the web server, he can directly read the information in it. Therefore, the HTTP protocol is not suitable for transmitting some data. Sensitive information, such as credit card numbers, passwords, etc.
In order to solve this defect of the HTTP protocol, another protocol needs to be used: the Secure Sockets Layer Hypertext Transfer Protocol HTTPS. For the security of data transmission, HTTPS adds the SSL protocol to HTTP. SSL relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server.
The main differences between HTTPS and HTTP are the following four points:
1. The https protocol needs to apply for a certificate from ca. Generally, there are very few free certificates, and fees need to be paid.
2. http is a hypertext transfer protocol, information is transmitted in plaintext, and https is a secure ssl encrypted transfer protocol.
3. http and https use completely different connection methods and different ports. The former is 80 and the latter is 443.
4. The connection of http is very simple and stateless; the HTTPS protocol is a network protocol constructed by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, which is safer than the http protocol.
First of all, we need to apply for a domain name certificate. The domain name certificate can be applied on some free certificate application websites, such as Alibaba Cloud's cloud shield certificate service, where you can apply for three single domain name free certificates valid for one year.
After the application is approved, click Download to upload the certificate file to the server
Then, we install the ssl_module module using yum on Apache
yum -y install ssl_module
After installation, there is an additional ssl.conf file in the /etc/httpd/conf.d/ directory, edit this file
LoadModule ssl_module modules/mod_ssl.so #Load sslmodule module
Listen 443 #Open 443 listening port
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin<VirtualHost :443> #Configure the virtual host
ServerName www.abc.com #Configure the virtual host domain name
DocumentRoot "/var/www/html/abc" #Configure the virtual host site directory
ErrorLog logs/ssl_error_log #Configure the location where the virtual host error log is stored
TransferLog logs/ssl_access_log #Configure the location where virtual host access logs are stored
LogLevel warn #Configure the level of virtual host access logging
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 #Add SSL protocol support protocol, remove insecure protocols #Modify the
encryption suite as follows
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile cert/abc.pem #certificate public key storage location
SSLCertificateKeyFile cert/abc.key #certificate Private key storage location
SSLCertificateChainFile cert/abc-chain.pem #certificate chain storage location*<Files ~ ".(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files><Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>SetEnvIf User-Agent ".MSIE." \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
After configuration, restart the httpd service
service httpd restart
If the error of Starting httpd: [Sat May 05 12:18:52 2018] [warn] default VirtualHost overlap on port 443, the first has precedence is reported during the restart, it means that the virtual host configuration file in the ssl file is not applied and needs to be Just add the following configuration to the httpd.conf main configuration file.
NameVirtualHost *:443