//系统
# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
# uname -r
3.10.0-957.el7.x86_64
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
//关闭SELinux
//关闭firewall或按需打开对应端口
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload
//Apache在默认的CentOS仓库中可用,安装非常简单
# yum -y install httpd
# systemctl enable httpd
# systemctl start httpd
# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 24 2019 13:45:48
# whereis httpd
httpd: /usr/sbin/httpd /usr/lib64/httpd /etc/httpd /usr/share/httpd /usr/share/man/man8/httpd.8.gz
//浏览器输入ip或域名测试服务
http://localhost
//启用SSL
[在Apache服务器上安装SSL证书](https://help.aliyun.com/document_detail/98727.html?spm=a2c4g.11186623.2.16.66f02242dKtV2j#concept-zsp-d1x-yfb)
//cp申请到的SSL证书到 cert目录
# mkdir /etc/httpd/cert
# tree -N cert/
cert/
├── webb.hgtop.xyz_chain.crt
├── webb.hgtop.xyz.key
└── webb.hgtop.xyz_public.crt
//为Apache安装mod_ssl模块提供TLS/SSL功能
# yum -y install mod_ssl
# ls /etc/httpd/modules/ | grep "mod_ssl" //查看是否安装了ssl模块,结果出现 mod_ssl.so 即已经安装
//编辑 /etc/httpd/conf.d/ssl.conf 作如下修改
# vim ssl.conf
59 DocumentRoot "/var/www/html"
60 ServerName localhost:443
94 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
95 SSLHonorCipherOrder on
102 SSLCertificateFile /etc/httpd/cert/webb.hgtop.xyz_public.crt
109 SSLCertificateKeyFile /etc/httpd/cert/webb.hgtop.xyz.key
118 SSLCertificateChainFile /etc/httpd/cert/webb.hgtop.xyz_chain.crt
//保存退出,重启Apache服务,验证
https://domain name //domain name替换成证书绑定的域名,如果网页地址栏出现绿色小锁标志,表示证书安装成功。
//可选,将 http 自动跳转到 https
在 httpd.conf 文件中找到内容:
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
//将以上内容修改为
124 <Directory "/var/www">
125 AllowOverride None
126 # Allow open access:
127 Require all granted
128 RewriteEngine on
129 RewriteCond "%{SERVER_PORT}" !^443$
130 RewriteRule "^/?(.*)$" "https://%{SERVER_NAME}%{REQUEST_URI}" [L,R,NE]
131 </Directory>