Installation Configuration attached apache2.2.21 https virtual host configuration

Others 2019-06-13 16:42:13 views: null

Why 80% of the code can not do farming architect? >>>  hot3.png

Environment: Centos5.7 + Apache2.2.21 purposes: https web server related articles: http://djxailc.blog.sohu.com/56732044.html http://greatdeer007.blog.163.com/blog/static/ 163665174201051232022335 / http://www.sxszjzx.com/~t096/phparticle/article.php/845 other: explain, now online articles pit father too much, need to go through their own re-issued to the screening after finishing practice, you have any questions can contact [email protected] author: Teng a cloud, with Apache2.2.21 1 ssl installation, you need to check before installing apache openssl if installed, yum list "* openssl *", if you can not use yum install under 2 , apache installation, a lot of online documentation, the following is compiled specifically for ssl parameters 
# cd  /usr/local/src/tarbag
# wget http://labs.renren.com/apache-mirror//httpd/httpd-2.2.21.tar.gz
# tar xzvf httpd-2.2.21.tar.gz -C ../software
# cd ../software/httpd-2.2.21
# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-headers --with-mpm=worker --enable-expires --enable-suexec --with-suexec-docroot=/data/www --enable-mods-shared=all
# make && make install
# rm -rf /etc/init.d/httpd
# cp /usr/local/apache/bin/apachectl /etc/init.d/httpd
# sed -i '2c\#chkconfig: 35 85 15' /etc/init.d/httpd
# sed -i '3c\#description: apache' /etc/init.d/httpd
# chmod +x /etc/init.d/httpd
# chkconfig --add httpd
# chkconfig httpd on
# rm -rf /sbin/apachectl
# ln -s /usr/local/apache/bin/apachectl /sbin
  Second, generate a certificate 1. After installing apache, the first time to generate a certificate, a certificate before generating the build directory to prepare a certificate of deposit   
# cd /usr/local/apache/conf
# mkdir ssl.key
# cd ssl.key/
  2, the signature generation server 3 steps step.1 first certificate generation server private key (key file) 
# openssl genrsa -des3 -out server.key 1024
  Will be prompted for a password when run, the password used to encrypt the key file password file to remove key commands: 
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
  After step.2 generate Certificate Signing Request (CSR), generated csr file to a CA-signed certificate form their own server. There on the screen prompt, enter the required step by step instructions in accordance with their personal information can be.   
# openssl req -new -key server.key -out server.csr
  See the following prompts, and to generate a key prompted to enter information 
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:FJ
Locality Name (eg, city) [Newbury]:FZ
Organization Name (eg, company) [My Company Ltd]:company
Organizational Unit Name (eg, section) []:company
Common Name (eg, your name or your server's hostname) []:ty
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:company
An optional company name []:company
  If you want to generate a client certificate, the client can also make the same command to generate key and csr file: openssl genrsa -des3 -out client.key 1024 openssl req -new -key client.key -out client.csr -config openssl. cnf here do not demonstrate, friends who are interested can try next. step.3 CSR file must have before the formation of the CA's signature certificate. This file can be sent to other places verisign validated by it. own generation 
# openssl req -new -key server.key -out server.csr
See the following prompt, enter the password to complete 
Signature ok
subject=/C=CN/ST=FJ/L=FZ/O=poppace/OU=poppace/CN=ty/[email protected]
Getting Private key
Enter pass phrase for server.key:
To access the safe side you want to minimize the certificate-related documents 
# chmod 400 *
Certificate generation completed, the next three can configure apache, apache. 1 configuration, open vhosts ssl and the profile in httpd.conf 
# vi /usr/local/apache/conf/httpd.conf
Open vhosts configured to jump to the line 447 and the line 459 prior to cancel comment Include conf / extra / httpd-vhosts.conf and Include conf / extra / httpd-ssl.conf 2, arranged vhosts 
# vi /usr/local/apache/conf/extra/httpd-vhosts.conf
Of particular note segment configuration 443, which can be found in the description httpd-ssl.conf   
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
DocumentRoot "/data/www/"
ServerName 192.168.1.201
<Directory /data/www/>
Order allow,deny
Allow from all
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/data/www/"
ServerName 192.168.1.201:443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /data/www/>
Order allow,deny
Allow from all
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
3, the modified configuration httpd-ssl.conf 
# vi /usr/local/apache/conf/extra/httpd-ssl.conf
Search and SSLCertificateFile: (99 lines) SSLCertificateFile "/usr/local/apache/conf/server.crt" read: SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert" Note: This chapter generation non crt, please note the following modifications and cert search SSLCertificateKeyFile: (107 OK) SSLCertificateKeyFile "/usr/local/apache/conf/server.key" read: SSLCertificateKeyFile "/ usr / local / apache / conf / ssl. key / server.key "4, restart apache 
# service httpd start
Apache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
Now use a browser to access the next https://192.168.1.201 below, and you're done [Caption the above mentioned id = "attachment_656" align = left = "alignnone" width = "300"] https page test HTTPS page [/ caption] please indicate the source: http: //www.ttlsa.com/html/654.html

Reproduced in: https: //my.oschina.net/766/blog/210937

Guess you like

Origin blog.csdn.net/weixin_34198762/article/details/91493070
Recommended
Ranking
How cascading public network servers and network companies with free softether, forming a network penetration
axios package
C implementation creates multiple txt file and named to the natural numbers, then the resulting decimal data written txt file
ctfhub技能树 信息泄露 目录遍历 PHPINFO 备份文件下载
The real version of graduation = #"Massey University graduation certificate in New Zealand" is exactly the same as the original MQU certificate
Examples of simple web application architecture
MATLAB graphics drawing-polar and logarithmic images
java里的this和super关键字使用(附代码实例操作)
Markdown을 사용하여 다양한 플랫폼과 호환되고 보기 쉽고 매우 아름다운 Readme 또는 기사를 작성하는 방법은 무엇입니까? 자세한 그림, 도구, 예제가 포함된 템플릿이 첨부되어 있습니다.
What does java startup hardcode correspond to?
Daily
More
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)
2024-04-14(0)

Code World

© 2018 codetd.com