因工作需要,要为一台Web Server中的虚拟主机配置HTTPS.大致看了下文档,也参考了一下网上的资料.配置成功了.现做个笔记.
记得在网上找资料的时候,我下面笔记中的内容好象是对于Apache的版本有要求的,是多少不太记得了.我现在使用的是Apache的版本是2.2.23.
先大致讲下单IP的Apache的多虚拟主机的配置.
首先在httpd.conf中将
Include etc/apache22/extra/httpd-vhosts.conf
注释去掉.
然后编辑/usr/local/etc/apache22/extra/httpd-vhosts.conf内容,如下:
NameVirtualHost *:80 < VirtualHost *:80 > DocumentRoot /usr/local/www/apache22/data/mydomain1.com ServerName mydomain1.com:80 < Directory /usr/local/www/apache22/data/mydomain1.com > Options FollowSymLinks AllowOverride All Order deny,allow Allow from all < /Directory > ErrorDocument 404 error.php CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/access.%Y%m%d.log 86400" common ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400" < /VirtualHost > < VirtualHost *:80 > DocumentRoot /usr/local/www/apache22/data/mydomain2.com ServerName mydomain1.com:80 < Directory /usr/local/www/apache22/data/mydomain2.com > Options FollowSymLinks AllowOverride All Order deny,allow Allow from all < /Directory > ErrorDocument 404 error.php CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/access.%Y%m%d.log 86400" common ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/error.%Y%m%d.log 86400" < /VirtualHost>
然后重启Apache
/usr/local/etc/rc.d/apahce22 restart
就可以完成虚拟主机的设置了.
然后再讲讲有关HTTPS的设置.
先在httpd.conf文件中将有关ssl的注释去掉.有两个地方:
# 加载SSL模块
LoadModule ssl_module modules/mod_ssl.so
# 加载ssl的配置文件
Include conf/extra/httpd-ssl.conf
然后生成证书,我们的证书是使用openssl来加密的,如果没有安装,就要先安装openssl:
cd /usr/ports/security/openssl make install clean
然后再调用openssl来生成服务器证书私钥文件:
openssl genrsa -out server.key 2048
然后再用私钥文件生成证书请求文件:
openssl req -new -key server.key -out certreq.csr
然后需要填写一些相关的域名信息,填写完成之后会生成一个certreq.csr文件.
如果是有申请公有证书,则可以把这个csr文件发给证书核发方,等待对方签发服务器公有证书.
证书一般是以”—–BEGIN CERTIFICATE—–”开头和以”—–END CERTIFICATE—–”结束的.假设这里我们得到的证书名称是server.crt
编辑/usr/local/etc/apahce22/extra/httpd-ssl.conf文件,修改如下:
Listen 443 NameVirtualHost *:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/var/run/ssl_mutex" < VirtualHost *:443> DocumentRoot "/usr/local/www/apache22/data/mydomain1.com" ServerName mydomain1.com ServerAdmin admin@mydomain1.com ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400" TransferLog "/var/log/httpd/mydomain1.com/httpd-access.log" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "/usr/local/etc/apache22/ssl_key/server.crt" SSLCertificateKeyFile "/usr/local/etc/apache22/ssl_key/server.key" #如果有另外一张CA中级证书,则需要启用这一行 #SSLCertificateChainFile "/usr/local/etc/apache22/ssl_key/ca.crt" < FilesMatch "\.(cgi|shtml|phtml|php)$" > SSLOptions +StdEnvVars < /FilesMatch> < Directory "/usr/local/www/apache22/cgi-bin" > SSLOptions +StdEnvVars < /Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/ssl_request.%Y%m%d.log 86400" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" < /VirtualHost>
然后重新启动Apache:
/usr/local/etc/rc.d/apache22 restart
然后再试试,大功告成!