一、准备工作
1.1 安装Apache服务器
yaml
#下载安装apache
yum install httpd -y
#启动apache服务
systemctl start httpd
systemctl enable httpd
#查看服务状态
netstat -lntp |grep http
1.2 Apache服务器上已经开启了443端口
443为HTTPS服务的默认端口
1.3 Apache服务器上已安装了mod_ssl.so模块
启用SSL功能,安装mod_ssl.so模块
yaml
yum install -y mod_ssl
1.4 获取SSL证书
二、配置apache
2.1 配置apache文件
vhost的域名配置文件.conf,在目录:/etc/httpd/conf.d
- HTTP配置:
xml
Listen 80
# 指定域名
ServerName www.example.com
# 指定文档根目录
DocumentRoot /var/www/html
# 是否启用访问日志
CustomLog /var/log/httpd/access.log combined
# 指定错误日志路径
ErrorLog /var/log/httpd/error.log
# 配置虚拟主机
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/project
# 访问权限
<Directory /var/www/html/project>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# 使用PHP解析器处理.php文件
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
# 定义PHP脚本的目录索引
DirectoryIndex index.php index.html
# 自定义错误页面
ErrorDocument 404 /error_404.html
# 设置HTTP头信息
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
</VirtualHost>
- HTTPS配置:
xml
<VirtualHost *:443> DocumentRoot /var/www/html/project ServerName www.cpayfinance.com ServerAlias www.cpayfinance.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/cpayfinance.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/cpayfinance.com//privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/cpayfinance.com//chain.pem
# 访问权限
<Directory /var/www/html/project>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# 使用PHP解析器处理.php文件
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
# 定义PHP脚本的目录索引
DirectoryIndex index.php index.html
# 自定义错误页面
ErrorDocument 404 /error_404.html
# 设置HTTP头信息
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block" </VirtualHost>
- HTTP & HTTPS 配置
xml
Listen 80
# 指定域名
ServerName www.cpayfinance.com
# 指定文档根目录
DocumentRoot /var/www/html
# 是否启用访问日志
CustomLog /var/log/httpd/access.log combined
# 指定错误日志路径
ErrorLog /var/log/httpd/error.log
# 配置虚拟主机
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/project
# 访问权限
<Directory /var/www/html/project>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# 使用PHP解析器处理.php文件
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
# 定义PHP脚本的目录索引
DirectoryIndex index.php index.html
# 自定义错误页面
ErrorDocument 404 /error_404.html
# 设置HTTP头信息
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/project
ServerName www.cpayfinance.com
ServerAlias www.cpayfinance.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cpayfinance.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cpayfinance.com//privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/cpayfinance.com//chain.pem
# 访问权限
<Directory /var/www/html/project>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# 使用PHP解析器处理.php文件
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
# 定义PHP脚本的目录索引
DirectoryIndex index.php index.html
# 自定义错误页面
ErrorDocument 404 /error_404.html
# 设置HTTP头信息
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
</VirtualHost>
- Apache 配置Https多个端口号映射
xml
// 通过下方简单配置
<VirtualHost *:443>
<Location /b8082> //这个可以自定义名称
ProxyPass http://127.0.0.1:8081
ProxyPassReverse http://127.0.0.1:8081
</Location>
<Location /b8081>
ProxyPass http://127.0.0.1:8082
ProxyPassReverse http://127.0.0.1:8082
</Location>
<Location /b8081/a>
ProxyPass http://127.0.0.1:8083
ProxyPassReverse http://127.0.0.1:8083
</Location>
</VirtualHost>
2.2 生效配置文件
- 查看配置文件是否正常
xml
# apachectl -t
Syntax OK
- 重启apache配置
xml
systemctl restart httpd