站长网_站长创业_站长主页_站长之家_易采站长站

会员投稿 投稿指南 站长资讯通告: APACHE 服务器 搭建HTTPS网站教程
搜索:
您的位置: 主页 > 教程 > 服务器 > Linux > » 正文

APACHE 服务器 搭建HTTPS网站教程

来源: 易采站长站
由于百度和谷歌等搜索引擎提倡开启HTTPS安全传输的链接方式。易采源码网近日也做了HTTPS链接方式。易采源码网采用的是upupw
apache版的服务器软件。那么今天分享一下upupw apache版的服务器软件如何开启HTTPS链接。废话不多说,直接上教程。。。。
 
 首先到这里下在upupw apache服务器套件https://down.easck.com/software/33477.html
 然后解压到您指定的分区里面比如D:\UPUPW\
 
 第一步:
 复制UPUPW目录下面\Apache2\bin\目录下面的 libeay32.dll,openssl.exe,ssleay32.dll这三个文件到您的PHP目录里。
 注:原版的UPUPW APACHE版的服务器套件,不论您怎么配置,即使您配置的都正确如果不复制这三个文件也启动不了Apache服务。所以这三个文件目前为止必须复制到PHP目录替换PHP目录里面的相同文件名的文件。
 
 第二步:
 上面的三个文件复制好之后
 
 打开Apache2\conf\目录下面的httpd.conf文件
 
 找到这两行
 #LoadModule ssl_module modules/mod_ssl.so
 #Include conf/extra/httpd-ssl.conf
 
 去掉前面的#号,修改成
 LoadModule ssl_module modules/mod_ssl.so
 Include conf/extra/httpd-ssl.conf
 
 需要注意的是下面这两行代码
 Listen 80
 Include conf/httpd-listen.conf
 
 如果这两行代码前面有#也请去掉。
 
 然后保存
 
 第三步
 然后在打开Apache2\conf\目录下面的httpd-listen.conf文件
 
 您会看到这样的文字
 #Listen 81
 #Listen 8080
 
 我们增加一行代码
 listen 443
 变成
 #Listen 81
 #Listen 8080
 listen 443
 
 解释一下,#listen 81和#listen 8080不在服务器端口检测中
 增加listen 443是为了让服务器对443端口进行检测和链接
 如果您不开启443端口的检测即使您配置正确HTTPS也不能链接
 
 修改好之后后保存
 
 第四步
 接下来我们在打开Apache2\conf\extra目录下面的httpd-ssl.conf文件
 
 #
 # This is the Apache server configuration file providing SSL support.
 # It contains the configuration directives to instruct the server how to
 # serve pages over an https connection. For detailed information about these
 # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
 # Required modules: mod_log_config, mod_setenvif, mod_ssl,
 #          socache_shmcb_module (for default value of SSLSessionCache)
 
 #
 # Pseudo Random Number Generator (PRNG):
 # Configure one or more sources to seed the PRNG of the SSL library.
 # The seed data should be of good random quality.
 # WARNING! On some platforms /dev/random blocks if not enough entropy
 # is available. This means you then cannot use the /dev/random device
 # because it would lead to very long connection times (as long as
 # it requires to make more entropy available). But usually those
 # platforms additionally provide a /dev/urandom device which doesn't
 # block. So, if available, use this one instead. Read the mod_ssl User
 # Manual for more details.
 #
 #SSLRandomSeed startup file:/dev/random  512
 #SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
 #SSLRandomSeed connect file:/dev/urandom 512
 
 
 #
 # When we also provide SSL we have to listen to the
 # standard HTTP port (see above) and to the HTTPS port
 #
 Listen 443
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 
 #   Speed-optimized SSL Cipher configuration:
 #   If speed is your main concern (on busy HTTPS servers e.g.),
 #   you might want to force clients to specific, performance
 #   optimized ciphers. In this case, prepend those ciphers
 #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
 #   Caveat: by giving precedence to RC4-SHA and AES128-SHA
 #   (as in the example below), most connections will no longer
 #   have perfect forward secrecy - if the server's key is
 #   compromised, captures of past or future traffic must be
 #   considered compromised, too.
 #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
 #SSLHonorCipherOrder on
 
