Apache/SSL
< Apache
安裝和配置帶有 PHP5 和 SSL 支援的 Apache2
apache2 openssl ssl-cert libapache2-mod-php5 php5-cli php5-common php5-cgi
要生成證書,請使用以下命令:
sudo openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -
keyout /etc/apache2/apache.pem
您將被要求輸入將被納入您的證書請求的資訊。
您即將輸入的是所謂的“可辨別名稱”(DN)。有很多欄位,但您可以留空一些。對於某些欄位,將有一個預設值。如果您輸入“.”,該欄位將被留空。
Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:West Bengal Locality Name (eg, city) []:Kolkata Organization Name (eg, company) [Internet Widgits Pty Ltd]:MAT3 Impex Pvt. Ltd. Organizational Unit Name (eg, section) []:Crypto-Devel Common Name (eg, YOUR name) []:Promathesh Mandal Email Address []:promatesh@mat3impex.com
這將完成證書,現在您需要確保您對 .pem 檔案具有正確的許可權,如果沒有,請使用以下命令設定正確的許可權。
sudo chmod 600 /etc/apache2/apache.pem
注意:要生成證書籤名請求,請使用以下命令:
sudo openssl req -new -key apache.pem -out chikpea.csr
預設情況下,伺服器將在埠 80 上監聽傳入的 HTTP 請求,而不是在埠 443 上監聽 SSL 連線。因此,您需要啟用 SSL 支援,方法是在 /etc/apache2/ports.conf 檔案中新增以下條目,儲存並退出檔案。
Listen 443
如果要為 Apache Web 伺服器啟用 SSL 支援,則需要使用以下命令。
sudo a2enmod ssl
已安裝模組 ssl;執行 /etc/init.d/apache2 force-reload 以啟用。現在,您需要使用以下命令重新啟動 Apache2 伺服器。
sudo /etc/init.d/apache2 restart
首先,您需要編輯 /etc/apache2/sites-available/default 檔案,更改
NameVirtualHost *
到
NameVirtualHost *:80
NameVirtualHost *:443
現在,您需要使用埠 80 配置虛擬主機。
ServerAdmin webmaster@localhost
.
.
.
使用埠 443 配置虛擬主機,主要區別在於您需要為每個 SSL 主機使用以下兩行。
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
示例
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
現在,您需要使用以下命令重新啟動 Apache Web 伺服器。
sudo /etc/init.d/apache2 reload
示例檔案: “ports.conf” 檔案的示例
Listen 80
Listen 443
“default” 檔案的示例
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>