Apache下配置单IP多虚拟主机和HTTPS服务
因工作需要,要为一台Web Server中的虚拟主机配置HTTPS.大致看了下文档,也参考了一下网上的资料.配置成功了.现做个笔记.
记得在网上找资料的时候,我下面笔记中的内容好象是对于Apache的版本有要求的,是多少不太记得了.我现在使用的是Apache的版本是2.2.23.
先大致讲下单IP的Apache的多虚拟主机的配置.
首先在httpd.conf中将
1 | Include etc/apache22/extra/httpd-vhosts.conf |
注释去掉.
然后编辑/usr/local/etc/apache22/extra/httpd-vhosts.conf内容,如下:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | NameVirtualHost *:80<VirtualHost *:80> DocumentRoot /usr/local/www/apache22/data/mydomain1.com ServerName mydomain1.com:80 <Directory /usr/local/www/apache22/data/mydomain1.com> Options FollowSymLinks AllowOverride All Order deny,allow Allow from all </Directory> ErrorDocument 404 error.php CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/access.%Y%m%d.log 86400" common ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400"</VirtualHost><VirtualHost *:80> DocumentRoot /usr/local/www/apache22/data/mydomain2.com ServerName mydomain1.com:80 <Directory /usr/local/www/apache22/data/mydomain2.com> Options FollowSymLinks AllowOverride All Order deny,allow Allow from all </Directory> ErrorDocument 404 error.php CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/access.%Y%m%d.log 86400" common ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain2.com/error.%Y%m%d.log 86400"</VirtualHost> |
然后重启Apache
1 | /usr/local/etc/rc.d/apahce22 restart |
就可以完成虚拟主机的设置了.
然后再讲讲有关HTTPS的设置.
先在httpd.conf文件中将有关ssl的注释去掉.有两个地方:
1 2 | # 加载SSL模块LoadModule ssl_module modules/mod_ssl.so |
1 2 | # 加载ssl的配置文件Include conf/extra/httpd-ssl.conf |
然后生成证书,我们的证书是使用openssl来加密的,如果没有安装,就要先安装openssl:
1 2 | cd /usr/ports/security/opensslmake install clean |
然后再调用openssl来生成服务器证书私钥文件:
1 | openssl genrsa -out server.key 2048 |
然后再用私钥文件生成证书请求文件:
1 | openssl req -new -key server.key -out certreq.csr |
然后需要填写一些相关的域名信息,填写完成之后会生成一个certreq.csr文件.
如果是有申请公有证书,则可以把这个csr文件发给证书核发方,等待对方签发服务器公有证书.
证书一般是以”—–BEGIN CERTIFICATE—–“开头和以”—–END CERTIFICATE—–“结束的.假设这里我们得到的证书名称是server.crt
编辑/usr/local/etc/apahce22/extra/httpd-ssl.conf文件,修改如下:
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | Listen 443NameVirtualHost *:443AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crlSSLPassPhraseDialog builtinSSLSessionCache "shmcb:/var/run/ssl_scache(512000)"SSLSessionCacheTimeout 300SSLMutex "file:/var/run/ssl_mutex"<VirtualHost *:443> DocumentRoot "/usr/local/www/apache22/data/mydomain1.com" ServerName mydomain1.com ServerAdmin admin@mydomain1.com ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/error.%Y%m%d.log 86400" TransferLog "/var/log/httpd/mydomain1.com/httpd-access.log" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "/usr/local/etc/apache22/ssl_key/server.crt" SSLCertificateKeyFile "/usr/local/etc/apache22/ssl_key/server.key" #如果有另外一张CA中级证书,则需要启用这一行 #SSLCertificateChainFile "/usr/local/etc/apache22/ssl_key/ca.crt" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/www/apache22/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd/mydomain1.com/ssl_request.%Y%m%d.log 86400" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"</VirtualHost> |
然后重新启动Apache:
1 | /usr/local/etc/rc.d/apache22 restart |
然后再试试,大功告成!
