美文网首页
linux Apache设置https访问以及加载mod_ssl

linux Apache设置https访问以及加载mod_ssl

作者: 端木安玉 | 来源:发表于2020-05-07 16:25 被阅读0次

    开始之前的话:

    1.配置好服务器防火墙的443端口规则;

    2.购买好证书文件,我是沃通证书,准备好证书,这里不演示证书的购买和安装。
    3.我的apache是编译安装的,文件目录在/usr/local/apache 按照以上文档设置后发现是缺少mod-ssl.so这个模块的。所以我设置好配置文件后重启服务直接报错

    [root@www bin]# ./apachectl -k restart
    Syntax error on line 60 of /usr/local/apache/conf/extra/httpd-ssl.conf:
    Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
    

    查阅资料发现也的确是这个模块未安装,因为是编译安装的,所以只能下载对应的版本文件上传编译安装这个模块

    5.查找自己的apache版本:

    <pre style="margin: 0px 0px 0px 22px; white-space: pre-wrap; overflow-wrap: break-word; font-size: 12px !important; font-family: &quot;Courier New&quot; !important;">[root@www bin]# ./apachectl -v
    Server version: Apache/2.2.34 (Unix)
    Server built:   Aug 4 2017 04:25:09</pre>
    

    是apache/2.2.34版本,

    6.根据服务器apache版本下载对应版本:apache历史版本下载 (好像要梯子,我是直接香港服务器下载的)

    去官网下载对应的版本httpd2.2.34.tar.gz

    7.解压下载的版本文件 将modules下的loggers,ssl两个文件【一定是两个文件否则出错】放到服务器端apache的modules下

    [root@www apache]# cd modules/ [root@www modules]# ls  ##这里是没有要上传的两个文件目录
    httpd.exp           mod_authn_dbd.so        mod_authz_owner.so  mod_deflate.so     mod_ident.so         mod_mime.so         mod_suexec.so
    libphp5.so          mod_authn_dbm.so        mod_authz_user.so   mod_dir.so         mod_imagemap.so      mod_negotiation.so  mod_unique_id.so
    mod_actions.so      mod_authn_default.so    mod_autoindex.so    mod_dumpio.so      mod_include.so       mod_reqtimeout.so   mod_userdir.so
    mod_alias.so        mod_authn_file.so       mod_cern_meta.so    mod_env.so         mod_info.so          mod_rewrite.so      mod_usertrack.so
    mod_asis.so         mod_authz_dbm.so        mod_cgi.so          mod_expires.so     mod_log_config.so    mod_setenvif.so     mod_version.so
    mod_auth_basic.so   mod_authz_default.so    mod_dav_fs.so       mod_ext_filter.so  mod_log_forensic.so  mod_speling.so      mod_vhost_alias.so
    mod_auth_digest.so  mod_authz_groupfile.so  mod_dav.so          mod_filter.so      mod_logio.so         mod_status.so
    mod_authn_anon.so   mod_authz_host.so       mod_dbd.so          mod_headers.so     mod_mime_magic.so    mod_substitute.so
    [root@www modules]# ll   ###在这个文件目录下也没有所需的mod_ssl.so模块
    total 39248
    -rw-r--r-- 1 root root     9377 Aug  4  2017 httpd.exp -rwxr-xr-x 1 root root 37156191 Aug  4  2017 libphp5.so
    drwxr-xr-x 2 root root     4096 Jul  1 15:32 loggers   ##上传好的文件 -rwxr-xr-x 1 root root    29682 Aug  4  2017 mod_actions.so -rwxr-xr-x 1 root root    42461 Aug  4  2017 mod_alias.so -rwxr-xr-x 1 root root    26746 Aug  4  2017 mod_asis.so -rwxr-xr-x 1 root root    31555 Aug  4  2017 mod_auth_basic.so -rwxr-xr-x 1 root root    75321 Aug  4  2017 mod_auth_digest.so -rwxr-xr-x 1 root root    28015 Aug  4  2017 mod_authn_anon.so -rwxr-xr-x 