zoukankan      html  css  js  c++  java
  • ubuntu apache2 https

    1. enable the module ssl by:

    sudo a2enmod ssl

    2.after you have enabled module ssl , you will have to restart the web server for the change to be recognized:

    sudo service apache2 restart

    now ,the web server is able to handle ssl

    3. create a directory to place the certificate files that will be maked:

    sudo mkdir /etc/apache2/ssl

    4.create our key and certificate 

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

    let's go over what this means :

    • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
    • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
    • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
    • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
    • -days 365: This specifies that the certificate we are creating will be valid for one year.
    • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
    • -keyout: This parameter names the output file for the private key file that is being created.
    • -out: This option names the output file for the certificate that we are generating.

      when you hit "ENTER" , you will be asked some questions , answer it ....

      then, the key and certificate will be created and placed in the /etc/apache2/ssl directory

      now ! ! ! ! ! ! ! ! ! !  ! we will configure apache to use ssl

      open the file with your editor

      

    sudo vi /etc/apache2/site-available/default-ssl.conf

    what we should modify is the content with red

    <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
            ServerAdmin admin@example.com
            ServerName your_domain.com
            ServerAlias www.your_domain.com
            DocumentRoot /var/www/html
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            <FilesMatch ".(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
            BrowserMatch "MSIE [2-6]" 
                            nokeepalive ssl-unclean-shutdown 
                            downgrade-1.0 force-response-1.0
            BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
    </IfModule>

    save and exit the file when you finished

    then we enable it by:

    sudo a2ensite default-ssl.conf

    restart our web server

    sudo service apache2 restart

    now you can test it in your explorer 

    https://server_domain_name_or_IP:443

  • 相关阅读:
    分享下有趣的注释头
    android studio 的自动更新问题
    docker 搭建kafka集群(入门版)
    brew换源
    golang web框架 kratos中的日志框架
    golang 日志框架(zap)完整配置和使用
    python 日志模块
    mysqldump备份恢复数据
    寻找二叉树上从根结点到给定结点的路径
    linux 磁盘IO速度测试
  • 原文地址:https://www.cnblogs.com/lwmp/p/6383181.html
Copyright © 2011-2022 走看看