 #   Pass Phrase Dialog:
 #   Configure the pass phrase gathering process.
 #   The filtering dialog program (`builtin' is an internal
 #   terminal dialog) has to provide the pass phrase on stdout.
 SSLPassPhraseDialog  builtin
 
 #   Inter-Process Session Cache:
 #   Configure the SSL Session Cache: First the mechanism
 #   to use and second the expiring timeout (in seconds).
 #SSLSessionCache         "dbm:logs/ssl_scache"
 SSLSessionCache        "shmcb:logs/ssl_scache(512000)"
 SSLSessionCacheTimeout  300
 
 <VirtualHost _default_:443>
     DocumentRoot "sslroot/"
     ServerName www.example.com:443
     ServerAlias example.com
     ServerAdmin webmaster@example.com
     DirectoryIndex index.html index.htm index.php default.php app.php u.php
     ErrorLog logs/example_error.log
     CustomLog logs/example_access.log \
     "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
     SSLEngine on
     SSLCertificateFile "conf/server.crt"
     SSLCertificateKeyFile "conf/server.key"
 <FilesMatch "\.(shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
     BrowserMatch "MSIE [2-5]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
 </VirtualHost>
 
 这是原版的httpd-ssl.conf文件内容   上面有个Listen 443对443端口检测的代码  我们把这段代码删除了  
 如果您不想删除这段代码那么httpd-listen.conf这个文件中的对443端口进行检测的代码也必须注释掉 在前面增加#号。。。
 如果是原版的httpd-listen.conf文件  我们不需要做第三步的修改。。。
 
 
 接下来我们增加HTTPS链接的主机:修改这段代码
 
 <VirtualHost _default_:443>
     DocumentRoot "sslroot/"
     ServerName www.example.com:443
     ServerAlias example.com
     ServerAdmin webmaster@example.com
     DirectoryIndex index.html index.htm index.php default.php app.php u.php
     ErrorLog logs/example_error.log
     CustomLog logs/example_access.log \
     "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
     SSLEngine on
     SSLCertificateFile "conf/server.crt"
     SSLCertificateKeyFile "conf/server.key"
 <FilesMatch "\.(shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
     BrowserMatch "MSIE [2-5]" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0
 </VirtualHost>
 
 修改成:
 NameVirtualHost *:443
 SSLStrictSNIVHostCheck off
 <VirtualHost _default_:443>
     DocumentRoot "D:/web/"  (注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。)
     ServerName www.easck.com:443  (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。)
     ServerAlias www.easck.com  (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。必须修改。)
 ServerAdmin admin@easck.com  (注:admin@easck.com这是您的网站管理员邮箱。修改成您的网站管理员邮箱。可以不修改。)
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
 SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/Apache/www.crt" (注:www.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。文件名要求越短越好)
 SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/Apache/www.key"
(注:www.key是您申请的Apache版本的SSL证书密匙文件和目录结构。可以修改目录结构和证书密匙文件名。文件名要求越短越好)
 SSLCertificateChainFile
"D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt"
(注:root_bundle.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。特别注意这个证书文件名root_bundle.crt不可以用www_bundle.crt这样的文件名。我测试www_bundle.crt这样的文件名不可以,启动不了Apache服务。必须是root_bundle.crt或者root_bundle1.crt,root_bundle2.crt这样的文件名称)
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory "D:/web/">  (注:D:/web/这也是您的网站目录。修改成您的网站目录)
     Options FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
 </Directory>
 </VirtualHost>
 
 以上配置文件中(注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。)这样的字符和解释请您在修改好之后全部删除。否则启动不了Apache服务。
 修改好之后后保存
 
 以下复制我的httpd-ssl.conf文件内容以供您参考修改:
 #
 # This is the Apache server configuration file providing SSL support.
 # It contains the configuration directives to instruct the server how to
 # serve pages over an https connection. For detailed information about these
 # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
 # Required modules: mod_log_config, mod_setenvif, mod_ssl,
 #          socache_shmcb_module (for default value of SSLSessionCache)
 
