阿里云服务器搭建完成环境之后,安装ssl教程(apache版)
前提:
1.搭建完成apache环境
2.已注册域名,且域名已与ssl证书绑定
3.下载对应服务器的证书(这里以apache为例):
其中包含【xxx.key】 【xxx_chain.crt】 【xxx_public.crt】三个文件
1.安装ssl
yum -y install mod_ssl openssl
2、上传证书
在/etc/httpd下创建cert文件夹,上传申请到的第三方证书到此文件夹中
3.修改配置文件ssl.conf
找到etc/httpd/conf.d/ssl.conf,使用vim /etc/httpd/conf.d/ssl.conf
指令进入
找到以下配置内容:
第一处修改:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/cert/yourFileName_public.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/cert/yourFileName.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /etc/httpd/cert/yourFileName_chain.crt
注意一定要将三处高亮部分(未注释)改成自己的三个证书文件,注意文件的后缀名一 一对应。
第二处修改:
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName www.xxxxx:443
xxxxx为你的域名
4.修改配置文件httpd.conf
找到etc/httpd/conf/httpd.conf,使用vim etc/httpd/conf/httpd.conf
指令进入
在末尾加上:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
"/etc/httpd/conf/httpd.conf" 357L, 11855C
效果如下图:
注意:阿里云官方文档上还需有以下修改:
#LoadModule ssl_module modules/mod_ssl.so #删除行首的配置语句注释符号“#”加载mod_ssl.so模块启用SSL服务,Apache默认是不启用该模块的。
#Include conf/extra/httpd-ssl.conf #删除行首的配置语句注释符号“#”。
但是,如果你的配置文件中没有#LoadModule ssl_module modules/mod_ssl.so和#Include conf/extra/httpd-ssl.conf 这两行配置切勿自己添加
切记:此配置文件只添加这三行,网上有很多个版本,但是经过自己尝试修改之后导致apache服务器无法启动,主要原因就是modules/mod_ssl.so无法在apache安装目录中找到。
最终效果: