项目需要通过https访问apache2服务资源,查了很多资料,最后终于总结出一个可用的配置
1、安装apache24
sudo apt-get install apache2
2、配置自定义端口
sudo vi /etc/apache2/ports.conf
Listen 80 改为 自己的端口,例如:Listen 9001,重启apache服务
sudo service apache2 restart
3、在浏览器通过IP:9001访问apache主页,例如:http://192.168.43.223:9001。正常情况下能访问到apache2主页。
下面配置https访问
4、创建证书
sudo apt-get install ssl-cert
make-ssl-cert
按工具默认生成证书
sudo make-ssl-cert generate-default-snakeoil
5、通过openssl命令行创建自签名证书。
sudo openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache.pem -out /etc/ssl/private/apache.pem -nodes -days 999
Country Name (2 letter code) [AU]:CN ←输入国家代码
State or Province Name (full name) [Some-State]:BJ ← 输入省名
Locality Name (eg, city) []:BJ ←输入城市名
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TT ← 输入公司名
Organizational Unit Name (eg, section) []:TT ← 输入组织单位名
Common Name (eg, YOUR name) []:extend.me ← 输入主机名,例如:192.168.43.223
Email Address []:A@163.com ←输入电子邮箱地址
6、签署证书
sudo openssl genrsa 1024 >server.key
7、生成证书请求文件
openssl req -new -key server.key > server.csr
8、配置apache
1、开启SSL模块
a2enmod ssl
2、启用SSL站点
a2ensite default-ssl
3、配置虚拟主机,编辑default-ssl文件
sudo vim /etc/apache2/sites-enabled/default-ssl.conf
<VirtualHost _default_:443>改为<VirtualHost _default_:9001>
ServerName 192.168.43.223
4、配置SSL证书
按如下配置
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
9、重启apache服务
sudo service apache2 restart
10、在浏览器通过https://IP:9001访问apache主页,例如:https://192.168.43.223:9001。正常情况下能访问到apache2主页
11、若443端口已经被其他程序占用,则可能出现如下报错:
root@iZ8vb81dex3va7ucvuldl7Z:/etc/apache2/sites-enabled# sudo service apache2 start
* Starting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
此时需要修改ports.conf文件
sudo vi /etc/apache2/ports.conf
Listen 9001
<IfModule ssl_module>
Listen 444
</IfModule>
<IfModule mod_gnutls.c>
Listen 444
</IfModule>
然后重启apache2服务即可