ubuntu14+apache2搭建https Server

本文详细介绍如何在Apache服务器上配置SSL,包括启用SSL模块、创建和安装证书、修改配置文件、设置虚拟主机等步骤,帮助读者实现网站的安全加密传输。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一.基础知识

 

*默认站点在 /var/www/

*配置文件在 /etc/apache2/

*日志在 /var/log/apache/

*启动脚本是 /usr/bin/apache2ctl 或者 /etc/init.d/apache2

 

二.启动ssl模块

 

a2enmod ssl

 

三.创建证书

 

$openssl genrsa -des3 -out server.key 1024  #创建CA签名(不使用密码去除-des3选项),该密码需要记住,后面两项证书及启动apache ssl需要输入密码

$openssl req -new -key server.key -out server.csr  #创建CSR

 

$openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  #自己签发证书

 

四.复制证书到相应目录

 

cp server.crt /etc/ssl/certs

cp server.key /etc/ssl/private

 

五.修改端口 vi /etc/apache2/ports.conf

 

# If you just change the port or add more ports here, you will likely also

# have to change the VirtualHost statement in

# /etc/apache2/sites-enabled/000-default.conf

 

 

 

Listen 80

 

<IfModule ssl_module>

        Listen 443

            <VirtualHost _default_:443>

            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log

            CustomLog ${APACHE_LOG_DIR}/access.log combined

 

            SSLEngine On

            # 证书文件的路径(需要自己申请,或找IT部门的同事要)

            SSLCertificateFile  /etc/ssl/certs/server.crt

            # key文件的路径(需要自己申请,或找IT部门的同事要)

            SSLCertificateKeyFile  /etc/ssl/private/server.key

        </VirtualHost>

 

</IfModule>

 

<IfModule mod_gnutls.c>

        Listen 443

</IfModule>

 

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

 

 

六.修改/etc/apache2/apache2.conf为如下内容:

 

Mutex file:${APACHE_LOCK_DIR} default

 

PidFile ${APACHE_PID_FILE}

 

Timeout 300

 

KeepAlive On

 

MaxKeepAliveRequests 100

 

KeepAliveTimeout 5

 

User ${APACHE_RUN_USER}

Group ${APACHE_RUN_GROUP}

 

HostnameLookups Off

 

ErrorLog ${APACHE_LOG_DIR}/error.log

 

LogLevel warn

 

IncludeOptional mods-enabled/*.load

IncludeOptional mods-enabled/*.conf

 

Include ports.conf

Include httpd.conf

 

<Directory />

        Options FollowSymLinks

        AllowOverride None

        #Require all denied

</Directory>

 

<Directory /usr/share>

        AllowOverride None

        Require all granted

</Directory>

 

<Directory /var/www/>

        Options Indexes FollowSymLinks

        AllowOverride None

        Order allow,deny

        Allow from all

        #Require all granted

</Directory>

 

AccessFileName .htaccess

 

<FilesMatch "^\.ht">

        Require all denied

</FilesMatch>

 

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %O" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

 

IncludeOptional conf-enabled/*.conf

 

IncludeOptional sites-enabled/*.conf

 

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

 

ServerName 155.168.3.84

 

七.执行如下命令

 

echo  "LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so" >> /etc/apache2/apache2.conf

 

echo "ServerName 155.168.3.84" >>  /etc/apache2/apache2.conf

 

echo "155.168.3.13  host-155-168-3-13" >> /etc/hosts

 

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/001-ssl.conf

 

vi /etc/apache2/sites-enabled/001-ssl.conf

 

<VirtualHost *:443>

 

        # The ServerName directive sets the request scheme, hostname and port that

        # the server uses to identify itself. This is used when creating

        # redirection URLs. In the context of virtual hosts, the ServerName

        # specifies what hostname must appear in the request's Host: header to

        # match this virtual host. For the default virtual host (this file) this

        # value is not decisive as it is used as a last resort host regardless.

        # However, you must set it for any further virtual host explicitly.

        #ServerName www.example.com

 

 

        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/html

 

        SSLEngine On

        SSLOptions +StrictRequire

        SSLCertificateFile /etc/ssl/certs/server.crt

        SSLCertificateKeyFile /etc/ssl/private/server.key

 

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

        # error, crit, alert, emerg.

        # It is also possible to configure the loglevel for particular

        # modules, e.g.

        #LogLevel info ssl:warn

 

        ErrorLog ${APACHE_LOG_DIR}/error.log

        CustomLog ${APACHE_LOG_DIR}/access.log combined

 

        # For most configuration files from conf-available/, which are

        # enabled or disabled at a global level, it is possible to

        # include a line for only one particular virtual host. For example the

        # following line enables the CGI configuration for this host only

        # after it has been globally disabled with "a2disconf".

        #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

 

八.启动前检查

apache启动前检查: apachectl configtest

/etc/init.d/apache2 restart

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值