|
由于百度和谷歌等搜索引擎提倡开启HTTPS安全传输的链接方式。易采源码网近日也做了HTTPS链接方式。易采源码网采用的是upupw
apache版的服务器软件。那么今天分享一下upupw apache版的服务器软件如何开启HTTPS链接。废话不多说,直接上教程。。。。 首先到这里下在upupw apache服务器套件https://down.easck.com/software/33477.html 然后解压到您指定的分区里面比如D:\UPUPW\ 第一步: 复制UPUPW目录下面\Apache2\bin\目录下面的 libeay32.dll,openssl.exe,ssleay32.dll这三个文件到您的PHP目录里。 注:原版的UPUPW APACHE版的服务器套件,不论您怎么配置,即使您配置的都正确如果不复制这三个文件也启动不了Apache服务。所以这三个文件目前为止必须复制到PHP目录替换PHP目录里面的相同文件名的文件。 第二步: 上面的三个文件复制好之后 打开Apache2\conf\目录下面的httpd.conf文件 找到这两行 #LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf 去掉前面的#号,修改成 LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.conf 需要注意的是下面这两行代码 Listen 80 Include conf/httpd-listen.conf 如果这两行代码前面有#也请去掉。 然后保存 第三步 然后在打开Apache2\conf\目录下面的httpd-listen.conf文件 您会看到这样的文字 #Listen 81 #Listen 8080 我们增加一行代码 listen 443 变成 #Listen 81 #Listen 8080 listen 443 解释一下,#listen 81和#listen 8080不在服务器端口检测中 增加listen 443是为了让服务器对443端口进行检测和链接 如果您不开启443端口的检测即使您配置正确HTTPS也不能链接 修改好之后后保存 第四步 接下来我们在打开Apache2\conf\extra目录下面的httpd-ssl.conf文件 # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache) # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 443 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:logs/ssl_scache" SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost _default_:443> DocumentRoot "sslroot/" ServerName www.example.com:443 ServerAlias example.com ServerAdmin webmaster@example.com DirectoryIndex index.html index.htm index.php default.php app.php u.php ErrorLog logs/example_error.log CustomLog logs/example_access.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLEngine on SSLCertificateFile "conf/server.crt" SSLCertificateKeyFile "conf/server.key" <FilesMatch "\.(shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> 这是原版的httpd-ssl.conf文件内容 上面有个Listen 443对443端口检测的代码 我们把这段代码删除了 如果您不想删除这段代码那么httpd-listen.conf这个文件中的对443端口进行检测的代码也必须注释掉 在前面增加#号。。。 如果是原版的httpd-listen.conf文件 我们不需要做第三步的修改。。。 接下来我们增加HTTPS链接的主机:修改这段代码 <VirtualHost _default_:443> DocumentRoot "sslroot/" ServerName www.example.com:443 ServerAlias example.com ServerAdmin webmaster@example.com DirectoryIndex index.html index.htm index.php default.php app.php u.php ErrorLog logs/example_error.log CustomLog logs/example_access.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLEngine on SSLCertificateFile "conf/server.crt" SSLCertificateKeyFile "conf/server.key" <FilesMatch "\.(shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> 修改成: NameVirtualHost *:443 SSLStrictSNIVHostCheck off <VirtualHost _default_:443> DocumentRoot "D:/web/" (注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。) ServerName www.easck.com:443 (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。) ServerAlias www.easck.com (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。必须修改。) ServerAdmin admin@easck.com (注:admin@easck.com这是您的网站管理员邮箱。修改成您的网站管理员邮箱。可以不修改。) SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/Apache/www.crt" (注:www.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。文件名要求越短越好) SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/Apache/www.key" (注:www.key是您申请的Apache版本的SSL证书密匙文件和目录结构。可以修改目录结构和证书密匙文件名。文件名要求越短越好) SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt" (注:root_bundle.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。特别注意这个证书文件名root_bundle.crt不可以用www_bundle.crt这样的文件名。我测试www_bundle.crt这样的文件名不可以,启动不了Apache服务。必须是root_bundle.crt或者root_bundle1.crt,root_bundle2.crt这样的文件名称) <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/web/"> (注:D:/web/这也是您的网站目录。修改成您的网站目录) Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> 以上配置文件中(注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。)这样的字符和解释请您在修改好之后全部删除。否则启动不了Apache服务。 修改好之后后保存 以下复制我的httpd-ssl.conf文件内容以供您参考修改: # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache) # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:logs/ssl_scache" SSLSessionCache "shmcb:logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 NameVirtualHost *:443 SSLStrictSNIVHostCheck off #第一个子域名www.easck.com主机配置 <VirtualHost _default_:443> DocumentRoot "D:/www/" ServerName www.easck.com:443 ServerAlias www.easck.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/Apache/www.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/Apache/www.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/www/"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> #第二个以down.easck.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第三个主机相同。 <VirtualHost *:443> DocumentRoot "D:/down" ServerName down.easck.com:443 ServerAlias down.easck.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/down/down.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/down/down.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/down/root_bundle2.crt" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/down"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> #第三个以bbs.easck.com的主机配置,注意<VirtualHost *:443>这里与第一个主机不同但是和第二个主机相同。 <VirtualHost *:443> DocumentRoot "D:/bbs" ServerName bbs.easck.com:443 ServerAlias bbs.easck.com ServerAdmin you@example.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL SSLCertificateFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.crt" SSLCertificateKeyFile "D:/UPUPW_AP/Apache2/conf/bbs/bbs.key" SSLCertificateChainFile "D:/UPUPW_AP/Apache2/conf/bbs/root_bundle3.crt" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "D:/bbs"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> 复制以上这段代码到您的httpd-ssl.conf文件中并且修改响应的网站目录和域名之后就可以使用了。。如果你只有一个主机或者两个主机可以删除<VirtualHost *:443>。。。。。</VirtualHost>的内容 这个链接是官方给出的搭建HTTPS方法 http://php.upupw.net/bbs-read-run?tid=6351 但是不能使用。。。 同时不论是单主机还是多主机 都可以使用我给出的方法。。。。 原文链接:https://down.easck.com/science/2018/0418/35328.html |
|
|
沙发#
发布于:2018-04-24 15:23
感觉有点复杂的样子
|
|
|
|
板凳#
发布于:2018-05-07 11:36
命令行版本AP7.0按照这个修改,启动不起来,提示APACHE启动失败,比较头大
|
|
|
地板#
发布于:2018-05-10 16:57
忘江湖:命令行版本AP7.0按照这个修改,启动不起来,提示APACHE启动失败,比较头大回到原帖ap7.0版本没有亲测。。。具体也不知道怎么修改。。。这个教程是http://www.upupw.net/aphp52/n107.html这个版本的。有机会调试一下AP7.0的 |
|
|
4楼#
发布于:2018-05-10 16:58
gridf:ap7.0版本没有亲测。。。具体也不知道怎么修改。。。这个教程是http://www.upupw.net/aphp52/n107.html这个版本的。有机会调试一下AP7.0的回到原帖同时你也要注意,,,那个监听端口的问题 |
|
