最近因为需要subversion在广域网上进行版本控制,考虑到安全问题,需要添加SSL支持。网上的一些ubuntu下的apache2 SSL配置资料有点老,现根据自己的安装情况描述一下,以便将来查询。
1. 安装最新的 Apache2.2, 新版本中已经包含了SSL
sudo apt-get install apache2
2. 设置SSL认证
sudo mkdir /etc/apache2/ssl
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
然后是一路回车
3. 配置
sudo a2enmod ssl
sudo a2enmod rewrite
sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/ssl
修改"ssl" 文件:
<IfModule mod_ssl.c>
NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/
<directory />
Options FollowSymLinks
AllowOverride None
</directory>
<directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# Commented out for Ubuntu
#RedirectMatch ^/$ /apache2-default/
</directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>
</virtualhost>
</IfModule>
然后执行
sudo a2ensite ssl
(注:这里的ssl就是刚才创建的ssl文件)
4. 在apache2.conf中设置ServerName
比如:
ServerName 127.0.0.1
5. 重启apache2
sudo /etc/init.d/apache2 force-reload
或者
sudo /etc/init.d/apache2 restart