Telami's Blog
Posts Tags Categories Links About
Telami's Blog

Apache实现全站HTTPS

 included in Centos
   837 words   2 minutes    views  

一、首先在系统上面查询一下是否已经安装了apache

【Apache在linux系统里的名字是httpd】

1

rpm -qa httpd

如果有返回的信息,则会显示已经安装的软件。如果没有则不会显示其它的信息。

二、查询到系统是还没有进行安装的,那么我们打一个命令直接安装就可以了

1

yum install httpd -y

再次运行rpm -qa httpd就有显示了,证明已经安装完成了

三、启动apache

1

systemct start httpd.service

四、使用yum 安装Apache非常简单方便快捷,但是如果yum源设置不正确或者yum源不好,就可能安装不上或者说是安装坏的软件包。所以注意yum源维护安装软件也是一个重要的任务

五、安装完之后,目录文件分布如下

http://cdn.telami.cn/1522129117%281%29.jpg

配置文件都在/etc/httpd文件夹下:

http://cdn.telami.cn/1522129319%281%29.jpg

默认安装方式是没有加载SSL模块的,所以需要下面的命令来执行

1

    yum install mod_ssl openssl

安装完毕后,会自动生成 /etc/httpd/conf.d/ssl.conf 文件。

关于证书的申请,现在方式有很多,这次是在腾讯申请的免费证书,证书申请下来之后,把文件上传到服务器,放在相应目录下,修改ssl.conf文件。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

    vim /etc/httpd/conf.d/ssl.conf

     # When we also provide SSL we have to listen to the 
     # the HTTPS port in addition.
     #
     Listen 443 https

     ## SSL Virtual Host Context

     <VirtualHost _default_:443>
     # General setup for the virtual host, inherited from global configuration

     DocumentRoot "/var/www/html/a.com"
     ServerName www.a.com:443

     ### overwrite the following parameters ###
     SSLCertificateFile /etc/pki/tls/certs/server.crt
     SSLCertificateKeyFile /etc/pki/tls/private/server.key

     ### The following parameter does not need to be modified in case of a self-signed    certificate. ###
     ### If you are using a real certificate, you may receive a certificate bundle. The bundle is added using the following parameters ###
     SSLCertificateChainFile /etc/pki/tls/certs/example.com.ca-bundle

然后,重新启动httpd服务使更改生效。

1

systemctl restart httpd

如果需要强制跳转HTTPS,则配置如下属性:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted

    # 配置https
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]
    # 去掉index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php
</Directory>

本文其实也是Apache部署php项目typecho,实现https的记录。关于上面几行取掉index.php其实是实现网页伪静态化。

Updated on 2016-07-17
 Centos
Back | Home