部署apache2并实现ssl自动跳转
1. YUM安装
[root@ip-172-31-5-103 ~]# yum install httpd -y
2. 路径
| httpd |
解释 |
| /etc/httpd/ |
配置文件位置 |
| /var/www/html/ |
站点目录位置 |
| /var/log/httpd/ |
日志目录位置 |
| /usr/sbin/httpd |
命令所在位置 |
3. 修改配置文件
[root@ip-172-31-5-103 conf]# cat httpd.conf
#配置文件路径
ServerRoot "/etc/httpd"
#监听端口
Listen 80
#引用modules目录下的配置文件
Include conf.modules.d/*.conf
#指定用户用户组
User apache
Group apache
#管理员邮箱
ServerAdmin root@localhost
#指定服务器域名
ServerName cap.sinnet-cloud.cn:80
#应该是匹配默认url
<Directory />
AllowOverride none
Require all granted
</Directory>
#指定站点目录
DocumentRoot "/var/www/sinnet-cloud.cn/html"
#站点目录下权限设置 加了配置ssl认证
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
#新增
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#指定是什么为页面
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
===
<Files ".ht*">
Require all denied
</Files>
#日志路径
ErrorLog "logs/error_log"
#日志错误等级
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
<IfModule mod_http2.c>
Protocols h2 h2c http/1.1
</IfModule>
#这里又引用了虚拟主机的目录
IncludeOptional conf.d/*.conf
IncludeOptional conf/vhost/*.conf
4. 配置虚拟主机
[root@ip-172-31-5-103 conf]# cat vhost.conf
#匹配端口
<VirtualHost *:80>
#指定站点目录
DocumentRoot "/var/www/sinnet-cloud.cn/html"
#配置域名
ServerName cap.sinnet-cloud.cn
#设置url重写生效
RewriteEngine on
#rewrite的条件是访问的服务器端口不是443端口
RewriteCond %{SERVER_PORT} !^443$
#这是正则表达式,^是开头,$是结束,/?表示有没有/都可以(0或1个),(.*)是任何数量的任意字符
RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
整句的意思是讲:启动rewrite模块,将所有访问非443端口的域名请求,url地址内容不变,将http://变成https://。
</VirtualHost>
5. 配置ssl
#安装ssl模块
[root@ip-172-31-5-103 conf]# yum install mod_ssl -y
#安装完这个模块会生成一个ssl.conf文件
[root@ip-172-31-5-103 conf.d]# pwd
/etc/httpd/conf.d
[root@ip-172-31-5-103 conf.d]# ll
total 24
-rw-r--r--. 1 root root 2893 Jun 30 11:02 autoindex.conf
-rw-r--r--. 1 root root 366 Jun 30 11:02 README
-rw-r--r--. 1 root root 9423 Nov 15 04:42 ssl.conf
-rw-r--r--. 1 root root 1252 Jun 30 11:01 userdir.conf
[root@ip-172-31-5-103 conf.d]# cat ssl.conf
#找到这个部分
<VirtualHost *:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
#指定证书路径 找到这个路径或者自己创建 把证书放在这个目录下面
SSLCertificateFile /etc/digicert/cloud.cn.crt
SSLCertificateKeyFile /etc/digicert/zhengshu.key
6. 设置站点目录权限并启动服务
#可以自动校验配置文件是否正确
[root@ip-172-31-5-103 conf.d]# httpd -t
#YUM安装的会自动帮你生成一个apache用户
[root@ip-172-31-5-103 conf.d]# chown -R apache.apache /var/www
[root@ip-172-31-5-103 conf.d]# systemctl start httpd
[root@ip-172-31-5-103 conf.d]# systemctl enable httpd
#检查端口他会生成80端口与443端口
[root@ip-172-31-5-103 sinnet-cloud.cn]# ss -lntup | grep 'httpd'
tcp LISTEN 0 511 *:443 *:* users:(("httpd",pid=5161,fd=6),("httpd",pid=5160,fd=6),("httpd",pid=5154,fd=6),("httpd",pid=5112,fd=6),("httpd",pid=5111,fd=6),("httpd",pid=5110,fd=6),("httpd",pid=5109,fd=6),("httpd",pid=5108,fd=6),("httpd",pid=5106,fd=6))
tcp LISTEN 0 511 *:80 *:* users:(("httpd",pid=5161,fd=4),("httpd",pid=5160,fd=4),("httpd",pid=5154,fd=4),("httpd",pid=5112,fd=4),("httpd",pid=5111,fd=4),("httpd",pid=5110,fd=4),("httpd",pid=5109,fd=4),("httpd",pid=5108,fd=4),("httpd",pid=5106,fd=4))
#不要忘记做域名劫持哦
浙公网安备 33010602011771号