APACHE服务使用证书,完成SSL加密访问

接上篇,忘记发了。

  • 拷贝所需文件
    rm -rf ../enduser-certs/*.csr
    mkdir /usr/local/apache/conf/certs
    cp ../enduser-certs/* /usr/local/apache/conf/certs/

    https-pre

  • 检查、修改主配置文件,确认已加载SSL相关模块
    vim /usr/local/apache/conf/httpd.conf

    https-1

    https-2
    使用vhosts配置多个域名、网站
    https-3

  • 修改httpd-ssl.conf配置文件,将虚拟主机相关行都注释掉,其它按其默认即可:
    https-4
  • 修改虚拟主机配置文件,添加SSL虚拟主机项,刚在conf/extra/httpd-ssl.conf中注释行即示例
    vim /usr/local/apache/conf/extra/httpd-vhosts.conf
    <VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/data/www/siteA/"
    ServerName www.example.com
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.example.com-error-%Y_%m_%d.log 2M"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.example.com-error-%Y_%m_%d.log 86400 480"
    </VirtualHost>
    <VirtualHost *:443>
    ServerName www.example.com
    ServerAdmin [email protected]
    DocumentRoot "/data/www/siteA/"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-error-%Y_%m_%d.log 2M"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-error-%Y_%m_%d.log 86400 480"
    TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-access-%Y_%m_%d.log 2M"
    TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-access-%Y_%m_%d.log 86400 480"
    SSLEngine on
    SSLCertificateFile "/usr/local/apache/conf/certs/ example.com.crt"
    SSLCertificateKeyFile "/usr/local/apache/conf/certs/server.key"
    SSLCertificateChainFile "/usr/local/apache/conf/certs/cert.chain"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>
    BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    </VirtualHost>
    <Directory "/data/www/siteA">
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig ALL
    Require all granted
    </Directory>
    
    <VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/data/www/siteB/"
    ServerName www.txtyw.com
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.txtyw.com-error-%Y_%m_%d.log 2M"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.txtyw.com-error-%Y_%m_%d.log 86400 480"
    </VirtualHost>
    <VirtualHost *:443>
    ServerName www.txtyw.com
    ServerAdmin [email protected]
    DocumentRoot "/data/www/siteB/"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-error-%Y_%m_%d.log 2M"
    ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-error-%Y_%m_%d.log 86400 480"
    TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-access-%Y_%m_%d.log 2M"
    TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-access-%Y_%m_%d.log 86400 480"
    SSLEngine on
    SSLCertificateFile "/usr/local/apache/conf/certs/ txtyw.com.crt"
    SSLCertificateKeyFile "/usr/local/apache/conf/certs/srv/server.key"
    SSLCertificateChainFile "/usr/local/apache/conf/certs/cert.chain"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>
    BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    </VirtualHost>
    <Directory "/data/www/siteB">
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig ALL
    Require all granted
    </Directory>

    https-5

  • 建立相关网站目录并设置权限
    mkdir /data/www/site{A,B}
    echo "this is www.example.com" > /data/www/siteA/index.html
    echo "this is www.txtyw.com" > /data/www/siteB/index.html
    chown -R apache:apache /data/www/
    chcon -R -t http_t /data/www/

    https-6

  • 设置服务器私钥文件apache可读
    chmod 440 certs/srv/server.key
    chgrp apache certs/srv/server.key

    https-7

  • 重启apache服务,即可生效
    /usr/local/apache/bin/apachectl restart

    https-8

  • 使用BIND-DNS设置www.example.comwww.txtyw.com的解析即可
    然后客户端即可以https访问域名
    https-9
  • 已可进行加密连接
    但可以看到上面有x,提示无法验证证书可信性,因为是我们自己做的,让它任也简单,将根证书安装到主机受信任证书颁发机构即可:
    https-end1 https-end2 https-end3 https-end4

留下评论

error: Content is protected !!