2020最新UPUPW5.4-APACHE搭建HTTPS网站教程
首先申请免费HTTPS证书
免费申请网站: https://freessl.cn/
由于百度和谷歌等搜索引擎提倡开启HTTPS安全传输的链接方式。易采源码网近日也做了HTTPS链接方式。易采源码网采用的是upupw apache版的服务器软件。那么今天分享一下upupw apache版的服务器软件如何开启HTTPS链接。废话不多说,直接上教程。。。。
首先到这里下在upupw apache服务器套件https://down.easck.com/software/33477.html
然后解压到您指定的分区里面比如D:\UPUPW\
第一步:
复制UPUPW目录下面\Apache2\bin\目录下面的 libeay32.dll,openssl.exe,ssleay32.dll这三个文件到您的PHP目录里。
注:原版的UPUPW APACHE版的服务器套件,不论您怎么配置,即使您配置的都正确如果不复制这三个文件也启动不了Apache服务。所以这三个文件目前为止必须复制到PHP目录替换PHP目录里面的相同文件名的文件。
第二步:
上面的三个文件复制好之后
打开Apache2\conf\目录下面的httpd.conf文件
找到这3行
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
去掉前面的#号,修改成
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
需要注意的是下面这两行代码
Listen 80
Include conf/httpd-listen.conf
如果这两行代码前面有#也请去掉。
然后保存
第三步
然后在打开Apache2\conf\目录下面的httpd-listen.conf文件
您会看到这样的文字
#Listen 81
#Listen 8080
我们增加一行代码
listen 443
变成
#Listen 81
#Listen 8080
listen 443
解释一下,#listen 81和#listen 8080不在服务器端口检测中
增加listen 443是为了让服务器对443端口进行检测和链接
如果您不开启443端口的检测即使您配置正确HTTPS也不能链接
修改好之后后保存
第四步
接下来我们在打开Apache2\conf\extra目录下面的httpd-ssl.conf文件
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They’re here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn’t
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy – if the server’s key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin’ is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache “dbm:logs/ssl_scache”
SSLSessionCache “shmcb:logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot “sslroot/”
ServerName www.example.com:443
ServerAlias example.com
ServerAdmin webmaster@example.com
DirectoryIndex index.html index.htm index.php default.php app.php u.php
ErrorLog logs/example_error.log
CustomLog logs/example_access.log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
SSLEngine on
SSLCertificateFile “conf/server.crt”
SSLCertificateKeyFile “conf/server.key”
<FilesMatch “\.(shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch “MSIE [2-5]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
这是原版的httpd-ssl.conf文件内容 上面有个Listen 443对443端口检测的代码 我们把这段代码删除了
如果您不想删除这段代码那么httpd-listen.conf这个文件中的对443端口进行检测的代码也必须注释掉 在前面增加#号。。。
如果是原版的httpd-listen.conf文件 我们不需要做第三步的修改。。。
接下来我们增加HTTPS链接的主机:修改这段代码
<VirtualHost _default_:443>
DocumentRoot “sslroot/”
ServerName www.example.com:443
ServerAlias example.com
ServerAdmin webmaster@example.com
DirectoryIndex index.html index.htm index.php default.php app.php u.php
ErrorLog logs/example_error.log
CustomLog logs/example_access.log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
SSLEngine on
SSLCertificateFile “conf/server.crt”
SSLCertificateKeyFile “conf/server.key”
<FilesMatch “\.(shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch “MSIE [2-5]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
修改成:
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
<VirtualHost _default_:443>
DocumentRoot “D:/web/” (注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。)
ServerName www.easck.com:443 (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。)
ServerAlias www.easck.com (注:www.easck.com:443这是您的网站域名。修改成您的网站域名。必须修改。)
ServerAdmin admin@easck.com (注:admin@easck.com这是您的网站管理员邮箱。修改成您的网站管理员邮箱。可以不修改。)
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
SSLCertificateFile “D:/UPUPW_AP/Apache2/conf/Apache/www.crt” (注:www.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。文件名要求越短越好)
SSLCertificateKeyFile “D:/UPUPW_AP/Apache2/conf/Apache/www.key” (注:www.key是您申请的Apache版本的SSL证书密匙文件和目录结构。可以修改目录结构和证书密匙文件名。文件名要求越短越好)
SSLCertificateChainFile “D:/UPUPW_AP/Apache2/conf/Apache/root_bundle.crt” (注:root_bundle.crt是您申请的Apache版本的SSL证书文件和目录结构。可以修改目录结构和证书文件名。特别注意这个证书文件名root_bundle.crt不可以用www_bundle.crt这样的文件名。我测试www_bundle.crt这样的文件名不可以,启动不了Apache服务。必须是root_bundle.crt或者root_bundle1.crt,root_bundle2.crt这样的文件名称)
