apache、nginx配置自签名证书

原创

Lee_吉 2018-01-05 07:18:16 ©著作权

©著作权归作者所有：来自51CTO博客作者Lee_吉的原创作品，请联系作者获取转载授权，否则将追究法律责任

一、apache：

安装apache、ssl、openssl

yum  -y  install  httpd  httpd-pear  mod_ssl  openssl

生成证书文件

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.crt

此步骤需要输入一些证书信息：（如果不想输入，也可一路回车）

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default Company Ltd]:ccc
Organizational Unit Name (eg, section) []:bbb
Common Name (eg, your name or your server's hostname) []:www.test.com
Email Address []:a@a.com

mv  {server.key,server.crt}  /etc/httpd/conf/

修改apache配置文件：

vim  /etc/httpd/conf/httpd.conf

修改为刚才生成证书文件的路径 5. 测试： 6. 配置文件参考：

ServerRoot "/etc/httpd"
Listen 443
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName localhost:443
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Header set Access-Control-Allow-Origin *
    Options Indexes FollowSymLinks
    IndexStyleSheet "/css/style.css"
    IndexOptions FancyIndexing HTMLTable ScanHTMLTitles FoldersFirst NameWidth=85 DescriptionWidth=128 IconWidth=16 IconHeight=16 VersionSort Charset=UTF-8
    AllowOverride all
    Require all granted
    AcceptPathInfo on
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://dollar.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://*.dollar.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://dollar.com$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://*.dollar.com$ [NC]
    RewriteRule .*.(gif|jpg|jpeg|swf|png|bmp)$ http://virtual.dollar.com/01.jpg [R,NC]
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddType application/x-httpd-php .php .phtml .php3 .inc
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
<VirtualHost *:443>
    ServerName virtual.dollar.com
    DocumentRoot "/var/www/html/virtual/"
    DirectoryIndex index.php index.html
    <Directory "/var/www/html/virtual/">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

二、nginx：

生成私钥文件：

openssl genrsa -des3 -out server.key 2048

去除口令：

mv server.key server.key.back
openssl rsa -in server.key.back -out server.key

创建请求证书：

openssl req -new -key server.key -out server.csr

生成证书文件：

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

移动证书文件：

mv  {server.key,server.crt}  /etc/nginx/

修改nginx配置文件：

ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;

6. 测试： 7. 配置文件参考：

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       443 default_server;
        listen       [::]:443 default_server;
        server_name  192.168.8.82;
        root         /usr/share/nginx/html;
        ssl on;
        ssl_certificate /etc/nginx/server.crt;
        ssl_certificate_key /etc/nginx/server.key;
        include /etc/nginx/default.d/*.conf;
        location / {
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}