1..安装SSL模块
a2ensite default-ssl
a2enmod ssl
2..重新启动Apache!
/etc/init.d/apache2 restart
3..生成证书
apt-get install openssl
4..把证书放进/etc/ssl 里
5..配置 ssl.conf文件
a. 添加 SSL 协议支持语句,关闭不安全的协议和加密套件
SSLProtocol all -SSLv2 -SSLv3
b.修改加密套件如下
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
SSLCertificateFile etc/ssl/test.wosign.com.crt (证书公钥)
d.将服务器证书私钥配置到该路径下
SSLCertificateKeyFile etc/ssl/test.wosign.com.key (证书私钥)
e.将服务器证书链配置到该路径下
#SSLCertificateChainFile cetc/ssl/1_root_bundle.crt(证书链)删除行首的“#”号注 释符
f.配置转发规则
ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/
ServerAdmin webmaster@localhost
DocumentRoot ${RIGHTKNIGHTS_ROOT}
DirectoryIndex index.html index.htm index.jsp
ServerName abc.com
ServerAlias abc.com
ErrorLog ${APACHE_LOG_DIR}/abc-error.log
CustomLog ${APACHE_LOG_DIR}/abc-access.log combined
6.配置 HTTPS 强制跳转
打开 /etc/apache2/sites-available/000-default.conf,
在<VirtualHost *:80></VirtualHost>标签内随便一个地方加入以下三行
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
强制跳转https配置完毕,保存退出。
使配置生效
启动 rewrite mod
sudo a2enmod rewrite
重启 apache
sudo /etc/init.d/apache2 restart