阿里云CentOS配置https
2017-04-19 本文已影响280人
bbdlg
目标
自有网站原为http协议,因开发微信小程序,需要配置https协议,但又不打算取消原有http协议,故需要网站同时支持http和https两种协议。
环境
# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.0.1406 (Core)
Release: 7.0.1406
Codename: Core
# uname -a
Linux iZ941id4vr3Z 3.10.0-123.9.3.el7.x86_64 #1 SMP Thu Nov 6 15:06:03 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 12 2017 21:03:28
参考
CentOS官方提供的资料:https://wiki.centos.org/HowTos/Https
注意
VirtualHosts 的配置不在 /etc/httpd/conf/httpd.conf 中,而是在 /etc/http/conf.d/httpd-vhosts.conf 中。
步骤
- 安装ssl支持
yum install mod_ssl openssl
- 生成自签名证书
# Generate private key
openssl genrsa -out ca.key 2048
# Generate CSR
openssl req -new -key ca.key -out ca.csr
# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
- 修改ssl.conf的证书文件路径
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
- 修改httpd-vhosts.conf中的虚拟机配置
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/vhosts/yoursite.com/httpsdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
ServerName yoursite.com
</VirtualHost>
- 重启Apache服务
apachectl restart
- 验证
访问 https://yoursite.com/ 和 http://yoursite.com 可以发现均可以访问。
但由于是自生成证书,(chrome)访问时会有不安全提示。
https的不安全提示
