一、apache:
- 安装apache、ssl、openssl
yum -y install httpd httpd-pear mod_ssl openssl
- 生成证书文件
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.crt
此步骤需要输入一些证书信息:(如果不想输入,也可一路回车)
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default Company Ltd]:ccc
Organizational Unit Name (eg, section) []:bbb
Common Name (eg, your name or your server's hostname) []:www.test.com
Email Address []:a@a.com
- 移到证书文件到apache配置目录下
mv {server.key,server.crt} /etc/httpd/conf/
- 修改apache配置文件:
vim /etc/httpd/conf/httpd.conf
修改为刚才生成证书文件的路径 5. 测试: 6. 配置文件参考:
ServerRoot "/etc/httpd"
Listen 443
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName localhost:443
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Header set Access-Control-Allow-Origin *
Options Indexes FollowSymLinks
IndexStyleSheet "/css/style.css"
IndexOptions FancyIndexing HTMLTable ScanHTMLTitles FoldersFirst NameWidth=85 DescriptionWidth=128 IconWidth=16 IconHeight=16 VersionSort Charset=UTF-8
AllowOverride all
Require all granted
AcceptPathInfo on
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://dollar.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://*.dollar.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://dollar.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://*.dollar.com$ [NC]
RewriteRule .*.(gif|jpg|jpeg|swf|png|bmp)$ http://virtual.dollar.com/01.jpg [R,NC]
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType application/x-httpd-php .php .phtml .php3 .inc
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
<VirtualHost *:443>
ServerName virtual.dollar.com
DocumentRoot "/var/www/html/virtual/"
DirectoryIndex index.php index.html
<Directory "/var/www/html/virtual/">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
二、nginx:
- 生成私钥文件:
openssl genrsa -des3 -out server.key 2048
- 去除口令:
mv server.key server.key.back
openssl rsa -in server.key.back -out server.key
- 创建请求证书:
openssl req -new -key server.key -out server.csr
- 生成证书文件:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- 移动证书文件:
mv {server.key,server.crt} /etc/nginx/
- 修改nginx配置文件:
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
6. 测试: 7. 配置文件参考:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 443 default_server;
listen [::]:443 default_server;
server_name 192.168.8.82;
root /usr/share/nginx/html;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}