工作中经常会遇到多个站点实现https访问,并指向同一个网页,本文将详解如何在Centos 环境下配置Apache多站点实现HTTPS访问。
准备工作
OS:CentOS release 6.8 (Final)
Web:Apache
安装Apache
1、安装Apache
[[email protected] ~]# yum install httpd -y2、启动服务
[[email protected] ~]# service httpd start
Starting httpd: [ OK ]
[[email protected] ~]# 3、修改测试页面
[[email protected] ~]# cat /var/www/html/index.html
<h1>
Apache Test Page~
</h1>4、测试访问
实现HTTPS访问
1、安装SSL模块
[[email protected] ~]# yum install mod_ssl -y2、检测
[[email protected] ~]# cd /etc/httpd/modules/
[[email protected] modules]# ll | grep ssl
-rwxr-xr-x 1 root root 181872 Oct 20 2017 mod_ssl.so3、上传证书文件
这里我们可以到各大厂商去申请免费证书,可满足个人网站的需求,如企业网站,建议购买企业收费证书;
[[email protected] ~]# cd /etc/httpd/
[[email protected] httpd]# mkdir ssl/default
[[email protected] httpd]# cd ssl/default
[[email protected] default]# rz
[[email protected] default]# ll
total 12
-rw-r--r-- 1 root root 1683 Apr 13 22:26 1_root_bundle.crt
-rw-r--r-- 1 root root 2008 Apr 13 22:26 2_domaintest.cn.crt
-rw-r--r-- 1 root root 1678 Apr 13 22:26 3_domaintest.cn.key
[[email protected] default]# 4、修改配置
[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# ls
README ssl.conf welcome.conf
[[email protected] conf.d]# vim ssl.conf LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName domaintest.cn
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/default/2_domaintest.cn.crt
SSLCertificateKeyFile /etc/httpd/ssl/default/3_domaintest.cn.key
SSLCertificateChainFile /etc/httpd/ssl/default/1_root_bundle.crt
</VirtualHost>| 配置文件参数 | 说明 |
|---|---|
| LoadModule | 加载SSL模块 |
| Listen | 监听443端口 |
| DocumentRoot | 网页目录 |
| ServerName | 站点域名 |
| SSLEngine on | 启用SSL功能 |
| SSLCertificateFile | 证书文件 |
| SSLCertificateKeyFile | 私钥文件 |
| SSLCertificateChainFile | 证书链文件 |
5、重启服务
[[email protected] ~]# httpd -t
Syntax OK
可以先试用httpd -t 检测一下配置文件是否正确,然后再重启服务;
[[email protected] ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]6、检测端口是否监听
[[email protected] conf.d]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:443 *:*
[[email protected] conf.d]# 7、测试访问
- 建议使用google浏览器进行测试访问,f12查看,会显示“This page is secure (valid HTTPS).”,说明证书配置正确;
配置多个HTTPS站点
1、上传证书文件
[[email protected] ~]# cd /etc/httpd/ssl/ [[email protected] ssl]# mkdir web [[email protected] ssl]# cd web/ [[email protected] web]# rz2、修改配置文件
LoadModule ssl_module modules/mod_ssl.so Listen 443 NameVirtualHost *:443 # 第一个虚拟主机 <VirtualHost *:443> DocumentRoot "/var/www/html" ServerName domaintest.cn SSLEngine on SSLCertificateFile /etc/httpd/ssl/default/2_domaintest.cn.crt SSLCertificateKeyFile /etc/httpd/ssl/default/3_domaintest.cn.key SSLCertificateChainFile /etc/httpd/ssl/default/1_root_bundle.crt </VirtualHost> #第二个虚拟主机 <VirtualHost *:443> DocumentRoot "/var/www/html" ServerName web.domaintest.cn SSLEngine on SSLCertificateFile /etc/httpd/ssl/web/2_web.domaintest.cn.crt SSLCertificateKeyFile /etc/httpd/ssl/web/3_web.domaintest.cn.key SSLCertificateChainFile /etc/httpd/ssl/web/1_root_bundle.crt </VirtualHost>3、重启服务
[[email protected] conf.d]# service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [[email protected] conf.d]#4、测试访问
到这里,Apache多站点https就实现了~
原文地址:http://blog.51cto.com/guoxh/2114630
时间: 2024-08-11 18:07:42