摘自:阿里云https配置教程
- 证书文件214179346500845.pem,包含两段内容,请不要删除任何一段内容。
- 如果是证书系统创建的CSR,还包含:证书私钥文件214179346500845.key、证书公钥文件public.pem、证书链文件chain.pem。
( 1 ) 在Apache的安装目录下创建cert目录,并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件,请将对应的私钥文件放到cert目录下并且命名为214179346500845.key;
( 2 ) 打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”:
#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件) 我是硬写进去的
#Include conf/extra/httpd-ssl.conf
( 3 ) 打开 apache 安装目录下 conf/extra/httpd-ssl.conf 文件 (也可能是conf.d/ssl.conf,与操作系统及安装方式有关), 在配置文件中查找以下配置语句:
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile cert/public.pem
# 证书私钥配置
SSLCertificateKeyFile cert/214179346500845.key
# 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile cert/chain.pem
( 4 ) 重启 Apache。
OK,恭喜你可以正常使用HTTPS来访问你的根目录了。
因为转lnmp了,贴下之前配置/usr/local/apache/conf/httpd.conf:
ServerRoot "/usr/local/apache"
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#配置https
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#Include conf/extra/httpd-ssl.conf
<IfModule mpm_prefork_module>
</IfModule>
<IfModule !mpm_prefork_module>
</IfModule>
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php7_module modules/libphp7.so
AddType application/x-httpd-php .php
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
ServerAdmin you@example.com
ServerName www.example.com:80
<Directory />
AllowOverride All
Require all denied
#Require all granted
</Directory>
#DocumentRoot "/data/www/typecho"
<Directory "/data/www/typecho">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory "/data/www/wiki">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#尝试配置443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/apache/cert/public.pem
SSLCertificateKeyFile /usr/local/apache/cert/214179346500845.key
<Directory /var/www/html/virtual-web>
AllowOverride All
</Directory>
ServerAdmin email@example.com
DocumentRoot /data/www/typecho
ServerName tyrad.cc
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/apache/wikiCer/public.pem
SSLCertificateKeyFile /usr/local/apache/wikiCer/214186353460845.key
<Directory /var/www/html/virtual-web>
AllowOverride All
</Directory>
ServerAdmin email@example.com
DocumentRoot /data/www/wiki
ServerName wiki.tyrad.cc
</VirtualHost>
#单个站点强制使用https (没必要)
#<VirtualHost *:80>
# ServerName tyrad.cc
# Redirect permanent / https://tyrad.cc
#</VirtualHost>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>
#配置https
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
#尝试配置多个域名(发现这个没什么用)
#Include conf/extra/httpd-vhosts.conf
#尝试配置多个域名
#NameVirtualHost *:80(这句apache 2.4 废弃不需要)
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot "/data/www/typecho"
ServerName www.tyrad.cc
#ErrorLog "/usr/local/httpd/logs/error.log"
# CustomLog "/usr/local/httpd/logs/custom.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot "/data/www/wiki"
ServerName wiki.tyrad.cc
#ErrorLog "/usr/local/httpd/logs/blog_error.log"
#CustomLog "/usr/local/httpd/logs/blog_custom.log" combined
</VirtualHost>
#配置ngrok的反向代理
#加载转发模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ServerName main.tunnel.tyrad.cc
ServerAlias *.tunnel.tyrad.cc
RewriteEngine On
RewriteRule ^/(.*) http://%{HTTP_HOST}:8080/$1 [P]
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>