LAMP强制使用HTTPS访问

本文以秋水逸冰的LAMP一键安装包为例,在安装完 LAMP 环境后,默认是没有加载 https 配置的,这里需要修改一下配置文件 /usr/local/apache/conf/httpd.conf ,找到下面的
#Include conf/extra/httpd-ssl.conf ,将前面的 # 去掉,保存。

我是在沃通申请的免费SSL证书,证书下发有3个文件,复制到 /root目录下。
再修改配置文件 /usr/local/apache/conf/extra/httpd-ssl.conf ,样板内容如下:

Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache  "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost *:443>
	DocumentRoot /data/www/default/
	ServerName teddysun.com
	ServerAlias www.teddysun.com
	ErrorLog "/usr/local/apache/logs/lamp_error_log"
	TransferLog "/usr/local/apache/logs/lamp_access_log"

	SSLEngine on
	SSLProtocol All -SSLv2 -SSLv3
	SSLHonorCipherOrder on
	SSLCipherSuite ALL:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

	SSLCertificateFile /usr/local/apache/conf/teddysun.crt
	SSLCertificateKeyFile /usr/local/apache/conf/teddysun.pem
	SSLCACertificateFile /usr/local/apache/conf/root.pem

	CustomLog "/usr/local/apache/logs/lamp_ssl_request_log" \
		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\""

	BrowserMatch "MSIE [2-5]" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0

	<Directory /data/www/default/>
		Options -Indexes +FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>

上述配置都修改完毕后,注意防火墙要放行 443 端口。查看防火墙状态:

/etc/init.d/iptables status

然后再重启 Apache ,命令:

/etc/init.d/httpd restart

强制使用https访问虚拟主机,在网站根目录下,重写 .htaccess 文件。包含以下内容:

RewriteEngine on
RewriteBase /
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

 

分享到:

0 条评论

昵称

沙发空缺中,还不快抢~