不知道要拿来做什么但觉得很有意思的个人博客
Ubuntu20.04 Apache Https Tutorial
Ubuntu20.04 Apache Https Tutorial

Ubuntu20.04 Apache Https Tutorial

腾讯云一键HTTPS服务

一键HTTPS服务到期如何处理

若之前使用过一键HTTPS的话,先解决一键HTTPS服务修改DNS解析域,定向到CNAME的问题。

困扰了我半个多小时= =

HTTPS服务证书安装

参考了以下两个链接:

CentOS下Apache服务器SSL证书安装

在Ubuntu上的Apache配置SSL(https证书)的正确姿势

首先是按照腾讯云教程下载证书等,这里就不再详细赘述。主要是针对Ubuntu系统下利用 apt-get安装 Apache之后的情况。与CentOS的情况不同,在Ubuntu下Apache服务的默认地址是/etc/apache2/,且以这样子的方式陈列,

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
#	/etc/apache2/
#	|-- apache2.conf
#	|	`--  ports.conf
#	|-- mods-enabled
#	|	|-- *.load
#	|	`-- *.conf
#	|-- conf-enabled
#	|	`-- *.conf
# 	`-- sites-enabled
#	 	`-- *.conf

首先要确保局域网防火墙443接口是打开的,然后确保安装了openssl

apt-get install opanessl

然后是在ports.conf文件中,确保含有以下几句:

<IfModule ssl_module>
	Listen 443
</IfModule>
 
<IfModule mod_gnutls.c>
	Listen 443
</IfModule>

最后是ssl.confssl.load文件的启用。ssl.load长这样

# Depends: setenvif mime socache_shmcb
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

所有/*-avaliable的文件夹下的文件都是默认没有被启用的,对于添加SSL规则需要启用新的文件。要做的就是复制/mods-avaliable文件夹下的ssl.conf, ssl.load文件到/mods-enables里面,或者也可以手动添加进执行列表,只需要修改apache2.conf文件中的includeOption那一块代码即可。 对于ssl.conf文件,这里提供一个模板,

<IfModule mod_ssl.c>
<VirtualHost 0.0.0.0:443>
        DocumentRoot "/var/www/html" 
        #填写证书名称
        ServerName ***.com
        #启用 SSL 功能
        SSLEngine on 
        #证书文件的路径
        SSLCertificateFile ***.crt
        #私钥文件的路径
        SSLCertificateKeyFile ***.key
        #证书链文件的路径
        SSLCertificateChainFile ***.crt

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
		# error, crit, alert, emerg.
		# It is also possible to configure the loglevel for particular
		# modules, e.g.
		#LogLevel info ssl:warn
 
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
 
		# For most configuration files from conf-available/, which are
		# enabled or disabled at a global level, it is possible to
		# include a line for only one particular virtual host. For example the
		# following line enables the CGI configuration for this host only
		# after it has been globally disabled with "a2disconf".
		#Include conf-available/serve-cgi-bin.conf
 
		#   SSL Engine Switch:
		#   Enable/Disable SSL for this virtual host.
		SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
 
		#   SSL Protocol Adjustments:
		#   The safe and default but still SSL/TLS standard compliant shutdown
		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
		#   the close notify alert from client. When you need a different shutdown
		#   approach you can use one of the following variables:
		#   o ssl-unclean-shutdown:
		#	 This forces an unclean shutdown when the connection is closed, i.e. no
		#	 SSL close notify alert is send or allowed to received.  This violates
		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
		#	 this when you receive I/O errors because of the standard approach where
		#	 mod_ssl sends the close notify alert.
		#   o ssl-accurate-shutdown:
		#	 This forces an accurate shutdown when the connection is closed, i.e. a
		#	 SSL close notify alert is send and mod_ssl waits for the close notify
		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
		#	 practice often causes hanging connections with brain-dead browsers. Use
		#	 this only for browsers where you know that their SSL implementation
		#	 works correctly.
		#   Notice: Most problems of broken clients are also related to the HTTP
		#   keep-alive facility, so you usually additionally want to disable
		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
		#   "force-response-1.0" for this.
		# BrowserMatch "MSIE [2-6]" \
		#		nokeepalive ssl-unclean-shutdown \
		#		downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

然后重启apache2服务即可。

sudo systemctl restart apache2

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注