apache中的https设置基于阿里云免费ssl服务

时间:2022-10-14 21:43:09

环境是:debian7+apache2.2+阿里云免费ssl服务,站点以前的http已经在运行了,

1、开通阿里云免费SSL&DNS解析配置

购买位置:打开阿里云找到“产品”-“安全”-“CA证书服务”-点击“立即购买”;

选择方法:证书类型选择”专业版OV SSL”->”1个域名”->”Symantec”(这里选择完成后上面证书类型出现了“免费型DV SSL”)->证书类型选择”免费型DV SSL”->然后继续购买就可以了;

域名验证类型:一路点击后来到后台中的CA证书服务(也可以自己从阿里后台找),在”进度”栏目中有”补全”,点击”补全”,一直输入一直往下点击,直到有个”域名验证类型”,这里选择DNS

全部填写完成后等待一会就开通了。

DNS解析配置:紧接上步,开通成功会有要求添加txt的解析记录,解析记录的值也会给你,然后去添加

2、开启Apache的SSL

找到/etc/apache2/mods-enable文件夹,里边有很多模块,打开文件ssl.load:

#LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

去掉#

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

执行命令,必须要执行

a2enmod ssl

apache中开启端口监听:打开/etc/apache2/ports.conf,在Listen 443上面添加NameVirtualHost *:443

NameVirtualHost *:80
Listen 80 <IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule> <IfModule mod_gnutls.c>
Listen 443
</IfModule>

服务器防火墙入口端口添加443

3、上传证书&修改配置文件

去阿里云后台”CA证书服务”中找,找到后解压上传到/etc/apacahe2/ssl/domainname/中(domainname可以是网站名称),目录中有:123456789012345.key,123456789012345.pem,chain.pem,public.pem

打开/etc/apache2/sites-enable文件夹,找到需要配置的网站配置文件,这里我就以domainname.conf为例,很简单就是把原来的VirtualHost复制一下,修改一下端口号,然后添加SSLEngine部分的信息,代码如下:

<VirtualHost *:80>
ServerName domainname.com
ServerAlias domainname.com DocumentRoot /www/domainname
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /www/domainname/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost> <VirtualHost *:443>
ServerName domainname.com443
ServerAlias domainname.com SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on SSLCertificateFile /etc/apache2/ssl/domainname/public.pem
SSLCertificateKeyFile /etc/apache2/ssl/domainname/123456789012345.key
SSLCertificateChainFile /etc/apache2/ssl/domainname/chain.pem DocumentRoot /www/domainname
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /www/domainname/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory> </VirtualHost>

4、重启apache

service apache2 restart