1,到这里申请免费证书
https://freessl.cn/
2,安装相应模块(如已安装请跳过)
yum install mod_ssl openssl
3,修改apache配置文件
vi conf/httpd.conf
将下面几个取消注释
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
4,继续修改
vi conf/extra/httpd-ssl.conf
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProxyCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex sysvsem default
SSLStrictSNIVHostCheck on
5,修改网站配置文件,这里以宝塔为例。在站点配置中点开默认文件(需要注意的是证书存放目录要写对):
<VirtualHost *:80>
ServerName 23edd8ee.xxx.com
ServerAlias xxx.com www.xxx.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/www/wwwroot/xxx.com"
ServerName 23edd8ee.xxx.com
ServerAlias xxx.com:443 www.xxx.com:443
ErrorLog "/www/wwwlogs/xxx.com-error_log"
CustomLog "/www/wwwlogs/xxx.com-access_log" combined
SSLEngine on
SSLCertificateFile "/www/server/apache/cert/full_chain.pem"
SSLCertificateKeyFile /www/server/apache/cert/private.key
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-56.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/xxx.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
</Directory>
</VirtualHost>
最后,重启apache,访问https站点。
systemctl restart httpd
如果访问不了,重点检查443端口。
网友评论