阿里云服务器配置https(总结)
一、总结
一句话总结:
1、下载https证书(可以在阿里云上)
2、在服务器上面开启443端口
3、配置apache服务器,443的加ssl,让80的重定向到443
4、安装mod_ssl模块:yum install mod_ssl
1、apache将http(80)链接跳转到https(443)?
RewriteCond配合RewriteRule来跳转:RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R]
<VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R] ServerName www.fanrenyi.com ServerAlias fanrenyi.com </VirtualHost>
2、阿里云上配置apache启示?
可以多参照阿里云上面提供的手册:阿里云https证书服务那里下载证书那里有怎么教你详细的做
3、https的端口号是多少?
443
二、阿里云服务器配置https
1、在阿里云上面下载https证书
具体怎么做可以参考以下网址或者百度
https://yq.aliyun.com/articles/720759?spm=a2c4e.11155472.0.0.24124494m4E2Hi
2、在服务器上面开启443端口
因为443是https默认端口
3、配置apache服务器
阿里云https证书服务那里下载证书那里有怎么教你详细的做
httpd-ssl.conf成功的配置:
Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(512000)" # 添加 SSL 协议支持协议,去掉不安全的协议 SSLProtocol all -SSLv2 -SSLv3 SSLProxyProtocol -All +TLSv1.2 +TLSv1.3 # 修改加密套件如下 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLProxyCipherSuite HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128 SSLHonorCipherOrder on SSLCompression off Mutex sysvsem default SSLStrictSNIVHostCheck on #公钥 SSLCertificateFile cert/--------------------------.crt #私钥 SSLCertificateKeyFile cert/---------------------------.key #证书链文件 SSLCertificateChainFile cert/------------------------.crt <VirtualHost _default_:443> SSLEngine on #ServerName localhost ServerName fanrenyi.com:443 ServerAlias www.fanrenyi.com:443 DocumentRoot --------------------------------- #DocumentRoot /data/www/default #<Directory /data/www/default> <Directory -----------------------------------> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order Deny,Allow Allow from All DirectoryIndex index.php index.html index.htm </Directory> </VirtualHost>
4、成功的效果
5、laravel项目中自动跳转到https中
将http(80)链接跳转到https(443):
<VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R] ServerName www.fanrenyi.com ServerAlias fanrenyi.com </VirtualHost>
6、记得安装mod_ssl
如果一开始只安装了httpd,还要安装mod_ssl才能开启SSL
所以记得yum install mod_ssl
三、参考:阿里云服务器上开启HTTPS(记录趟过的各种坑)
转自或参考:阿里云服务器上开启HTTPS(记录趟过的各种坑)
https://blog.csdn.net/nuc_badaomen/article/details/80452173
服务器环境:phpstudy
证书:从阿里云网站申请的免费证书,具体请自行百度
重要步骤:
1.确定服务器已经开启443端口,因为443是https默认端口,如何开启自行百度
2.开启apache相应配置
#修改httpd.conf文件
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule rewrite_module
#去掉上面三行前的"#"
保存退出
3.在apache目录下的httpd目录下新建一个cert目录,将证书放到该目录下
4.确定已开启openssl模块,通过phpinfo()可以查看是否开启
5.修改httpd-ssl.conf文件如下,其余的删除即可
Listen 443
<VirtualHost *:443>
DocumentRoot "网站根目录"
ServerName 域名:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
<Directory "网站根目录">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
[plain] view plain copy
#公钥
SSLCertificateFile /phpstudy/server/httpd/cert/public.pem
[plain] view plain copy
#私钥
SSLCertificateKeyFile /phpstudy/server/httpd/cert/xxxxxx.key
[plain] view plain copy
#证书链文件
SSLCertificateChainFile /phpstudy/server/httpd/cert/chain.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost> 四、参考:apache2.4配置https
转自或参考:apache2.4配置https
https://www.cnblogs.com/jie-hu/p/8034226.html
1、获取证书
1.1 openssl生成SSL证书(自行百度)
1.2 腾讯云,阿里云,百度云等等都有提供免费的SSL证书
2、证书安装
编辑Apache根目录下 conf/httpd.conf 文件,找到#LoadModule ssl_module/mod_ssl.so 和 #Include conf/extra/httpd-ssl.conf,去掉前面的#号注释;
编辑Apache跟目录下 conf/extra/httpd-ssl.conf 文件,修改如下内容:
<VirtualHost *:443> DocumentRoot "/var/www/html" ServerName www.domain.com:443 SSLEngine on SSLCertificateFile /usr/local/apache/conf/2_www.domain.com_cert.crt SSLCertificateKeyFile /usr/local/apache/conf/3_www.domain.com.key SSLCertificateChainFile /usr/local/apache/conf/1_root_bundle.crt </VirtualHost>
配置完成后,重新启动 Apache 就可以使用https://www.domain.com来访问了。
注:
| 配置文件参数 | 说明 |
| SSLEngine on | 启用SSL功能 |
| SSLCertificateFile | 证书文件 |
| SSLCertificateKeyFile | 私钥文件 |
| SSLCertificateChainFile |
证书链文件 |
3、apache配置重定向
在.htaccess文件中加入如下代码:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,E=PATH_INFO:$1]
</IfModule>在.htaccess文件中加入如在.htaccess文件中加入如下代码:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
</IfModule><?php if ($_SERVER["HTTPS"] <> "on") { $xredir="https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; header("Location: ".$xredir); } ?>
然后伪静态就正常去掉index.php功能:
<IfModule mod_rewrite.c> RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [L,E=PATH_INFO:$1] </IfModule>
配置完成后,http就可以重定向到https了。
4、遇到的问题
4.1 外网443端口被防火墙关闭
4.2 在windows Server 2012服务器上配置httpd-ssl.conf
