安装模块
安装mod_ssl和openssl
yum install mod_ssl openssl -y
创建密钥存放的目录
mkdir -p /etc/httpd/ssl
chmod 700 /etc/httpd/ssl
上传证书和密钥到/etc/httpd/ssl目录下
验证证书和密钥的MD5
openssl rsa -noout -modulus -in xxxxxx.key | openssl md5
openssl x509 -noout -modulus -in xxxxxx.crt | openssl md5
编辑配置文件
修改ssl.conf文件
vi /etc/httpd/conf.d/ssl.conf
`````
Listen 443 https
`````
DocumentRoot "网站根目录"
#填写证书名称
ServerName 域名:443
`````
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/ssl/xxxxxx.crt
#私钥文件的路径
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/ssl/xxxxxx.key
#私钥文件的路径
打开ssl模块功能
在 /etc/httpd/conf.modules.d
目录下的 00-ssl.conf 配置文件找到 LoadModule ssl_module modules/mod_ssl.so
(用于加载 SSL 模块)配置语句,并确认该配置语句未被注释,若已注释,请去掉首行的注释符号(#
),保存配置文件。
HTTP 自动跳转 HTTPS 的安全配置
- 请确认
/etc/httpd/conf/httpd.cof
是否存在LoadModule rewrite_module modules/mod_rewrite.so
。- 若存在,请去掉
LoadModule rewrite_module modules/mod_rewrite.so
前面的注释符号(#
)号 - 若不存在,请您在
/etc/httpd/conf.modules.d
中新建一个 *.conf 文件,例如 00-rewrite.conf。
- 若存在,请去掉
LoadModule rewrite_module modules/mod_rewrite.so
- 在 相关网站配置文件中添加重定向规则
<Directory "网站根目录">
# 新增
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>
重新启动 Apache 服务器
systemctl restart httpd.service
文章来源:https://www.cnaaa.net,转载请注明出处:https://www.cnaaa.net/archives/6244