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory “D:/web/”> (注:D:/web/这也是您的网站目录。修改成您的网站目录)
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
以上配置文件中(注:D:/web/这是您的网站目录。修改成您的网站目录。必须修改。)这样的字符和解释请您在修改好之后全部删除。否则启动不了Apache服务。
修改好之后后保存
以下复制我的httpd-ssl.conf文件内容以供您参考修改:
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They’re here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn’t
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy – if the server’s key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin’ is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache “dbm:logs/ssl_scache”
SSLSessionCache “shmcb:logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300
NameVirtualHost *:443
SSLStrictSNIVHostCheck off
#第一个子域名www.fa188.top主机配置
<VirtualHost _default_:443>
DocumentRoot “D:/UPUPW_AP5.4/vhosts/web”
ServerName www.fa188.top:443
ServerAlias www.fa188.top
ServerAdmin you@fa188.top
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
SSLCertificateFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top.crt”
SSLCertificateKeyFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top_key.key”
SSLCertificateChainFile “D:/UPUPW_AP5.4/Apache2/conf/ca_bundle.crt”
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory “D:/UPUPW_AP5.4/vhosts/web”>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
#第2个子域名m.fa188.top主机配置
<VirtualHost *:443>
DocumentRoot “D:/UPUPW_AP5.4/vhosts/m”
ServerName m.fa188.top:443
ServerAlias m.fa188.top
ServerAdmin you@fa188.top
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
SSLCertificateFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top.crt”
SSLCertificateKeyFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top_key.key”
SSLCertificateChainFile “D:/UPUPW_AP5.4/Apache2/conf/ca_bundle.crt”
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory “D:/UPUPW_AP5.4/vhosts/m”>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
#第3个子域名admin123.fa188.top主机配置
<VirtualHost *:443>
DocumentRoot “D:/UPUPW_AP5.4/vhosts/admin”
ServerName admin123.fa188.top:443
ServerAlias admin123.fa188.top
ServerAdmin you@fa188.top
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!aNULL:!eNULL
SSLCertificateFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top.crt”
SSLCertificateKeyFile “D:/UPUPW_AP5.4/Apache2/conf/fa188.top_key.key”
SSLCertificateChainFile “D:/UPUPW_AP5.4/Apache2/conf/ca_bundle.crt”
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory “D:/UPUPW_AP5.4/vhosts/admin”>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
复制以上这段代码到您的httpd-ssl.conf文件中并且修改响应的网站目录和域名之后就可以使用了。。如果你只有一个主机或者两个主机可以删除<VirtualHost *:443>。。。。。</VirtualHost>的内容
这个链接是官方给出的搭建HTTPS方法 http://php.upupw.net/bbs-read-run?tid=6351 但是不能使用。。。
同时不论是单主机还是多主机 都可以使用我给出的方法。。。。
apache 启用 https,访问提示 403 forbidden
apache 用的是 2.4+版本,需要在网站单独配置文件里加上 Require all granted 才行。这条命令是 apache2.4 新增加的,用以替代 allow,deny 以及 order 指令。
<Directory “/data/wwwroot/www.chanzhicms.com”>
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
Require all granted
</Directory>
apache环境为例子(windows系统的WAMP环境亦可参考)
根目录建立.htaccess文件。内容如下
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
Apache服务器:
如果需要整站跳转,则在网站的配置文件的<Directory>标签内,键入以下内容:
RewriteEngine onRewriteCond %{SERVER_PORT} !^443$RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]
如果对某个目录做https强制跳转,则复制以下代码:
RewriteEngine onRewriteBase /yourfolderRewriteCond %{SERVER_PORT} !^443$#RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
如果只需要对某个网页进行https跳转,可以使用redirect 301来做跳转!redirect 301 /你的网页 https://你的主机+网页
本文链接:https://my.lmcjl.com/post/18928.html
4 评论