1 root root    33221 Aug  4  2017 mod_authn_dbd.so -rwxr-xr-x 1 root root    28936 Aug  4  2017 mod_authn_dbm.so -rwxr-xr-x 1 root root    25020 Aug  4  2017 mod_authn_default.so -rwxr-xr-x 1 root root    29331 Aug  4  2017 mod_authn_file.so -rwxr-xr-x 1 root root    32931 Aug  4  2017 mod_authz_dbm.so -rwxr-xr-x 1 root root    25082 Aug  4  2017 mod_authz_default.so -rwxr-xr-x 1 root root    32860 Aug  4  2017 mod_authz_groupfile.so -rwxr-xr-x 1 root root    32531 Aug  4  2017 mod_authz_host.so -rwxr-xr-x 1 root root    28441 Aug  4  2017 mod_authz_owner.so -rwxr-xr-x 1 root root    27019 Aug  4  2017 mod_authz_user.so -rwxr-xr-x 1 root root    96568 Aug  4  2017 mod_autoindex.so -rwxr-xr-x 1 root root    31153 Aug  4  2017 mod_cern_meta.so -rwxr-xr-x 1 root root    73833 Aug  4  2017 mod_cgi.so -rwxr-xr-x 1 root root   185754 Aug  4  2017 mod_dav_fs.so -rwxr-xr-x 1 root root   345418 Aug  4  2017 mod_dav.so -rwxr-xr-x 1 root root    56796 Aug  4  2017 mod_dbd.so -rwxr-xr-x 1 root root    71840 Aug  4  2017 mod_deflate.so -rwxr-xr-x 1 root root    31959 Aug  4  2017 mod_dir.so -rwxr-xr-x 1 root root    31867 Aug  4  2017 mod_dumpio.so -rwxr-xr-x 1 root root    28846 Aug  4  2017 mod_env.so -rwxr-xr-x 1 root root    37566 Aug  4  2017 mod_expires.so -rwxr-xr-x 1 root root    60673 Aug  4  2017 mod_ext_filter.so -rwxr-xr-x 1 root root    48974 Aug  4  2017 mod_filter.so -rwxr-xr-x 1 root root    55132 Aug  4  2017 mod_headers.so -rwxr-xr-x 1 root root    33238 Aug  4  2017 mod_ident.so -rwxr-xr-x 1 root root    47520 Aug  4  2017 mod_imagemap.so -rwxr-xr-x 1 root root   125357 Aug  4  2017 mod_include.so -rwxr-xr-x 1 root root    50893 Aug  4  2017 mod_info.so -rwxr-xr-x 1 root root    83862 Aug  4  2017 mod_log_config.so -rwxr-xr-x 1 root root    35269 Aug  4  2017 mod_log_forensic.so -rwxr-xr-x 1 root root    29510 Aug  4  2017 mod_logio.so -rwxr-xr-x 1 root root    76780 Aug  4  2017 mod_mime_magic.so -rwxr-xr-x 1 root root    51248 Aug  4  2017 mod_mime.so -rwxr-xr-x 1 root root   102460 Aug  4  2017 mod_negotiation.so -rwxr-xr-x 1 root root    41673 Aug  4  2017 mod_reqtimeout.so -rwxr-xr-x 1 root root   164579 Aug  4  2017 mod_rewrite.so -rwxr-xr-x 1 root root    39321 Aug  4  2017 mod_setenvif.so -rwxr-xr-x 1 root root    36386 Aug  4  2017 mod_speling.so -rwxr-xr-x 1 root root    58503 Aug  4  2017 mod_status.so -rwxr-xr-x 1 root root    41166 Aug  4  2017 mod_substitute.so -rwxr-xr-x 1 root root    27954 Aug  4  2017 mod_suexec.so -rwxr-xr-x 1 root root    30111 Aug  4  2017 mod_unique_id.so -rwxr-xr-x 1 root root    31342 Aug  4  2017 mod_userdir.so -rwxr-xr-x 1 root root    37930 Aug  4  2017 mod_usertrack.so -rwxr-xr-x 1 root root    23067 Aug  4  2017 mod_version.so -rwxr-xr-x 1 root root    37708 Aug  4  2017 mod_vhost_alias.so
    drwxr-xr-x 2 root root     4096 Jul  1 15:32 ssl  ##上传好的文件
    

