Ubuntu 7.1 server从无到有搭建全能WEB生产环境(六)

http://www.dingl.com/blog/archives/18
作者:丁令

作为生产环境,经常需要使用SSL来支持https协议,这部分主要为Apache增加SSL支持。

六、配置apache支持ssl:

1、修改Apache配置文件:
vi /usr/local/apache/conf/httpd.conf
确保两面这行没有被注释:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

再配置一个虚拟主机(可配置成xxx.dingl.com,根据购买的SSL证书设置):

ServerName www.dingl.com
DocumentRoot /home/dingl/jsp-web

ResinConfigServer localhost 6800

AddHandler caucho-request jsp
AddHandler caucho-request xtp
AddHandler caucho-request vm

2、修改ssl配置文件:
vi /usr/local/apache/conf/extra/httpd-ssl.conf
dingl.com修改成如下形式:

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache “shmcb:/usr/local/apache/logs/ssl_scache(512000)”
SSLSessionCacheTimeout 300

SSLMutex “file:/usr/local/apache/logs/ssl_mutex”

##
## SSL Virtual Host Context
##

# General setup for the virtual host
DocumentRoot “/home/dingl/jsp-web”
ServerName www.dingl.com:443
ServerAdmin you@example.com
ErrorLog “/usr/local/apache/logs/error_log”
TransferLog “/usr/local/apache/logs/access_log”

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile “/usr/local/apache/conf/dingl.com.crt”
#SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt”

SSLCertificateKeyFile “/usr/local/apache/conf/dingl.com.key”
#SSLCertificateKeyFile “/usr/local/apache/conf/server-dsa.key”

#SSLCertificateChainFile “/usr/local/apache/conf/server-ca.crt”

#SSLCACertificatePath “/usr/local/apache/conf/ssl.crt”
#SSLCACertificateFile “/usr/local/apache/conf/ssl.crt/ca-bundle.crt”

#SSLCARevocationPath “/usr/local/apache/conf/ssl.crl”
#SSLCARevocationFile “/usr/local/apache/conf/ssl.crl/ca-bundle.crl”

#SSLVerifyClient require
#SSLVerifyDepth 10
ResinConfigServer 127.0.0.1 6800

AddHandler caucho-request jsp
AddHandler caucho-request xtp
AddHandler caucho-request vm


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

BrowserMatch “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog “/usr/local/apache/logs/ssl_request_log” \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

这时即可通过http://www.dingl.com/访问了。

转载 http://forum.ubuntu.org.cn/viewtopic.php?t=93139

]]>

© 版权声明
THE END
喜欢就支持以下吧
点赞0
分享