关于IT运维技术的
最佳实践博客网站

为Apache添加ssl_mod模块以支持HTTPS协议-配置文件

这里不讨论自签证书,所以还是去 WoSign SSL证书 申请一个免费的ssl证书。

Apache_ssl

然后 yum install mod_ssl 为Apache添加ssl模块

ssl默认配置文件在 vim /etc/httpsd/conf.d/ssl.conf

为虚拟主机添加证书以及301跳转到https(这里是在原实际生产环境下的配置,已经做了优化)

NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /usr/share/test/
ServerName www.test.com
ServerAdmin admin@test.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/pki/tls/certs/www.test.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.test.com.key
SSLCertificateChainFile /etc/pki/tls/certs/1_root_bundle.crt
ErrorLog logs/www.test.com-error.log
CustomLog logs/www.test.com-access.log commo
# mod_deflate:
<ifmodule mod_deflate.c>
DeflateCompressionLevel 6
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/php
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpsd-php
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/gif image/png image/jpe image/swf image/jpeg image/bmp
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI .(?:html|htm)$ no-gzip dont-varySetEnvIfNoCase
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .(?:pdf|doc)$ no-gzip dont-vary
</ifmodule>
#开启硬盘缓存
<IfModule mod_cache.c>
<IfModule mod_disk_cache.c>
CacheDefaultExpire 3600
CacheEnable disk /
CacheRoot "/opt/apicache/"
CacheDirLevels 5
CacheDirLength 3
CacheMaxFileSize 1000000
CacheMinFileSize 1
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod On
CacheIgnoreHeaders None
CacheLastModifiedFactor 0.1
CacheDefaultExpire 3600
CacheMaxExpire 86400
CacheStoreNoStore On
CacheStorePrivate On
</IfModule>
</IfModule>
</VirtualHost>
#根域名的https跳转到www的https
<VirtualHost *:443>
DocumentRoot /usr/share/test/
ServerName test.com
ServerAdmin admin@test.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/pki/tls/certs/test.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.com.key
SSLCertificateChainFile /etc/pki/tls/certs/test_com_root_bundle.crt
ErrorLog logs/test.com-error.log
CustomLog logs/test.com-access.log commo
RewriteEngine on
#RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
RewriteRule ^.*$ https://www.test.com/$1 [L,R]
</VirtualHost>
#所有https跳转到www的https
<VirtualHost *:80>
DocumentRoot /usr/share/test/
ServerName www.test.com
ServerAlias test.com
ServerAdmin admin@test.com
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
#RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
RewriteRule ^.*$ https://www.test.com/$1 [L,R]
</VirtualHost>
赞(0)
未经允许不得转载:菜鸟HOW站长 » 为Apache添加ssl_mod模块以支持HTTPS协议-配置文件
分享到: 更多 (0)

1
留下你的脚印

1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Recent comment authors
  订阅  
最新 最旧 得票最多
关注动态
过客

喜欢技术性的文章