Install SSL certificate on Apache server and configure http jump https tutorial

Keywords: SSL Apache Session Windows

Specific reference: Alicloud tutorial

This paper is a summary of pit falling

1. In the section of modifying httpd.conf configuration file, you need to make the following settings

#Loadmodule SSL ﹣ module modules / module ﹣ ssl.so ᦇ delete the comment symbol of configuration statement at the beginning of line ᦇ "load module ﹣ ssl.so to enable SSL service. Apache does not enable this module by default. If the configuration cannot be found, recompile the mod_ssl module.
#Include conf/extra/httpd-ssl.conf ා delete the configuration statement comment symbol "ා" at the beginning of the line.  
#Loadmodule socache? Shmcb? Module modules / module? Socache? Shmcb.so? Delete the comment symbol of the configuration statement at the beginning of the line

There is a third uncomment. When this statement is not opened, running apache will report an error

AH00526: Syntax error on line 92 of
/usr/local/apache/conf/extra/httpd-ssl.conf: SSLSessionCache: 'shmcb'
session cache not supported (known names: ). Maybe you need to load
the appropriate socache module (mod_socache_shmcb?).

2. Modify the httpd-ssl.conf configuration file section and add the following actions

<VirtualHost *:443>     
    ServerName   #Modify to the domain name www.YourDomainName1.com bound when applying for certificate.                    
    DocumentRoot  Set as site root         
    SSLEngine on   
    SSLProtocol all -SSLv2 -SSLv3 # Add SSL protocol support protocol and remove the insecure protocol.
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM   # Modify the encryption suite.
    SSLHonorCipherOrder on
    SSLCertificateFile cert/domain name1_public.crt   # Replace domain name1'public.crt with your certificate file name.
    SSLCertificateKeyFile cert/domain name1.key   # Replace domain name1.key with the key file name of your certificate.
    SSLCertificateChainFile cert/domain name1_chain.crt  # take domain name1_chain.crt Replace with the key file name of your certificate; the beginning of the certificate chain if any#Character, please delete.
</VirtualHost>

Added a description for the documentRoot section

3. Restart the Apache server to make the SSL configuration effective. The command I use is

service httpd restart

4. It doesn't work to set the HTTP request auto jump to HTTPS. I use the following methods

1) Make the following modules effective in httpd.conf file

LoadModule rewrite_module modules/mod_rewrite.so    #Open this module function

2) httpd.conf configuration file find the section of your website directory, modify AllowOverride None to AllowOverride All;

DocumentRoot "/data/vhosts"
<Directory "/data/vhosts">
    Options FollowSymLinks MultiViews Includes
    AllowOverride All
    Require all granted
</Directory>

Save and restart apache service

3) Add the file ". htaccess" directory access control file under the root directory of your website, and add the following content:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

The meaning is as follows: in order to let users access the traditional http: / / to https: / /, the following rewrite rules are used:
First sentence: start the rewrite engine
Second sentence: the condition of rewrite is that the server port accessed is not port 443
The fourth sentence: This is a regular expression. The whole sentence means: start the rewrite module, change all domain name requests to access non-443 ports, keep the url content unchanged, and change http: / / to https: / /.

Note: place a. htaccess file in your website directory. Note: under windows environment, you can't change the file name to. htaccess directly. You will be prompted to enter the file name. So we first create a new "new text document. txt" document, then open it in Notepad, choose Save as, save type as "all files (.), file name as". htaccess ", and save it. This generates a. htaccess file.

be accomplished!

Reference resources:
https://help.aliyun.com/document_detail/98727.html?spm=5176.2020520163.0.0.614d56a7JW7D2K
https://www.cnblogs.com/Crazy-Liu/p/11115681.html
https://blog.csdn.net/zhwxl_zyx/article/details/88338183

Published 4 original articles, won praise 0, visited 71
Private letter follow

Posted by uknowho008 on Sat, 14 Mar 2020 02:45:29 -0700