因工作需要,要为一台Web Server中的虚拟主机配置HTTPS.大致看了下文档,也参考了一下网上的资料.配置成功了.现做个笔记.
记得在网上找资料的时候,我下面笔记中的内容好象是对于Apache的版本有要求的,是多少不太记得了.我现在使用的是Apache的版本是2.2.23.
先大致讲下单IP的Apache的多虚拟主机的配置.
首先在httpd.conf中将
Include etc/apache22/extra/httpd-vhosts.conf
注释去掉.
然后编辑/usr/local/etc/apache22/extra/httpd-vhosts.conf内容,如下:
NameVirtualHost *:80
< VirtualHost *:80 >
DocumentRoot /usr/local/www/apache22/data/mydomain1.com
ServerName mydomain1.com:80
< Directory /usr/local/www/apache22/data/mydomain1.com >
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
< /Directory >
ErrorDocument 404 error.php
CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/access.%Y%m%d.log 86400" common
ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400"
< /VirtualHost >
< VirtualHost *:80 >
DocumentRoot /usr/local/www/apache22/data/mydomain2.com
ServerName mydomain1.com:80
< Directory /usr/local/www/apache22/data/mydomain2.com >
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
< /Directory >
ErrorDocument 404 error.php
CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/access.%Y%m%d.log 86400" common
ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/error.%Y%m%d.log 86400"
< /VirtualHost>
然后重启Apache
/usr/local/etc/rc.d/apahce22 restart
就可以完成虚拟主机的设置了.
然后再讲讲有关HTTPS的设置.
先在httpd.conf文件中将有关ssl的注释去掉.有两个地方:
# 加载SSL模块
LoadModule ssl_module modules/mod_ssl.so
# 加载ssl的配置文件
Include conf/extra/httpd-ssl.conf
然后生成证书,我们的证书是使用openssl来加密的,如果没有安装,就要先安装openssl:
cd /usr/ports/security/openssl make install clean
然后再调用openssl来生成服务器证书私钥文件:
openssl genrsa -out server.key 2048
然后再用私钥文件生成证书请求文件:
openssl req -new -key server.key -out certreq.csr
然后需要填写一些相关的域名信息,填写完成之后会生成一个certreq.csr文件.
如果是有申请公有证书,则可以把这个csr文件发给证书核发方,等待对方签发服务器公有证书.
证书一般是以”—–BEGIN CERTIFICATE—–”开头和以”—–END CERTIFICATE—–”结束的.假设这里我们得到的证书名称是server.crt
编辑/usr/local/etc/apahce22/extra/httpd-ssl.conf文件,修改如下:
Listen 443
NameVirtualHost *:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/var/run/ssl_mutex"
< VirtualHost *:443>
DocumentRoot "/usr/local/www/apache22/data/mydomain1.com"
ServerName mydomain1.com
ServerAdmin admin@mydomain1.com
ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400"
TransferLog "/var/log/httpd/mydomain1.com/httpd-access.log"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/usr/local/etc/apache22/ssl_key/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl_key/server.key"
#如果有另外一张CA中级证书,则需要启用这一行
#SSLCertificateChainFile "/usr/local/etc/apache22/ssl_key/ca.crt"
< FilesMatch "\.(cgi|shtml|phtml|php)$" >
SSLOptions +StdEnvVars
< /FilesMatch>
< Directory "/usr/local/www/apache22/cgi-bin" >
SSLOptions +StdEnvVars
< /Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/ssl_request.%Y%m%d.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
< /VirtualHost>
然后重新启动Apache:
/usr/local/etc/rc.d/apache22 restart
然后再试试,大功告成!