Apache configures HTTPS using ssl module

Others 2022-04-28 13:11:39 views: 0

In this document, we will use a self-signed certificate. It is assumed that CentOS has Apache web server installed. We need to generate a self-signed certificate using OpenSSL. If OpenSSL is not already installed, it can be installed using yum.

# yum install mod_ssl openssl

After the installation is complete, the  /etc/httpd/conf.d/ssl.conf  file will be automatically generated, which will be used in the following configuration!

 

The following command can be used to generate a self-signed certificate.

First , generate a 2048-bit encrypted private key

# openssl genrsa -out server.key 2048

Then , generateCertificate Signing Request(CSR), a lot of information needs to be filled in here, such as country, province, city, company, etc.

# openssl req -new -key server.key -out server.csr

Finally , generate a self-signed certificate of type X509. The validity period is set to 3650 days, that is, the validity period is 10 years

# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

 

After the certificate is created, copy the file to the corresponding directory.

# cp server.crt /etc/pki/tls/certs/
# cp server.key /etc/pki/tls/private/        
# cp server.csr /etc/pki/tls/private/

 

First , modify the configuration file below. Only need to configure the red part  SSLCertificateFile  and  SSLCertificateKeyFile

# vim /etc/httpd/conf.d/ssl.conf

### overwrite the following parameters ###
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Adjust the virtual host

 

# vim /etc/httpd/conf/httpd.conf

NameVirtualHost *:443

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    SSLCertificateKeyFile /etc/pki/tls/private/server.key
    <Directory /var/www/html/virtual-web>
        AllowOverride All
    </Directory>
DocumentRoot /var/www/html/virtual-web   //这里是目录结构
ServerName www.example.com
</VirtualHost>

重新启动httpd服务使更改生效# service httpd restart 

强制Apache Web服务器始终使用https

强制主站所有Web使用全局站点

如果要强制主站使用HTTPS,我们可以这样修改httpd配置文件:

# vim /etc/httpd/conf/httpd.conf

ServerName www.example.com:80
Redirect permanent / https://www.example.com

重启Apache服务器,使配置生效:

# service httpd restart

 

强制虚拟主机单个站点

如果要强制单个站点在虚拟主机上使用HTTPS,对于HTTP可以按照下面进行配置:

# vim /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
    ServerName www.example.com
    Redirect permanent / https://www.example.com
</VirtualHost>

重启Apache服务器,使配置生效:

# service httpd restart

单个站点全部使用HTTPS,则 http://www.example.com 会强制重定向跳转到 https://www.example.com

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326357004&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com