• 欢迎访问Ppabc博客网站,专注于Linux、CentOS、Apache、Nginx、MySQL、PHP等开源工具安装优化的技术博客,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入Ppabc博客
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏Ppabc博客吧

Ubuntu 7.1 server从无到有搭建全能WEB生产环境(六)

baidu空间 admin 11年前 (2008-03-16) 234次浏览

http://www.dingl.com/blog/archives/18
作者:丁令

作为生产环境,经常需要使用 SSL 来支持 https 协议,这部分主要为 Apache 增加 SSL 支持。

六、配置 apache 支持 ssl:

1、修改 Apache 配置文件:
vi /usr/local/apache/conf/httpd.conf
确保两面这行没有被注释:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

再配置一个虚拟主机(可配置成 xxx.dingl.com,根据购买的 SSL 证书设置):

ServerName http://www.dingl.com
DocumentRoot /home/dingl/jsp-web

ResinConfigServer localhost 6800

AddHandler caucho-request jsp
AddHandler caucho-request xtp
AddHandler caucho-request vm

2、修改 ssl 配置文件:
vi /usr/local/apache/conf/extra/httpd-ssl.conf
dingl.com 修改成如下形式:

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache “shmcb:/usr/local/apache/logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300

SSLMutex “file:/usr/local/apache/logs/ssl_mutex”

##
## SSL Virtual Host Context
##

# General setup for the virtual host
DocumentRoot “/home/dingl/jsp-web”
ServerName http://www.dingl.com:443
ServerAdmin you@example.com
ErrorLog “/usr/local/apache/logs/error_log”
TransferLog “/usr/local/apache/logs/access_log”

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile “/usr/local/apache/conf/dingl.com.crt”
#SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt”

SSLCertificateKeyFile “/usr/local/apache/conf/dingl.com.key”
#SSLCertificateKeyFile “/usr/local/apache/conf/server-dsa.key”

#SSLCertificateChainFile “/usr/local/apache/conf/server-ca.crt”

#SSLCACertificatePath “/usr/local/apache/conf/ssl.crt”
#SSLCACertificateFile “/usr/local/apache/conf/ssl.crt/ca-bundle.crt”

#SSLCARevocationPath “/usr/local/apache/conf/ssl.crl”
#SSLCARevocationFile “/usr/local/apache/conf/ssl.crl/ca-bundle.crl”

#SSLVerifyClient require
#SSLVerifyDepth 10
ResinConfigServer 127.0.0.1 6800

AddHandler caucho-request jsp
AddHandler caucho-request xtp
AddHandler caucho-request vm


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

BrowserMatch “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog “/usr/local/apache/logs/ssl_request_log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

这时即可通过http://www.dingl.com/访问了。

转载 http://forum.ubuntu.org.cn/viewtopic.php?t=93139

]]>


Selinux 中国 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:Ubuntu 7.1 server 从无到有搭建全能 WEB 生产环境(六)
喜欢 (0)