CentOS7下Apache及Tomcat开启SSL

安装:

复制代码
yum install -y openssl    #使用openssl可手动创建证书
yum install -y httpd
yum install -y mod_ssl

防火墙打开80、443端口,然后重启

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

Apache开启

systemctl enable httpd
systemctl start httpd
复制代码
强制HTTP-->HTTPS:

vim /etc/httpd/conf/httpd.conf 添加如下内容

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$      #另一种写法:RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]   #301表示永久移走
【Tomcat开启SSL】

http://sanketdangi.com/post/43734145363/secure-tomcat-through-apache-using-ajp

复制代码

vi /etc/httpd/conf.d/ssl.conf 添加如下内容 application1,application2代表tomcat应用,请替换

ProxyPass /application1 ajp://127.0.0.1/application1
ProxyPass /application2 ajp://127.0.0.1/application2
ProxyPassReverse /application1 ajp://127.0.0.1/application1
ProxyPassReverse /application2 ajp://127.0.0.1/application2

<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all

复制代码

vim /usr/share/tomcat/conf/server.xml


                 ||
 /

[work]

http://blog.csdn.net/lifetragedy/article/details/7699236

[解决[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed]

  原因:requests模块验证证书,自签名证书验证失败。

http://stackoverflow.com/questions/10667960/python-requests-throwing-up-sslerror

http://stackoverflow.com/questions/18999517/python-requests-certificate-verify-failed

http://www.python-requests.org/en/latest/user/advanced/

https://www.digicert.com/ssl-support/pem-ssl-creation.htm

http://viraj-workstuff.blogspot.jp/2011/07/python-httplib2-certificate-verify.html

方案一:

requests.get(url,verify=False)

方案二:

复制pem文件内容至/usr/lib/python2.7/site-packages/requests/cacert.pem

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值