zoukankan      html  css  js  c++  java
  • ubuntu apache2 https

    1. enable the module ssl by:

    sudo a2enmod ssl

    2.after you have enabled module ssl , you will have to restart the web server for the change to be recognized:

    sudo service apache2 restart

    now ,the web server is able to handle ssl

    3. create a directory to place the certificate files that will be maked:

    sudo mkdir /etc/apache2/ssl

    4.create our key and certificate 

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

    let's go over what this means :

    • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
    • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
    • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
    • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
    • -days 365: This specifies that the certificate we are creating will be valid for one year.
    • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
    • -keyout: This parameter names the output file for the private key file that is being created.
    • -out: This option names the output file for the certificate that we are generating.

      when you hit "ENTER" , you will be asked some questions , answer it ....

      then, the key and certificate will be created and placed in the /etc/apache2/ssl directory

      now ! ! ! ! ! ! ! ! ! !  ! we will configure apache to use ssl

      open the file with your editor

      

    sudo vi /etc/apache2/site-available/default-ssl.conf

    what we should modify is the content with red

    <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
            ServerAdmin admin@example.com
            ServerName your_domain.com
            ServerAlias www.your_domain.com
            DocumentRoot /var/www/html
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            <FilesMatch ".(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
            BrowserMatch "MSIE [2-6]" 
                            nokeepalive ssl-unclean-shutdown 
                            downgrade-1.0 force-response-1.0
            BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
    </IfModule>

    save and exit the file when you finished

    then we enable it by:

    sudo a2ensite default-ssl.conf

    restart our web server

    sudo service apache2 restart

    now you can test it in your explorer 

    https://server_domain_name_or_IP:443

  • 相关阅读:
    A05. openstack架构实战-nova服务控制节点安装
    A04. openstack架构实战-glance服务安装
    A03. openstack架构实战-keystone安装
    SSH暴力破解的解读与防御
    tcpdump抓包命令使用
    Superspeed.sh 一键测试服务器到中国上传/下载速度
    Windows ping TCP端口工具之tcping
    实验验证centos 7 系统不会缓存dns信息
    Linux下的TCP测试工具——TCPING安装简明教程
    Debian 9.12 live系统密码重置
  • 原文地址:https://www.cnblogs.com/lwmp/p/6383181.html
Copyright © 2011-2022 走看看