Https配置修改相关问题

2019年6月29日   |   by jones

前序

安装了openssl,然后修改http.conf文件:
增加:

<VirtualHost www.xxx.com:443>

    SSLEngine on

    DocumentRoot /xxx/xxx
    ServerName www.xxx.com

    # 添加 SSL 协议支持协议,去掉不安全的协议
    SSLProtocol all -SSLv2 -SSLv3
    # 修改加密套件如下
    SSLCipherSuite AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
    SSLHonorCipherOrder on

    SSLCertificateFile /xxx/com_public.crt
    SSLCertificateKeyFile xxx/com.key
    SSLCertificateChainFile /xxx/com_chain.crt

    <Directory "/xxx/xxx">
       allow from all
       AllowOverride all
    </Directory>

</VirtualHost>    

迁移后,https不工作。

修改

新建文件

ssl.conf

httpd.conf 增加:

Include ssl.conf

  • ssl.conf内容:
    关键点:
  1. >
<VirtualHost www.xxx.com:443>
改为
<VirtualHost *:443>
  1. >
<Directory "/xxx/xxx">
..    
</Directory>
要删除,留下https无法启动。
LoadModule ssl_module modules/mod_ssl.so

#
# When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443

<VirtualHost *:443>

    # General setup for the virtual host, inherited from global configuration
    DocumentRoot /alidata/inworths
    ServerName www.inworths.com

    #SSL Engine Switch:
    #Enable/Disable SSL for this virtual host.
    SSLEngine on

    #SSL Protocol support:
    #List the enable protocol levels with which clients will be able to
    #connect.  Disable SSLv2 access by default:
    SSLProtocol all -SSLv2

    #SSL Cipher Suite:
    #List the ciphers that the client is permitted to negotiate.
    #See the mod_ssl documentation for a complete list.
    SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

    #Server Certificate:
    SSLCertificateFile /xxx/xxx.com_public.crt

    #Server Private Key:
    SSLCertificateKeyFile /xxx/xxx.com.key

    #Server Certificate Chain:
    #SSLCertificateChainFile /xxx/xxx-chain.crt


</VirtualHost>

点击数:0

Recent Comments

  1. jones

    2019年6月29日 @ 下午2:11

    ** HTTP强制跳转HTTPS

    客户默认的http请求,自动跳转为https。

    配置重写语句
    到80(http)的virtualhost去配置

    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R]

Leave Your Comment

关注我们的微信公众号获取更多健身信息
蜀ICP备15013372号