先申请证书,参考博客:
1.安装apacheyum install -y httpd
2.接下来我们要为apache启用ssl,首先我们需要为Apache安装mod_ssl模块提供TLS/SSL功能:
https是通过mod_ssl实现的,因此检查并安装mod_ssl:[root@host ~]# ls /etc/httpd/modules/ | grep "mod_ssl" #默认没有安装mod_ssl
[root@host ~]# yum list all mod_ssl #查看mod_ssl的安装包信息
[root@host ~]# yum install -y mod_ssl #安装mod_ssl
检查mod_ssl是安装结果[root@host ~]# rpm -qc mod_ssl
/etc/httpd/conf.d/ssl.conf #mod_ssl的配置文件存放位置
/etc/httpd/conf.modules.d/00-ssl.conf
3.在Apache的安装目录新建ssl文件夹mkdir /etc/httpd/conf/ssl
4.将申请的证书上传到ssl目录中
进入到/etc/httpd/conf.d目录编辑ssl配置文件vim /etc/httpd/conf.d/ssl.conf #编辑SSL配置文件
pem文件及key文件的路径,根据自己的真实环境来定义# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/conf/ssl/full_chain.pem
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl/private.key
配置完成后,重启Apache便可通过thhps访问了
设置自动将http跳转到https
1.修改Apache的配置文件vim /etc/httpd/conf/httpd.conf
AllowOverride All #这里原先是None要改为All
2.在网站根目录下创建.htaccess文件,在最下面添加写入如下语句:RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
重启Apache即可