    8.cd到服务端的modules/ssl目录;执行命令:

     apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c 
    

    即可

    [root@www modules]# cd ssl/ [root@www ssl]# ls
    config.m4    mod_ssl.mak          ssl_engine_dh.c      ssl_engine_pphrase.c  ssl_expr_parse.c  ssl_scache.c          ssl_util_ssl.c
    Makefile.in NWGNUmakefile        ssl_engine_init.c    ssl_engine_rand.c     ssl_expr_parse.h  ssl_scache_dbm.c      ssl_util_ssl.h
    mod_ssl.c    README               ssl_engine_io.c      ssl_engine_vars.c     ssl_expr_parse.y  ssl_scache_dc.c
    mod_ssl.dep  README.dsov.fig      ssl_engine_kernel.c  ssl_expr.c            ssl_expr_scan.c   ssl_scache_shmcb.c
    mod_ssl.dsp  README.dsov.ps       ssl_engine_log.c     ssl_expr_eval.c       ssl_expr_scan.l   ssl_toolkit_compat.h
    mod_ssl.h    ssl_engine_config.c  ssl_engine_mutex.c   ssl_expr.h            ssl_private.h     ssl_util.c
    [root@www ssl]# apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o mod_ssl.lo mod_ssl.c && touch mod_ssl.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_config.lo ssl_engine_config.c && touch ssl_engine_config.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_dh.lo ssl_engine_dh.c && touch ssl_engine_dh.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_init.lo ssl_engine_init.c && touch ssl_engine_init.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_io.lo ssl_engine_io.c && touch ssl_engine_io.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_kernel.lo ssl_engine_kernel.c && touch ssl_engine_kernel.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_log.lo ssl_engine_log.c && touch ssl_engine_log.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_mutex.lo ssl_engine_mutex.c && touch ssl_engine_mutex.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_pphrase.lo ssl_engine_pphrase.c && touch ssl_engine_pphrase.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_rand.lo ssl_engine_rand.c && touch ssl_engine_rand.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_engine_vars.lo ssl_engine_vars.c && touch ssl_engine_vars.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_expr.lo ssl_expr.c && touch ssl_expr.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_expr_eval.lo ssl_expr_eval.c && touch ssl_expr_eval.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_expr_parse.lo ssl_expr_parse.c && touch ssl_expr_parse.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_expr_scan.lo ssl_expr_scan.c && touch ssl_expr_scan.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_scache.lo ssl_scache.c && touch ssl_scache.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_scache_dbm.lo ssl_scache_dbm.c && touch ssl_scache_dbm.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_scache_dc.lo ssl_scache_dc.c && touch ssl_scache_dc.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_scache_shmcb.lo ssl_scache_shmcb.c && touch ssl_scache_shmcb.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_util.lo ssl_util.c && touch ssl_util.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include  -I/usr/local/apache/include   -I/usr/local/apache/include  -I/usr/include/openssl -DHAVE_OPENSSL=1  -c -o ssl_util_ssl.lo ssl_util_ssl.c && touch ssl_util_ssl.slo /usr/local/apache/build/libtool --silent --mode=link gcc -o mod_ssl.la  -lcrypto -lssl -ldl -rpath /usr/local/apache/modules -module -avoid-version    ssl_util_ssl.lo ssl_util.lo ssl_scache_shmcb.lo ssl_scache_dc.lo ssl_scache_dbm.lo ssl_scache.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_expr.lo ssl_engine_vars.lo ssl_engine_rand.lo ssl_engine_pphrase.lo ssl_engine_mutex.lo ssl_engine_log.lo ssl_engine_kernel.lo ssl_engine_io.lo ssl_engine_init.lo ssl_engine_dh.lo ssl_engine_config.lo mod_ssl.lo /usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/apache/build/libtool' mod_ssl.la /usr/local/apache/modules /usr/local/apache/build/libtool --mode=install cp mod_ssl.la /usr/local/apache/modules/ libtool: install: cp .libs/mod_ssl.so /usr/local/apache/modules/mod_ssl.so
    libtool: install: cp .libs/mod_ssl.lai /usr/local/apache/modules/mod_ssl.la
    libtool: install: cp .libs/mod_ssl.a /usr/local/apache/modules/mod_ssl.a
    libtool: install: chmod 644 /usr/local/apache/modules/mod_ssl.a
    libtool: install: ranlib /usr/local/apache/modules/mod_ssl.a
    libtool: finish: PATH="/usr/local/mysql/bin:/usr/local/php/bin:/usr/local/apache/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /usr/local/apache/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/apache/modules     ###库已经安装在这个目录,安装完成
    
    If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and
    specify the full pathname of the library, or use the '-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
         during execution - add LIBDIR to the 'LD_RUN_PATH' environment variable
         during linking - use the '-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to '/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/local/apache/modules/mod_ssl.so
    [activating module `ssl' in /usr/local/apache/conf/httpd.conf]
    

    9.再次返回modlues目录可以看到已经安装mod_ssl.so

    root@www ssl]# cd ..
    [root@www modules]# ls
    httpd.exp           mod_authn_dbd.so        mod_authz_user.so  mod_dumpio.so      mod_info.so          mod_setenvif.so    mod_version.so
    libphp5.so          mod_authn_dbm.so        mod_autoindex.so   mod_env.so         mod_log_config.so    mod_speling.so     mod_vhost_alias.so
    loggers             mod_authn_default.so    mod_cern_meta.so   mod_expires.so     mod_log_forensic.so  mod_ssl.so         ssl
    mod_actions.so      mod_authn_file.so       mod_cgi.so         mod_ext_filter.so  mod_logio.so         mod_status.so
    mod_alias.so        mod_authz_dbm.so        mod_dav_fs.so      mod_filter.so      mod_mime_magic.so    mod_substitute.so
    mod_asis.so         mod_authz_default.so    mod_dav.so         mod_headers.so     mod_mime.so          mod_suexec.so
    mod_auth_basic.so   mod_authz_groupfile.so  mod_dbd.so         mod_ident.so       mod_negotiation.so   mod_unique_id.so
    mod_auth_digest.so  mod_authz_host.so       mod_deflate.so     mod_imagemap.so    mod_reqtimeout.so    mod_userdir.so
    mod_authn_anon.so   mod_authz_owner.so      mod_dir.so         mod_include.so     mod_rewrite.so       mod_usertrack.so
    

    10.重启web服务器 ./apachectl -k restart即可 因为我的apache是编译安装的,所以在apache的安装目录下的bin文件目录中执行这个重启命令

    [root@www bin]# ./ap
    apachectl     apr-1-config  apu-1-config  apxs          
    [root@www bin]# ./apachectl -k restart
    [root@www bin]# </pre>
    

    11.查看https已经生效。

    相关文章

      网友评论

          本文标题:linux Apache设置https访问以及加载mod_ssl

          本文链接:https://www.haomeiwen.com/subject/bzmaghtx.html