 #
 # Pseudo Random Number Generator (PRNG):
 # Configure one or more sources to seed the PRNG of the SSL library.
 # The seed data should be of good random quality.
 # WARNING! On some platforms /dev/random blocks if not enough entropy
 # is available. This means you then cannot use the /dev/random device
 # because it would lead to very long connection times (as long as
 # it requires to make more entropy available). But usually those
 # platforms additionally provide a /dev/urandom device which doesn't
 # block. So, if available, use this one instead. Read the mod_ssl User
 # Manual for more details.
 #
 #SSLRandomSeed startup file:/dev/random  512
 #SSLRandomSeed startup file:/dev/urandom 512
 #SSLRandomSeed connect file:/dev/random  512
 #SSLRandomSeed connect file:/dev/urandom 512
 
 
 #
 # When we also provide SSL we have to listen to the
 # standard HTTP port (see above) and to the HTTPS port
 #
 
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 
 #   Speed-optimized SSL Cipher configuration:
 #   If speed is your main concern (on busy HTTPS servers e.g.),
 #   you might want to force clients to specific, performance
 #   optimized ciphers. In this case, prepend those ciphers
 #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
 #   Caveat: by giving precedence to RC4-SHA and AES128-SHA
 #   (as in the example below), most connections will no longer
 #   have perfect forward secrecy - if the server's key is
 #   compromised, captures of past or future traffic must be
 #   considered compromised, too.
 #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
 #SSLHonorCipherOrder on
 
 #   Pass Phrase Dialog:
 #   Configure the pass phrase gathering process.
 #   The filtering dialog program (`builtin' is an internal
 #   terminal dialog) has to provide the pass phrase on stdout.
 SSLPassPhraseDialog  builtin
 
 #   Inter-Process Session Cache:
 #   Configure the SSL Session Cache: First the mechanism
 #   to use and second the expiring timeout (in seconds).
 #SSLSessionCache         "dbm:logs/ssl_scache"
 SSLSessionCache        "shmcb:logs/ssl_scache(512000)"
 SSLSessionCacheTimeout  300
 
 NameVirtualHost *:443
 SSLStrictSNIVHostCheck off
 
 #第一个子域名www.easck.com主机配置
 <VirtualHost _default_:443>
     DocumentRoot "D:/www/"
     ServerName www.easck.com:443
     ServerAlias www.easck.com
 ServerAdmin you@example.com
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
 SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/Apache/www.crt"
 SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/Apache/www.key"
 SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt"
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory "D:/www/">
     Options FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
 </Directory>
 </VirtualHost>
 #第二个以down.easck.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第三个主机相同。
 <VirtualHost *:443>
     DocumentRoot "D:/down"
     ServerName down.easck.com:443
     ServerAlias down.easck.com
 ServerAdmin you@example.com
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
     SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/down/down.crt"
     SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/down/down.key"
     SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/down/root_bundle2.crt"
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory "D:/down">
     Options FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
 </Directory>
 </VirtualHost>
 #第三个以bbs.easck.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第二个主机相同。
 <VirtualHost *:443>
     DocumentRoot "D:/bbs"
     ServerName bbs.easck.com:443
     ServerAlias bbs.easck.com
 ServerAdmin you@example.com
 SSLEngine on
 SSLProtocol all -SSLv2
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
     SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.crt"
     SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.key"
     SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/bbs/root_bundle3.crt"
 <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
 </FilesMatch>
 <Directory "D:/bbs">
     Options FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
 </Directory>
 </VirtualHost>
 
 复制以上这段代码到您的httpd-ssl.conf文件中并且修改响应的网站目录和域名之后就可以使用了。。如果你只有一个主机或者两个主机可以删除<VirtualHost *:443>。。。。。</VirtualHost>的内容
 
 同时不论是单主机还是多主机 都可以使用我给出的方法。。。。

按照推理,所有apache服务器都应该符合本教材,只是目录结构的变化存在差异
Tags:
最新图文资讯
1 2 3 4 5 6
相关文章列表:
易采站长站 - 联系我们 - 广告服务 - 友情链接 - 网站地图 - 版权声明 - 人才招聘 - 帮助 -